typo3

361 tracked vulnerabilities.

CVE-2020-15099 HIGH
TYPO3 CMS >=9.0.0 <9.5.20, >=10.0.0 <10.4.6 - Info Disclosure
Jul 29, 2020
CVSS 8.1
EPSS 0.02
CVE-2020-15098 HIGH
TYPO3 CMS >=9.0.0 <9.5.20, >=10.0.0 <10.4.6 - RCE
Jul 29, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-15086 CRITICAL
mediace 7.6.2-7.6.4 - Authenticated Remote Code Execution via Checksum Verification Bypass
Jul 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-11069 HIGH
TYPO3 CMS 9.0.0-9.5.16 and 10.0.0-10.4.1 - Same-Site Request Forgery via Malicious Uploaded Resource
May 14, 2020
CVSS 8.0
EPSS 0.01
CVE-2020-11067 HIGH
TYPO3 CMS <9.5.16, <10.4.1 - Code Injection
May 14, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-11066 HIGH
TYPO3 CMS >=9.0.0 <9.5.17, >=10.0.0 <10.4.2 - Code Injection
May 14, 2020
CVSS 8.7
EPSS 0.01
CVE-2020-11065 MEDIUM
TYPO3 CMS >=9.5.12 <9.5.17, >=10.2.0 <10.4.2 - XSS
May 13, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-11064 MEDIUM
TYPO3 CMS >=9.0.0 <9.5.17, >=10.0.0 <10.4.2 - XSS
May 13, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-11063 LOW
TYPO3 CMS <10.4.1 - Info Disclosure
May 13, 2020
CVSS 3.7
EPSS 0.01
CVE-2020-11070 MEDIUM
TYPO3 SVG Sanitizer < 1.0.3 - Cross-Site Scripting via Invalid SVG Markup
May 13, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-8091 MEDIUM
TYPO3 6.2.0-6.2.38 ELTS and 7.0.0-7.1.0 - Unauthenticated Cross-Site Scripting via svg.swf
Jan 27, 2020
CVSS 6.1
EPSS 0.05
CVE-2019-19850 HIGH
TYPO3 < 8.7.30 - Authenticated SQL Injection in QueryGenerator
Dec 17, 2019
CVSS 7.2
EPSS 0.01
CVE-2019-19849 HIGH
TYPO3 < 8.7.30, 9.x < 9.5.12, 10.x < 10.2.2 - Authenticated Remote Code Execution via Insecure Deserialization
Dec 17, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-19848 HIGH
TYPO3 < 8.7.30, 9.x < 9.5.12, 10.x < 10.2.2 - Authenticated Path Traversal via Extension Manager ZIP Extraction
Dec 17, 2019
CVSS 7.2
EPSS 0.01
CVE-2019-12748 MEDIUM
TYPO3 8.3.0-8.7.26 and 9.0.0-9.5.7 - Cross-Site Scripting
Jul 09, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-12747 HIGH
TYPO3 8.3.0-8.7.26 and 9.x-9.5.7 - Deserialization of Untrusted Data
Jul 09, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10912 HIGH
Symfony < 2.8.50, 3.x < 3.4.26, 4.x < 4.1.12, 4.2.x < 4.2.7 - Arbitrary File Deletion via Unsafe Object Caching
May 16, 2019
CVSS 7.1
EPSS 0.02
CVE-2019-11832 HIGH
TYPO3 8.0.0-8.7.24 and 9.0.0-9.5.5 - Remote Code Execution via Image Processing Configuration
May 09, 2019
CVSS 7.5
EPSS 0.04
CVE-2019-11831 CRITICAL
PharStreamWrapper <2.1.1-3.1.1 - Path Traversal
May 09, 2019
CVSS 9.8
EPSS 0.06
CVE-2019-11830 CRITICAL
PharStreamWrapper <2.1.1-3.1.1 - Deserialization
May 09, 2019
CVSS 9.8
EPSS 0.03
CVE-2018-17960 MEDIUM
CKEditor 4.0-4.10.1 - Stored Cross-Site Scripting via Source-Mode Paste
Nov 14, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-14041 MEDIUM
Bootstrap 4.0.0-4.1.1 - Cross-Site Scripting via Scrollspy Data-Target Property
Jul 13, 2018
CVSS 6.1
EPSS 0.04
CVE-2018-6905 MEDIUM
TYPO3 < 8.7.11 and 9.1.0 - Stored Cross-Site Scripting via Site Name Configuration
Apr 08, 2018
CVSS 4.8
EPSS 0.02
CVE-2017-14251 HIGH
TYPO3 7.6.0-7.6.21, 8.0.0-8.7.4 - RCE
Sep 11, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-6370 MEDIUM
TYPO3 7.6.15 - Cleartext Transmission of Sensitive Information via Login Provider Request
Mar 17, 2017
CVSS 5.3
EPSS 0.01