typo3

361 tracked vulnerabilities.

CVE-2022-31049 MEDIUM
TYPO3 <9.5.34 ELTS, <10.4.29, <11.5.11 - Info Disclosure
Jun 14, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-31048 MEDIUM
TYPO3 <8.7.47 ELTS, <9.5.34 ELTS, <10.4.29, <11.5.11 - XSS
Jun 14, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-31047 MEDIUM
TYPO3 <7.6.57 ELTS, <8.7.47 ELTS, <9.5.34 ELTS, <10.4.29, <11.5.11 ...
Jun 14, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31046 MEDIUM
TYPO3 <7.6.57 ELTS, <8.7.47 ELTS, <9.5.34 ELTS, <10.4.29, <11.5.11 ...
Jun 14, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-41114 MEDIUM
TYPO3 11.0.0-11.5.0 - Host Header Spoofing via trustedHostsPattern Regression
Oct 05, 2021
CVSS 4.8
EPSS 0.01
CVE-2021-41113 HIGH
TYPO3 11.2.0-11.4.99 - Cross-Site Request Forgery via Deep Link Sharing
Oct 05, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-32768 MEDIUM
TYPO3 7.0.0-7.6.52, 9.0.0-9.5.28, 10.0.0-10.4.19 - Cross-Site Scripting via Rich-Text Content Rendering
Aug 10, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-32767 MEDIUM
TYPO3 <9.5.27, <10.4.17, <11.3.0 - Info Disclosure
Jul 20, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-32669 MEDIUM
TYPO3 9.0.0-9.5.28 10.0.0-10.4.17 11.0.0-11.3.0 - Authenticated Stored Cross-Site Scripting in Backend Layout Grid View
Jul 20, 2021
CVSS 6.4
EPSS 0.01
CVE-2021-32668 MEDIUM
TYPO3 9.0.0-9.5.28, 10.0.0-10.4.17, 11.0.0-11.3.0 - Authenticated XSS in QueryGenerator and QueryView
Jul 20, 2021
CVSS 6.4
EPSS 0.01
CVE-2021-32667 MEDIUM
TYPO3 9.0.0-9.5.28, 10.0.0-10.4.17, 11.0.0-11.3.0 - Authenticated Stored Cross-Site Scripting in Page TSconfig
Jul 20, 2021
CVSS 6.4
EPSS 0.01
CVE-2021-21365 MEDIUM
Typo3 < 7.1.2 - XSS
Apr 27, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21370 MEDIUM
TYPO3 < 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Authenticated Cross-Site Scripting in Menu Content Element Preview
Mar 23, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21359 MEDIUM
TYPO3 <9.5.25, 10.4.14, 11.1.1 - DoS
Mar 23, 2021
CVSS 5.9
EPSS 0.02
CVE-2021-21358 MEDIUM
TYPO3 < 10.4.14 - Authenticated Stored Cross-Site Scripting in Form Designer Module
Mar 23, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21357 HIGH
TYPO3 < 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Authenticated Path Traversal and Arbitrary File Write via Form Designer Module
Mar 23, 2021
CVSS 8.3
EPSS 0.02
CVE-2021-21355 HIGH
TYPO3 <8.7.40, 9.5.25, 10.4.14, 11.1.1 - Info Disclosure
Mar 23, 2021
CVSS 8.6
EPSS 0.02
CVE-2021-21340 MEDIUM
TYPO3 10.0.0-10.4.13 - Authenticated Stored Cross-Site Scripting in Description Column Preview
Mar 23, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21339 MEDIUM
TYPO3 < 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Cleartext Session Identifiers
Mar 23, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-21338 MEDIUM
TYPO3 < 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Unauthenticated Open Redirect via Login Handling
Mar 23, 2021
CVSS 4.7
EPSS 0.01
CVE-2020-26229 LOW
TYPO3 10.4.0-10.4.9 - Authenticated XML External Entity Injection in RSS Widgets
Nov 23, 2020
CVSS 3.7
EPSS 0.01
CVE-2020-26228 HIGH
TYPO3 9.0.0-9.5.22 and 10.0.0-10.4.9 - Cleartext Storage of Sensitive Information
Nov 23, 2020
CVSS 8.1
EPSS 0.01
CVE-2020-26227 MEDIUM
TYPO3 6.2.0-6.2.53, 9.0.0-9.5.22, 10.0.0-10.4.9 - Cross-Site Scripting via Fluid View Helper Argument
Nov 23, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-26216 HIGH
TYPO3 Fluid < 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11, 2.6.10 - Cross-Site Scripting
Nov 17, 2020
CVSS 8.0
EPSS 0.01
CVE-2020-15241 MEDIUM
TYPO3 Fluid Engine <2.0.5-2.6.1 - XSS
Oct 08, 2020
CVSS 4.7
EPSS 0.01