Search for packages
| purl | pkg:composer/typo3/cms@7.3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1ng4-5tkh-g7h5
Aliases: TYPO3-CORE-SA-2015-011 |
Multiple Cross-Site Scripting vulnerabilities in backend Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript. |
Affected by 87 other vulnerabilities. |
|
VCID-28bf-jvah-zkhw
Aliases: 2018-07-12-1 |
Improper Authentication Authentication Bypass in TYPO3 CMS. |
Affected by 26 other vulnerabilities. Affected by 68 other vulnerabilities. Affected by 84 other vulnerabilities. |
|
VCID-2rhx-afay-97da
Aliases: GMS-2015-25 |
Unauthenticated Path Disclosure It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation. |
Affected by 44 other vulnerabilities. |
|
VCID-5jgb-dsyx-hyb4
Aliases: CVE-2021-21338 GHSA-4jhw-2p6j-5wmp |
Open Redirection in Login Handling ### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001) |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-5paq-5frf-43ed
Aliases: CVE-2022-36107 GHSA-9c6w-55cp-5w25 |
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0) ### Problem It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009) * [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days) |
Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-6b5q-vzs3-pkcc
Aliases: GHSA-f777-f784-36gm |
TYPO3 Security Misconfiguration in Install Tool Cookie It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-6gms-w48j-4ffh
Aliases: GHSA-4r76-xr68-w7m7 |
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts. |
Affected by 47 other vulnerabilities. |
|
VCID-6pvx-1qan-ukef
Aliases: CVE-2015-8759 GHSA-j5v7-9xr5-m7gx |
TYPO3 Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field. |
Affected by 87 other vulnerabilities. |
|
VCID-6spw-66jg-syb1
Aliases: CVE-2013-7341 GHSA-j6c3-3c4w-qv8p |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. |
Affected by 47 other vulnerabilities. |
|
VCID-7zx9-8afq-y3hc
Aliases: GHSA-r287-hc8j-w56h |
TYPO3 Information Disclosure Vulnerability Exploitable by Editors It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account is needed to exploit this vulnerability. |
Affected by 47 other vulnerabilities. |
|
VCID-b5ht-z6zp-pbht
Aliases: CVE-2015-5956 GHSA-989h-wv8x-933p |
Cross-Site Scripting Vulnerability It has been discovered, that it is possible to forge a link to a backend module, which contains a JavaScript payload. This JavaScript is executed, if an authenticated editor with access to the module follows the link that, is tricked to click on a certain HTML target. Because TYPO3 include a secret token unknown to an attacker in every URL, an exploit would not be feasible for these versions. |
Affected by 44 other vulnerabilities. |
|
VCID-bajy-qbwq-fufn
Aliases: CVE-2022-31047 GHSA-fh99-4pgr-8j99 |
Insertion of Sensitive Information into Log File in typo3/cms-core > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace. ### Solution Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. ### Credits Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002) |
Affected by 12 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-bnne-7p2q-eqd2
Aliases: 2018-12-11-6 |
Uncontrolled Resource Consumption Denial of Service in Online Media Asset Handling. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-buax-rz7x-r7c2
Aliases: GHSA-6fc6-cj2j-h22x |
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML. |
Affected by 87 other vulnerabilities. |
|
VCID-bxjw-7426-gyb8
Aliases: GHSA-6f9m-v7mp-7jjq |
Authentication Bypass in TYPO3 CMS It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable. |
Affected by 26 other vulnerabilities. Affected by 68 other vulnerabilities. Affected by 84 other vulnerabilities. |
|
VCID-cczn-x8q7-k7ba
Aliases: 2015-12-15-2 |
Cross-site Scripting Cross-Site Scripting vulnerability in typolinks. |
Affected by 87 other vulnerabilities. |
|
VCID-cjgc-q6p5-2ydc
Aliases: 2015-12-15-3 |
Cross-site Scripting Multiple Cross-Site Scripting vulnerabilities in frontend. |
Affected by 87 other vulnerabilities. |
|
VCID-ck23-cxn6-bbf3
Aliases: GHSA-pqfv-97hj-g97g |
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation. |
Affected by 44 other vulnerabilities. |
|
VCID-dbrh-t8zx-nkd9
Aliases: GHSA-6487-3qvg-8px9 |
TYPO3 Information Disclosure in Install Tool The Install Tool exposes the current TYPO3 version number to non-authenticated users. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-dm97-51uu-r7gw
Aliases: 2018-12-11-1 |
Cross-site Scripting Cross-Site Scripting in Online Media Asset Rendering. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-dsu7-jjjq-f3e1
Aliases: CVE-2021-21339 GHSA-qx3w-4864-94ch |
Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006) |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-ehzg-bzrd-kbcc
Aliases: 2018-12-11-7 |
Uncontrolled Resource Consumption Denial of Service in Frontend Record Registration. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 95 other vulnerabilities. |
|
VCID-f4pm-9tq5-q3ch
Aliases: GHSA-75mx-chcf-2q32 |
Duplicate Advisory: TYPO3 Cross-Site Scripting vulnerability in typolinks ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j5v7-9xr5-m7gx. This link is maintained to preserve external references. ## Original Description All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme `javascript:`. |
Affected by 87 other vulnerabilities. |
|
VCID-gcnj-6qb6-pbgz
Aliases: CVE-2019-19848 GHSA-77p4-wfr8-977w |
TYPO3 Directory Traversal on ZIP extraction An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.) |
Affected by 16 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 41 other vulnerabilities. |
|
VCID-h958-d3pm-kfcs
Aliases: TYPO3-CORE-SA-2016-013 |
Missing Access Check Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute. |
Affected by 70 other vulnerabilities. Affected by 113 other vulnerabilities. |
|
VCID-jmu3-5k7e-x7ch
Aliases: TYPO3-CORE-SA-2016-021 |
Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability. |
Affected by 52 other vulnerabilities. Affected by 122 other vulnerabilities. Affected by 98 other vulnerabilities. |
|
VCID-jqx9-41zx-dbcy
Aliases: TYPO3-CORE-SA-2016-022 |
Cache Flooding in Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack. |
Affected by 52 other vulnerabilities. Affected by 122 other vulnerabilities. Affected by 98 other vulnerabilities. |
|
VCID-kgcq-paqm-9ya6
Aliases: GHSA-jqr8-q455-xx45 |
TYPO3 Brute Force Protection Bypass in backend login The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more feasible. |
Affected by 47 other vulnerabilities. |
|
VCID-kqbk-4q4z-nkec
Aliases: TYPO3-CORE-SA-2015-013 |
Multiple Cross-Site Scripting vulnerabilities in frontend Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML. |
Affected by 87 other vulnerabilities. |
|
VCID-mnz3-rj21-67ad
Aliases: CVE-2022-36105 GHSA-m392-235j-9r7r |
TYPO3 CMS vulnerable to User Enumeration via Response Timing > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007) * [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days) |
Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-n15v-ta9h-6ffb
Aliases: CVE-2021-32767 GHSA-34fr-fhqr-7235 |
Inclusion of Sensitive Information in Log Files TYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability. |
Affected by 10 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-n78p-x7hh-gqcf
Aliases: 2018-12-11-5 |
Information Disclosure in Install Tool. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-nwxj-3ajk-rkh5
Aliases: CVE-2018-6905 GHSA-3w22-wrwx-2r75 |
Cross-site Scripting The page module in TYPO3 is vulnerable to XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process. |
Affected by 76 other vulnerabilities. Affected by 92 other vulnerabilities. Affected by 92 other vulnerabilities. |
|
VCID-pgzu-kxuj-j3fh
Aliases: CVE-2015-8755 GHSA-56f9-5563-m2h7 |
Typo3 XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. |
Affected by 87 other vulnerabilities. |
|
VCID-pk8d-8u15-5bfq
Aliases: GHSA-f3wf-q4fj-3gxf |
TYPO3 Denial of Service in Online Media Asset Handling Online Media Asset Handling (*`.youtube` and *`.vimeo` files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-q6dx-uskc-y3hs
Aliases: GHSA-5cxf-xx9j-54jc |
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript. |
Affected by 87 other vulnerabilities. |
|
VCID-qemc-8kj8-r3cd
Aliases: 2015-12-15-1 |
Cross-site Scripting Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend. |
Affected by 87 other vulnerabilities. |
|
VCID-rdrs-mhaw-b3ge
Aliases: 2018-12-11-3 |
Cross-site Scripting Cross-Site Scripting in Frontend User Login. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-rwgf-2pfh-ufdz
Aliases: GHSA-wp8j-c736-c5r3 |
TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability. As second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. |
Affected by 47 other vulnerabilities. |
|
VCID-sr3p-pdxy-4yhu
Aliases: 2018-07-12-2 |
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS. |
Affected by 26 other vulnerabilities. Affected by 68 other vulnerabilities. Affected by 84 other vulnerabilities. |
|
VCID-t3jn-vwbx-u7cr
Aliases: CVE-2021-21370 GHSA-x7hc-x7fm-f7qh |
Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008) |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-tmrt-6fxw-5ugh
Aliases: GHSA-ppgf-8745-8pgx |
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far. |
Affected by 26 other vulnerabilities. Affected by 68 other vulnerabilities. Affected by 84 other vulnerabilities. |
|
VCID-tw1y-t4qj-j3d1
Aliases: 2018-12-11-2 |
Cross-site Scripting Cross-Site Scripting in Backend Modal Component. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-vndb-w8e1-4ugv
Aliases: GHSA-8m6j-p5jv-v69w |
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Failing to properly encode user input, online media asset rendering (`*.youtube` and `*.vimeo` files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-wr5t-xqnn-gkcj
Aliases: GHSA-7q33-hxwj-7p8v |
TYPO3 Cross-Site Scripting in Backend Modal Component Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-ww44-zmx7-47ft
Aliases: TYPO3-CORE-SA-2015-012 |
Cross-Site Scripting vulnerability in typolinks All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme "javascript:". |
Affected by 87 other vulnerabilities. |
|
VCID-wxps-mnue-6bbh
Aliases: GHSA-2rcw-9hrm-8q7q |
TYPO3 Cross-Site Scripting in Frontend User Login Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template patterns that are affected are - ###FEUSER_[fieldName]### using system extension felogin - <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken) |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
|
VCID-xa4m-xpa9-v7h8
Aliases: CVE-2019-19849 GHSA-rcgc-4xfc-564v |
TYPO3 Insecure Deserialization in Query Generator & Query View An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges. |
Affected by 16 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 41 other vulnerabilities. Affected by 41 other vulnerabilities. |
|
VCID-xkpp-psz2-2kag
Aliases: GHSA-r9vc-jfmh-6j48 |
TYPO3 frontend login vulnerable to Session Fixation It has been discovered that TYPO3 is susceptible to session fixation. If a user authenticates while anonymous session data is present, the session id is not changed. This makes it possible for attackers to generate a valid session id, trick users into using this session id (e.g. by leveraging a different Cross-Site Scripting vulnerability) and then maybe getting access to an authenticated session. |
Affected by 47 other vulnerabilities. |
|
VCID-xqew-bx7v-1qfk
Aliases: GHSA-g585-crjf-vhwq |
TYPO3 Denial of Service in Frontend Record Registration TYPO3’s built-in record registration functionality (aka `basic shopping cart`) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. |
|
VCID-y32z-2d3f-gkgw
Aliases: CVE-2021-32768 GHSA-c5c9-8c6m-727v |
Cross-site Scripting TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-zdq2-dhb2-6kaq
Aliases: CVE-2022-23501 GHSA-jfp7-79g7-89rf GMS-2022-8134 |
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login ### Problem Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. ### Solution Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above. ### References * [TYPO3-CORE-SA-2022-013](https://typo3.org/security/advisory/typo3-core-sa-2022-013) |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-zspb-bd6j-wyd2
Aliases: 2018-12-11-4 |
Security Misconfiguration in Install Tool Cookie. |
Affected by 12 other vulnerabilities. Affected by 51 other vulnerabilities. Affected by 69 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-37wu-bjfj-k7eg | Improper Restriction of Excessive Authentication Attempts Brute Force Protection Bypass in backend login. |
2015-07-01-5
|
| VCID-4etp-u4pt-v7hm | Information Exposure Frontend: Unauthenticated Path Disclosure. |
2015-09-08-1
|
| VCID-51ba-3ag9-rucn | Cross-site Scripting Cross-Site Scripting in 3rd party library Flowplayer. |
2015-07-01-6
|
| VCID-kpze-14jy-xud9 | Cross-site Scripting Cross-Site Scripting exploitable by Editors. |
2015-07-01-3
|
| VCID-ne8w-dpjw-7qf1 | Improper Access Control Access bypass when editing file metadata. |
2015-07-01-1
|
| VCID-se8w-fv8x-tqde | Information Disclosure possibility exploitable by Editors. |
2015-07-01-4
|
| VCID-xhq3-ts9t-sbdy | Frontend login Session Fixation. |
2015-07-01-2
|