Search for packages
| purl | pkg:composer/typo3/cms@8.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-17h4-rww9-93ad
Aliases: 2019-01-22-3 |
Improper Access Control Broken Access Control in Localization Handling. |
Affected by 0 other vulnerabilities. |
|
VCID-1d1x-7vx6-zbfw
Aliases: CVE-2017-14251 GHSA-fh4q-hxrw-cjqq |
TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. |
Affected by 0 other vulnerabilities. |
|
VCID-1txn-xjt1-37ha
Aliases: 2018-12-11-3 |
Cross-site Scripting Cross-Site Scripting in Frontend User Login. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-24z2-dffm-wfdf
Aliases: GHSA-g9rv-6g56-65h8 |
Typo3 Security Misconfiguration in User Session Handling When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-2m7w-zfua-u7b9
Aliases: GHSA-g4pf-3jvq-2gcw |
TYPO3 Remote Code Execution in third party library swiftmailer TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code Execution. |
Affected by 1 other vulnerability. |
|
VCID-2x7t-5tdv-cuge
Aliases: TYPO3-CORE-SA-2017-004 |
XSS Vulnerability Failing to properly encode user input, backend forms are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-3c1n-du49-6bes
Aliases: CVE-2016-5385 GHSA-m6ch-gg5f-wxx3 |
Affected by 1 other vulnerability. |
|
|
VCID-3vjn-rrkb-nbbw
Aliases: GHSA-8h4m-r4wm-xj7r |
TYPO3 Arbitrary Code Execution via File List Module Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload *.phar, *.shtml, *.pl or *.cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of Debian GNU Linux are handling *.phar files as PHP applications since PHP 7.1 (for unofficial packages) and PHP 7.2 (for official packages). The file extension *.shtml is bound to server side includes which are not enabled per default in most common Linux based distributions. File extension *.pl and *.cgi require additional handlers to be configured which is also not the case in most common distributions (except for /cgi-bin/ location). |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3wq5-qkuj-c7ce
Aliases: GHSA-hww5-6x85-mc24 |
Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as having direct access to TSconfig settings. A valid backend user account having access to modify values for fields pages.TSconfig and pages.tsconfig_includes is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3yjx-zkmc-zkau
Aliases: 2016-04-12-4 |
Improper Privilege Management Privilege Escalation in TYPO3 CMS. |
Affected by 1 other vulnerability. |
|
VCID-4mfu-2wkc-ybbw
Aliases: GHSA-8m6j-p5jv-v69w |
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Failing to properly encode user input, online media asset rendering (`*.youtube` and `*.vimeo` files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4zub-buj2-5kbh
Aliases: GHSA-f3wf-q4fj-3gxf |
TYPO3 Denial of Service in Online Media Asset Handling Online Media Asset Handling (*`.youtube` and *`.vimeo` files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-53bg-1gfq-7bap
Aliases: 2018-12-11-2 |
Cross-site Scripting Cross-Site Scripting in Backend Modal Component. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-56yk-z25r-nuap
Aliases: GHSA-g7hw-jh4p-75wr |
TYPO3 Cross-Site Scripting in Filelist Module It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-58sc-bkhd-7ud1
Aliases: 2017-09-05-4 |
Code Injection Arbitrary Code Execution in TYPO3 CMS. |
Affected by 1 other vulnerability. |
|
VCID-5m4k-jd3r-abaf
Aliases: GHSA-gj48-w74w-8gvm GMS-2024-342 |
Path Traversal in TYPO3 Core Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence. |
Affected by 1 other vulnerability. |
|
VCID-6bne-vnc6-wfe9
Aliases: 2016-07-19-5 |
Cross-site Scripting Cross-Site Scripting vulnerability in typolinks. |
Affected by 1 other vulnerability. |
|
VCID-7hee-5tpj-g7ct
Aliases: GHSA-f624-8hfq-5fh3 |
TYPO3 Information Disclosure of Installed Extensions It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7vrs-6mah-2fh9
Aliases: CVE-2021-32668 GHSA-6mh3-j5r5-2379 |
Cross-Site Scripting in Query Generator & Query View > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.5) ### Problem Failing to properly encode error messages, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described. ### Credits Thanks to Richie Lee who reported this issue and to TYPO3 security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2021-010](https://typo3.org/security/advisory/typo3-core-sa-2021-010) |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-7yn7-f2cw-ukfj
Aliases: 2018-12-11-6 |
Uncontrolled Resource Consumption Denial of Service in Online Media Asset Handling. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7yrw-wj9m-hkd4
Aliases: 2017-02-28-2 |
Cross-site Scripting XSS in TYPO3 CMS. |
Affected by 1 other vulnerability. |
|
VCID-7zyp-yza7-2udn
Aliases: 2019-05-07-2 |
Security Misconfiguration in User Session Handling. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-87g8-zcww-p7bm
Aliases: CVE-2019-12748 GHSA-r6fv-56gp-j3r4 |
Typo3 Cross-Site Scripting in Link Handling TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8a25-9af4-tyhk
Aliases: GHSA-xvcp-33rc-j8gq |
Insecure Unserialize in TYPO3 Import/Export Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed. |
Affected by 1 other vulnerability. |
|
VCID-8fkz-6kqu-gqbk
Aliases: TYPO3-CORE-SA-2016-024 |
Path Traversal Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence. |
Affected by 1 other vulnerability. |
|
VCID-8jv7-9a74-q3ee
Aliases: 2016-04-12-1 |
Cross-site Scripting Cross-Site Scripting in TYPO3 Backend. |
Affected by 1 other vulnerability. |
|
VCID-8re4-c6j8-hyfh
Aliases: 2018-12-11-7 |
Uncontrolled Resource Consumption Denial of Service in Frontend Record Registration. |
Affected by 0 other vulnerabilities. |
|
VCID-8u66-mv4d-zbd4
Aliases: 2019-01-22-6 |
Cross-site Scripting Cross-Site Scripting in Form Framework. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-a6c5-ytdy-3qh4
Aliases: GHSA-5gr6-97fv-52cc |
Cross-Site Scripting in TYPO3 CMS Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting. |
Affected by 1 other vulnerability. |
|
VCID-a8wf-nz2q-s3gh
Aliases: GHSA-gwfx-p7mr-f92v |
Missing Access Check in TYPO3 CMS Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute. |
Affected by 0 other vulnerabilities. |
|
VCID-aj9w-bguk-9yek
Aliases: 2019-06-25-5 |
Insecure Deserialization in TYPO3 CMS. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-aujs-m8j8-guh1
Aliases: 2016-05-24-1 |
Improper Access Control Missing Access Check in TYPO3 CMS. |
Affected by 0 other vulnerabilities. |
|
VCID-axg7-qg5u-kbg7
Aliases: GHSA-86r8-4g3w-7xjp |
Cross-Site Scripting in TYPO3 Backend Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability. |
Affected by 1 other vulnerability. |
|
VCID-bd6u-nca5-gyeu
Aliases: GHSA-hq37-rfjc-mr8h |
Cross-Site Scripting (XSS) in TYPO3 Backend Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability. |
Affected by 1 other vulnerability. |
|
VCID-bgk1-npak-uuhy
Aliases: GHSA-qr5f-6fcv-w69q |
Typo3 Security Misconfiguration in Frontend Session Handling It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-brcm-16va-3yek
Aliases: GHSA-c7p6-3c9c-f88q |
Information Disclosure in TYPO3 CMS HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint. |
Affected by 0 other vulnerabilities. |
|
VCID-bvjs-f141-sfc7
Aliases: 2019-06-25-1 |
Information Disclosure in Backend User Interface. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-cdkv-3rbf-27ed
Aliases: 2016-07-19-4 |
Information Disclosure in TYPO3 Backend. |
Affected by 1 other vulnerability. |
|
VCID-cnqq-fdxb-9uat
Aliases: GHSA-c7rj-92xr-wprg |
Insecure Unserialize in TYPO3 Backend Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed. |
Affected by 1 other vulnerability. |
|
VCID-ct1e-wck2-6qbj
Aliases: 2017-09-05-1 |
Cross-site Scripting XSS in TYPO3 CMS Backend. |
Affected by 1 other vulnerability. |
|
VCID-cvpr-b5np-6bcv
Aliases: 2018-07-12-1 |
Improper Authentication Authentication Bypass in TYPO3 CMS. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-cxp1-whzb-p7hy
Aliases: GHSA-v8m4-3w37-ghxx |
TYPO3 Cross-Site Scripting in Form Framework validation handling It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-d2qd-qjn9-jffs
Aliases: 2016-07-19-1 |
Cross-site Scripting Cross-Site Scripting in TYPO3 Backend. |
Affected by 1 other vulnerability. |
|
VCID-d381-rcq3-n3az
Aliases: GHSA-vpr3-rc99-2wpr |
Information Disclosure in TYPO3 Backend The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend usernames. |
Affected by 1 other vulnerability. |
|
VCID-dc9k-gxr2-6bah
Aliases: 2016-07-19-7 |
Cross-site Scripting Cross-Site Scripting in third party library `mso/idna-convert`. |
Affected by 1 other vulnerability. |
|
VCID-dfng-qmn8-jyc5
Aliases: 2019-01-22-2 |
Security Misconfiguration for Backend User Accounts. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dkmy-bwds-s7f4
Aliases: 2019-05-07-1 |
Cross-site Scripting Cross-Site Scripting in Fluid Engine. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dm6k-fzm6-sqbe
Aliases: GHSA-p5c5-gmj4-g48f |
Cross-Site Scripting (XSS) vulnerability in typolinks All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:". |
Affected by 1 other vulnerability. |
|
VCID-dybf-xk32-pkdg
Aliases: CVE-2020-15241 GHSA-7733-hjv6-4h47 |
Cross-Site Scripting in ternary conditional operator > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C`(5.0) > * CWE-79 --- :information_source: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020 --- ### Problem It has been discovered that the Fluid Engine (package `typo3fluid/fluid`) is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like the following. ``` {showFullName ? fullName : defaultValue} ``` ### Solution Update to versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 of this `typo3fluid/fluid` package that fix the problem described. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) releases: * TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.5) * TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1) ### Credits Thanks to Bill Dagou who reported this issue and to TYPO3 core merger Claus Due who fixed the issue. ### References * [TYPO3-CORE-SA-2019-013](https://typo3.org/security/advisory/typo3-core-sa-2019-013) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-e3gy-22s1-huhc
Aliases: 2019-01-22-1 |
Information Disclosure of Installed Extensions. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-e5ns-2x1v-sbaj
Aliases: TYPO3-CORE-SA-2016-023 |
Insecure Unserialize in TYPO3 Backend Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed. |
Affected by 1 other vulnerability. |
|
VCID-f9e5-am8t-j7gc
Aliases: CVE-2019-11832 GHSA-3w4h-r27h-4r2w |
TYPO3 Image Processing susceptible to Code Execution TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary `gs` must be available on the server system. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fhr8-f4h5-6ffx
Aliases: GHSA-7q33-hxwj-7p8v |
TYPO3 Cross-Site Scripting in Backend Modal Component Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fj4s-fcy4-2fcj
Aliases: 2018-12-11-1 |
Cross-site Scripting Cross-Site Scripting in Online Media Asset Rendering. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fru4-hjhx-47ev
Aliases: TYPO3-CORE-SA-2017-006 |
Information Disclosure HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint. |
Affected by 0 other vulnerabilities. |
|
VCID-g8w9-nj7c-dfa4
Aliases: GHSA-c5mj-39cf-3pp5 |
TYPO3 Security Misconfiguration for Backend User Accounts When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order to reflect changed configuration possibilities. However, this leads to persisting the current state as well, which can result into some of the following: - account contains empty login credentials (username and/or password) - account is incomplete and contains weak credentials (username and/or password) Albeit the functionality provided by the TYPO3 core cannot be used either with empty usernames or empty passwords, it still can be a severe vulnerability to custom authentication service implementations. This weakness cannot be directly exploited and requires interaction on purpose by some backend user having according privileges. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-gb7f-4sm6-tkaw
Aliases: 2016-09-14-2 |
Uncontrolled Resource Consumption Cache Flooding in TYPO3 Frontend. |
Affected by 3 other vulnerabilities. |
|
VCID-hdsj-ya24-9uhk
Aliases: GHSA-g585-crjf-vhwq |
TYPO3 Denial of Service in Frontend Record Registration TYPO3’s built-in record registration functionality (aka `basic shopping cart`) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database. |
Affected by 0 other vulnerabilities. |
|
VCID-heyp-4b45-v7gp
Aliases: 2016-11-22-1 |
Insecure Deserialization Insecure Unserialize in TYPO3 Backend. |
Affected by 1 other vulnerability. |
|
VCID-hrjb-bbbx-1kbq
Aliases: 2018-12-11-5 |
Information Disclosure in Install Tool. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-htsn-wq8h-qbgp
Aliases: 2017-01-03-1 |
Code Injection Remote Code Execution in third party library swiftmailer. |
Affected by 5 other vulnerabilities. |
|
VCID-hwcz-r4cu-9fba
Aliases: TYPO3-CORE-SA-2017-003 |
XSS Vulnerability TYPO3 is vulnerable to Cross-Site Scripting. |
Affected by 1 other vulnerability. |
|
VCID-k8yx-gezq-7fd6
Aliases: GHSA-6xh8-8pfv-53vx |
Authentication Bypass in TYPO3 CMS The default authentication service misses to invalidate empty strings as password. Therefore it is possible to authenticate backend and frontend users without password set in the database. Note: TYPO3 does not allow to create user accounts without a password. Your TYPO3 installation might only be affected if there is a third party component creating user accounts without password by directly manipulating the database. |
Affected by 1 other vulnerability. |
|
VCID-ks2k-ehk8-nqbm
Aliases: CVE-2021-32669 GHSA-rgcg-28xm-8mmw |
Cross-Site Scripting in Backend Grid View ### Problem Failing to properly encode settings for _backend layouts_, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described. ### Credits Thanks to TYPO3 core merger Oliver Bartsch who reported and fixed the issue. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-mf9a-exme-b3ca
Aliases: GHSA-6f9m-v7mp-7jjq |
Authentication Bypass in TYPO3 CMS It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mgtw-94ks-a7du
Aliases: GHSA-f777-f784-36gm |
TYPO3 Security Misconfiguration in Install Tool Cookie It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mpuk-6hdb-sqh7
Aliases: GHSA-6487-3qvg-8px9 |
TYPO3 Information Disclosure in Install Tool The Install Tool exposes the current TYPO3 version number to non-authenticated users. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-n7ha-dtwq-xqf9
Aliases: 2018-07-12-2 |
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-pe6b-ygxy-kqes
Aliases: 2019-01-22-4 |
Cross-site Scripting Cross-Site Scripting in Fluid `ViewHelpers`. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-psu6-y6fc-nqh4
Aliases: 2016-07-19-2 |
Deserialization of Untrusted Data Insecure Unserialize in TYPO3 Import/Export. |
Affected by 1 other vulnerability. |
|
VCID-pwe8-razn-buae
Aliases: CVE-2018-17960 GHSA-g68x-vvqq-pvw3 |
Ckeditor XSS Vulnerability CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. It was possible to execute XSS inside the CKEditor source area after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode. Although this is an unlikely scenario, it is recommended to upgrade to the latest editor version. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-qj2p-m8ce-myb3
Aliases: GHSA-85ch-44w7-rf32 |
TYPO3 Cross-Site Scripting in Fluid ViewHelpers Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-r9yp-177t-efc4
Aliases: 2019-01-22-7 |
Code Injection Arbitrary Code Execution via File List Module. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-rep9-2rxn-gfee
Aliases: 2019-05-07-3 |
Code Injection Possible Arbitrary Code Execution in Image Processing. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-rmnv-emnu-6bfy
Aliases: CVE-2021-32767 GHSA-34fr-fhqr-7235 |
Information Disclosure in User Authentication > ### Meta > * CVSS: `AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that user credentials have been logged as plaintext when explicitly using log level debug, which is not the _default_ configuration. ### Solution Update to TYPO3 versions 7.6.52 ELTS, 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described. ### Credits Thanks to Ingo Schmitt who reported this issue, and to TYPO3 core & security team member Benni Mack who fixed the issue. ### References * [TYPO3-CORE-SA-2021-012](https://typo3.org/security/advisory/typo3-core-sa-2021-012) |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-scue-m12x-nkf4
Aliases: 2017-09-05-3 |
Information Disclosure in TYPO3 CMS. |
Affected by 1 other vulnerability. |
|
VCID-smyk-z453-gyag
Aliases: GHSA-772m-43f3-hmf8 |
TYPO3 Broken Access Control in Localization Handling It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-snd3-qpkk-8bb5
Aliases: GHSA-q9c4-9v5m-597p |
Typo3 Information Disclosure in Backend User Interface The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-t352-87cy-4qhm
Aliases: GHSA-pw2q-qwvj-gh43 |
Cache Flooding in TYPO3 Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack. |
Affected by 1 other vulnerability. |
|
VCID-t7b2-114h-ekaw
Aliases: 2019-06-25-2 |
Cross-site Scripting Cross-Site Scripting in Link Handling. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-t7fe-ph2m-j3e5
Aliases: 2016-09-14-1 |
Cross-site Scripting XSS in TYPO3 Backend. |
Affected by 3 other vulnerabilities. |
|
VCID-tbp9-2rg8-u7bk
Aliases: 2019-06-25-4 |
Code Injection Arbitrary Code Execution and Cross-Site Scripting in Backend API. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tdsj-15xc-x3ar
Aliases: GHSA-qmwf-j7g7-f5jw |
Cross-Site Scripting in third party library mso/idna-convert Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3_src sources folder in the document root. |
Affected by 1 other vulnerability. |
|
VCID-tfey-6228-tybz
Aliases: 2019-01-22-5 |
Cross-site Scripting Cross-Site Scripting in Bootstrap CSS toolkit. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-thjz-e86b-n3a7
Aliases: CVE-2019-12747 GHSA-86hp-xrhj-fhpq |
Typo3 Vulnerable to Insecure Deserialization TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tvq8-qbwc-qkfs
Aliases: CVE-2021-32768 GHSA-c5c9-8c6m-727v |
Cross-Site Scripting via Rich-Text Content > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.7) ### Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality _[HTMLparser](https://docs.typo3.org/m/typo3/reference-typoscript/10.4/en-us/Functions/Htmlparser.html)_ do not consider all potentially malicious HTML tag & attribute combinations per default. In addition, the lack of comprehensive default node configuration for rich-text fields in the backend user interface fosters this malfunction. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. ### Solution Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described above. Custom package _[typo3/html-sanitizer](https://github.com/TYPO3/html-sanitizer)_ - based on allow-lists only - takes care of sanitizing potentially malicious markup. The default behavior is based on safe and commonly used markup - however, this can be extended or restricted further in case it is necessary for individual scenarios. During the frontend rendering process, sanitization is applied to the default TypoScript path `lib.parseFunc`, which is implicitly used by the Fluid view-helper instruction `f:format.html`. Rich-text data persisted using the backend user interface is sanitized as well. Implementation details are explained in corresponding [ChangeLog documentation](https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Important-94484-IntroduceHTMLSanitizer.html). ### Credits Thanks to Benjamin Stiber, Gert-Jan Jansma, Gábor Ács-Kurucz, Alexander Kellner, Richie Lee, Nina Rösch who reported this issue, and to TYPO3 security team member Oliver Hader, as well as TYPO3 contributor Susanne Moog who fixed the issue. ### References * [TYPO3-CORE-SA-2021-013](https://typo3.org/security/advisory/typo3-core-sa-2021-013) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tvtv-cfzc-z3d5
Aliases: GHSA-xgmx-j3hv-jh9x |
TYPO3 Cross-Site Scripting in Link Handling It has been discovered that `t3://` URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-u34g-yks8-hbay
Aliases: CVE-2018-14041 GHSA-pj7m-g53m-7638 |
Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-u3es-5tz4-ybfc
Aliases: 2019-06-25-3 |
Security Misconfiguration in Frontend Session Handling. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-u6ar-3wzb-u3eg
Aliases: GHSA-g46h-v2cc-6c94 |
Information Disclosure in TYPO3 CMS Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-ukvt-pj2t-9kcq
Aliases: GHSA-2rcw-9hrm-8q7q |
TYPO3 Cross-Site Scripting in Frontend User Login Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template patterns that are affected are - ###FEUSER_[fieldName]### using system extension felogin - <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ungm-t9nm-hyf8
Aliases: 2016-07-19-6 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Environment Variable Injection. |
Affected by 1 other vulnerability. |
|
VCID-uzut-7219-xkc1
Aliases: TYPO3-CORE-SA-2017-002 |
Authentication Bypass Due to late TCA initialization the authentication service fails to restrict frontend user according to the validation rules. Therefore it is possible to authenticate restricted (e.g. disabled) frontend users. |
Affected by 1 other vulnerability. |
|
VCID-vftm-uyy7-63fb
Aliases: 2017-09-05-2 |
Information Disclosure in TYPO3 CMS. |
Affected by 1 other vulnerability. |
|
VCID-vujd-b56y-8kfk
Aliases: GHSA-v5jp-4h2p-j2p4 |
Privilege Escalation in TYPO3 CMS The workspace/ version preview link created by a privileged (backend) user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability. |
Affected by 1 other vulnerability. |
|
VCID-vyhd-x5fe-b3aj
Aliases: TYPO3-CORE-SA-2017-005 |
Information Disclosure Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-w2qy-69nb-5ke5
Aliases: GHSA-ppgf-8745-8pgx |
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-x3t4-7hux-zya8
Aliases: GHSA-v4qr-8h2v-qpjx |
Cross-Site Scripting in TYPO3 CMS Backend Failing to properly encode user input, backend forms are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-x5wu-b995-xkcm
Aliases: 2016-04-12-3 |
Improper Authentication Authentication Bypass in TYPO3 CMS. |
Affected by 1 other vulnerability. |
|
VCID-xg9s-8fv2-87hq
Aliases: GHSA-67wg-6j7r-mqh8 |
Arbitrary Code Execution in TYPO3 CMS Due to a missing file extension in the fileDenyPattern, backend user are allowed to upload *.pht files which can be executed in certain web server setups. The new default fileDenyPattern is the following, which might have been overridden in the TYPO3 Install Tool. ``` \.(php[3-7]?|phpsh|phtml|pht)(\..*)?$|^\.htaccess$ ``` |
Affected by 0 other vulnerabilities. |
|
VCID-xsd3-6zyc-j7dg
Aliases: 2018-12-11-4 |
Security Misconfiguration in Install Tool Cookie. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-y15u-f9e9-akff
Aliases: 2016-11-22-2 |
Path Traversal in TYPO3 Core. |
Affected by 1 other vulnerability. |
|
VCID-yt8r-5b7g-1ueq
Aliases: GHSA-4h5c-5g25-v7fh |
TYPO3 Cross-Site Scripting in Form Framework Failing to properly encode user input, frontend forms handled by the form framework (system extension “form”) are vulnerable to cross-site scripting. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-yz56-gs5x-hudr
Aliases: TYPO3-CORE-SA-2017-007 |
Arbitrary Code Execution Due to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups. |
Affected by 0 other vulnerabilities. |
|
VCID-zhvr-3e6u-2uc6
Aliases: GHSA-hh95-5xm5-v8v7 |
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since sensitive information could have been leaked by accident (e.g. in repositories or in commonly known and unprotected backup files), there is the possibility that attackers know the private encryptionKey and are able to calculate the required HMAC-SHA1 to allow a malicious payload to be deserialized. Requirements for successfully exploiting this vulnerability (all of the following): - rendering at least one Extbase plugin in the frontend - encryptionKey has been leaked (from LocalConfiguration.php or corresponding .env file) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zrvx-m37x-v3a1
Aliases: 2018-12-11-8 |
Cross-site Scripting Cross-Site Scripting in CKEditor. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zu53-dnd1-h3gu
Aliases: GHSA-5wx6-xwxf-q8qj |
Cross-Site Scripting in TYPO3 Backend Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||