typo3

361 tracked vulnerabilities.

CVE-2024-25121 HIGH
TYPO3 8.0.0-8.7.56 - Authenticated Improper Access Control in File Abstraction Layer
Feb 13, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-25120 MEDIUM
TYPO3 Core - Unauthorized Resource Access via t3:// URI Scheme
Feb 13, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-25119 MEDIUM
TYPO3 8.0.0-8.7.56 - Authenticated Exposure of Sensitive Information via Install Tool Editing Forms
Feb 13, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-25118 MEDIUM
TYPO3 <8.7.57-13.0.1 - Info Disclosure
Feb 13, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-30451 MEDIUM
TYPO3 11.5.24 - Authenticated Path Traversal via Filelist BaseURI Parameter
Dec 25, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-47127 MEDIUM
TYPO3 8.0.0-8.7.54, 11.0.0-11.5.32 - Authentication Bypass via Session Cookie Reuse
Nov 14, 2023
CVSS 4.2
EPSS 0.01
CVE-2023-47126 LOW
TYPO3 12.2.0-12.4.7 - Unauthenticated Sensitive Information Exposure via Install Tool Login Screen
Nov 14, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-47125 MEDIUM
TYPO3 html_sanitizer < 1.5.3 - Cross-Site Scripting via DOM Processing Instruction Bypass
Nov 14, 2023
CVSS 4.7
EPSS 0.01
CVE-2023-38500 MEDIUM
TYPO3 HTML Sanitizer <1.5.1-2.1.2 - Auth Bypass
Jul 25, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-38499 LOW
TYPO3 <9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 - Info Disclosure
Jul 25, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-24814 HIGH
TYPO3 8.7.0-8.7.50, 10.0.0-10.4.34, 11.0.0-11.5.22, 12.0.0-12.1.9 - Persisted XSS via PATH_INFO Injection
Feb 07, 2023
CVSS 8.8
EPSS 0.01
CVE-2022-47406 MEDIUM
Change password for frontend users < 2.0.5 and 3.0.0-3.0.3 - Insufficient Session Expiration
Dec 14, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-23504 MEDIUM
TYPO3 < 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Sensitive Information Disclosure via YAML Placeholder Expressions
Dec 14, 2022
CVSS 5.7
EPSS 0.01
CVE-2022-23503 HIGH
TYPO3 < 8.7.49, 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Authenticated Code Injection via Form Designer TypoScript
Dec 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23502 MEDIUM
TYPO3 10.0.0-10.4.32 - Insufficient Session Expiration in Password Recovery
Dec 14, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-23501 MEDIUM
TYPO3 < 8.7.49, 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Improper Authentication via Username Ambiguity
Dec 14, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-23500 MEDIUM
TYPO3 <9.5.38, 10.4.33, 11.5.20, 12.1.1 - DoS
Dec 14, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-23499 MEDIUM
TYPO3 html_sanitizer < 1.5.0 and 2.0.0-2.0.10 - Cross-Site Scripting via CDATA Section Bypass
Dec 13, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-36108 MEDIUM
TYPO3 10.0.0-10.4.31 - Cross-Site Scripting via f:asset.css View Helper
Sep 13, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-36107 MEDIUM
TYPO3 7.0.0-7.6.57, 10.0.0-10.4.31 - Authenticated Cross-Site Scripting in FileDumpController
Sep 13, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-36106 MEDIUM
TYPO3 <10.4.31, <11.5.15 - Info Disclosure
Sep 13, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-36105 MEDIUM
TYPO3 7.0.0-7.6.57, 10.0.0-10.4.31 - User Enumeration via Authentication Timing Discrepancy
Sep 13, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-36104 MEDIUM
TYPO3 CMS 11.4.0 through 11.5.15 - Denial of Service via Recursive Page Error Handler
Sep 13, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-36020 MEDIUM
typo3/html-sanitizer < 1.0.7 - Cross-Site Scripting via HTML Comment Parsing Bypass
Sep 13, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-31050 MEDIUM
TYPO3 <9.5.34 ELTS, <10.4.29, <11.5.11 - Info Disclosure
Jun 14, 2022
CVSS 6.0
EPSS 0.01