typo3
361 tracked vulnerabilities.
CVE-2024-25121
HIGH
TYPO3 8.0.0-8.7.56 - Authenticated Improper Access Control in File Abstraction Layer
Feb 13, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-25120
MEDIUM
TYPO3 Core - Unauthorized Resource Access via t3:// URI Scheme
Feb 13, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-25119
MEDIUM
TYPO3 8.0.0-8.7.56 - Authenticated Exposure of Sensitive Information via Install Tool Editing Forms
Feb 13, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-25118
MEDIUM
TYPO3 <8.7.57-13.0.1 - Info Disclosure
Feb 13, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-30451
MEDIUM
TYPO3 11.5.24 - Authenticated Path Traversal via Filelist BaseURI Parameter
Dec 25, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-47127
MEDIUM
TYPO3 8.0.0-8.7.54, 11.0.0-11.5.32 - Authentication Bypass via Session Cookie Reuse
Nov 14, 2023
CVSS 4.2
EPSS 0.01
CVE-2023-47126
LOW
TYPO3 12.2.0-12.4.7 - Unauthenticated Sensitive Information Exposure via Install Tool Login Screen
Nov 14, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-47125
MEDIUM
TYPO3 html_sanitizer < 1.5.3 - Cross-Site Scripting via DOM Processing Instruction Bypass
Nov 14, 2023
CVSS 4.7
EPSS 0.01
CVE-2023-38500
MEDIUM
TYPO3 HTML Sanitizer <1.5.1-2.1.2 - Auth Bypass
Jul 25, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-38499
LOW
TYPO3 <9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 - Info Disclosure
Jul 25, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-24814
HIGH
TYPO3 8.7.0-8.7.50, 10.0.0-10.4.34, 11.0.0-11.5.22, 12.0.0-12.1.9 - Persisted XSS via PATH_INFO Injection
Feb 07, 2023
CVSS 8.8
EPSS 0.01
CVE-2022-47406
MEDIUM
Change password for frontend users < 2.0.5 and 3.0.0-3.0.3 - Insufficient Session Expiration
Dec 14, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-23504
MEDIUM
TYPO3 < 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Sensitive Information Disclosure via YAML Placeholder Expressions
Dec 14, 2022
CVSS 5.7
EPSS 0.01
CVE-2022-23503
HIGH
TYPO3 < 8.7.49, 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Authenticated Code Injection via Form Designer TypoScript
Dec 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23502
MEDIUM
TYPO3 10.0.0-10.4.32 - Insufficient Session Expiration in Password Recovery
Dec 14, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-23501
MEDIUM
TYPO3 < 8.7.49, 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Improper Authentication via Username Ambiguity
Dec 14, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-23500
MEDIUM
TYPO3 <9.5.38, 10.4.33, 11.5.20, 12.1.1 - DoS
Dec 14, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-23499
MEDIUM
TYPO3 html_sanitizer < 1.5.0 and 2.0.0-2.0.10 - Cross-Site Scripting via CDATA Section Bypass
Dec 13, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-36108
MEDIUM
TYPO3 10.0.0-10.4.31 - Cross-Site Scripting via f:asset.css View Helper
Sep 13, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-36107
MEDIUM
TYPO3 7.0.0-7.6.57, 10.0.0-10.4.31 - Authenticated Cross-Site Scripting in FileDumpController
Sep 13, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-36106
MEDIUM
TYPO3 <10.4.31, <11.5.15 - Info Disclosure
Sep 13, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-36105
MEDIUM
TYPO3 7.0.0-7.6.57, 10.0.0-10.4.31 - User Enumeration via Authentication Timing Discrepancy
Sep 13, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-36104
MEDIUM
TYPO3 CMS 11.4.0 through 11.5.15 - Denial of Service via Recursive Page Error Handler
Sep 13, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-36020
MEDIUM
typo3/html-sanitizer < 1.0.7 - Cross-Site Scripting via HTML Comment Parsing Bypass
Sep 13, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-31050
MEDIUM
TYPO3 <9.5.34 ELTS, <10.4.29, <11.5.11 - Info Disclosure
Jun 14, 2022
CVSS 6.0
EPSS 0.01
Products
typo3 218
cms 116
cms-core 98
cms-backend 24
TYPO3 CMS 14
cms-form 7
cms-install 6
html-sanitizer 6
cms-frontend 4
dam_frontend_extension 4
html_sanitizer 4
wec_discussion_forum 4
Extension "Faceted Search" 3
cms-recycler 3
pdf_generator_2_extension 3
Extension "Mailqueue" 2
HTML Sanitizer 2
address_directory 2
air_filemanager 2
beuserswitch 2
cms-beuser 2
cms-dashboard 2
cms-indexed-search 2
cms-workspaces 2
commerce_extension 2
eluna_page_comments_extension 2
ns backup extension 2
phar-stream-wrapper 2
pharstreamwrapper 2
sql_frontend_extension 2
Quick Filters