pkg:Bitnami/typo3

All known vulnerabilities

• HIGH8.8CVE-2023-24814TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
  >= 8.7.0, < 9.7.51, >= 9.0.0, < 9.5.40, >= 10.0.0, < 10.4.36, >= 11.0.0, < 11.5.23, >= 12.0.0, < 12.2.0
• HIGH8.8CVE-2021-41113Cross-Site-Request-Forgery in Backend
  >= 11.2.0, < 11.5.0
• HIGH8.8CVE-2020-15098Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
  >= 9.0.0, < 9.5.20, >= 10.0.0, < 10.4.6
• HIGH8.8Insecure Deserialization in Backend User Settings in TYPO3 CMS
  >= 9.0.0, < 9.5.16, >= 10.0.0, < 10.4.1
• HIGH8.7Class destructors causing side-effects when being unserialized in TYPO3 CMS
  >= 9.0.0, < 9.5.17, >= 10.0.0, < 10.4.2
• HIGH8.6Unrestricted File Upload in Form Framework
  >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• HIGH8.3Broken Access Control in Form Framework
  >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• HIGH8.1Cleartext storage of session identifier
  >= 9.0.0, < 9.5.23, >= 10.0.0, < 10.4.10
• HIGH8.1Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
  >= 9.0.0, < 9.5.20, >= 10.0.0, < 10.4.6
• HIGH8.0Backend Same-Site Request Forgery in TYPO3 CMS
  >= 9.0.0, < 9.5.16, >= 10.0.0, < 10.4.1
• HIGH7.5TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
  >= 8.0.0, < 8.7.49, >= 9.0.0, < 9.5.38, >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20, >= 12.0.0, < 12.1.1
• MEDIUM6.4Cross-Site Scripting in Backend Grid View
  >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.28, >= 10.0.0, < 10.4.17, >= 11.0.0, < 11.3.0
• MEDIUM6.4Cross-Site Scripting in Query Generator & Query View
  >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.28, >= 10.0.0, < 10.4.17, >= 11.0.0, < 11.3.0
• MEDIUM6.4Cross-Site Scripting in Page Preview
  >= 9.0.0, < 9.5.287, >= 10.0.0, < 10.4.17, >= 11.0.0, < 11.3.0
• MEDIUM6.1Typo3 Cross-Site Scripting in Flash component (ELTS)
  >= 6.2.0, < 6.2.39, >= 7.0.0, < 7.1.0
• MEDIUM6.1Cross-Site Scripting via Rich-Text Content
  >= 7.0.0, < 7.6.52, >= 8.0.0, < 8.7.41, >= 9.0.0, < 9.5.28, >= 10.0.0, < 10.4.18, >= 11.0.0, < 11.3.1
• MEDIUM6.1Open Redirection in Login Handling
  >= 6.2.0, < 6.2.57, >= 7.0.0, < 7.6.51, >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM6.1Cross-Site Scripting in Fluid view helpers
  >= 6.2.0, < 6.2.54, >= 7.6.0, < 7.6.48, >= 8.7.0, < 8.7.38, >= 9.0.0, < 9.5.23, >= 10.0.0, < 10.4.10
• MEDIUM6.0Insufficient Session Expiration in TYPO3's Admin Tool
  >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM5.9TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
  from 0, < 8.7.49, >= 9.0.0, < 9.5.38, >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20, >= 12.0.0, < 12.1.1
• MEDIUM5.9TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
  >= 9.0.0, < 9.5.38, >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20
• MEDIUM5.9TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
  >= 11.4.0, < 11.5.15
• MEDIUM5.9Denial of Service in Page Error Handling
  >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.9Cleartext storage of session identifier
  >= 6.2.0, < 6.2.57, >= 7.0.0, < 7.6.51, >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.7TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
  >= 9.0.0, < 9.5.38, >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20, >= 12.0.0, < 12.1.1
• MEDIUM5.5Path Traversal in TYPO3 File Abstraction Layer Storages
  >= 11.5.24, <= 11.5.24
• MEDIUM5.4TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
  >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20, >= 12.0.0, < 12.1.1
• MEDIUM5.4TYPO3 CMS missing check for expiration time of password reset token for backend users
  >= 10.0.0, < 10.4.31, >= 11.0.0, < 11.5.15
• MEDIUM5.4TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
  >= 7.0.0, < 7.6.57, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.36, >= 10.0.0, < 10.4.31, >= 11.0.0, < 11.5.15
• MEDIUM5.4TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
  >= 10.0.0, < 10.4.31, >= 11.0.0, < 11.5.15
• MEDIUM5.4Cross-Site Scripting in TYPO3's Frontend Login Mailer
  >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM5.4Cross-Site Scripting in TYPO3's Form Framework
  >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM5.4Cross-Site Scripting in Bootstrap Package
  from 0, < 7.1.2, >= 8.0.0, < 8.0.8, >= 9.0.0, < 9.0.4, >= 9.1.0, < 9.1.3, >= 10.0.0, < 10.0.10, >= 11.0.0, < 11.0.3
• MEDIUM5.4Cross-Site Scripting in Content Preview (CType menu)
  >= 7.0.0, < 7.6.51, >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
  >= 10.2.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.4Cross-Site Scripting in Content Preview
  >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.4Cross-Site Scripting in TYPO3 CMS Link Handling
  >= 9.5.12, < 9.5.17, >= 10.2.0, < 10.4.2
• MEDIUM5.4Cross-Site Scripting in TYPO3 CMS Form Engine
  >= 9.0.0, < 9.5.17, >= 10.0.0, < 10.4.2
• MEDIUM5.3TYPO3 CMS vulnerable to User Enumeration via Response Timing
  >= 7.0.0, < 7.6.57, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.36, >= 10.0.0, < 10.4.31, >= 11.0.0, < 11.5.15
• MEDIUM5.3Insertion of Sensitive Information into Log File in typo3/cms-core
  >= 7.0.0, < 7.6.57, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM5.3Information Disclosure in User Authentication
  >= 7.0.0, < 7.6.51, >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.27, >= 10.0.0, < 10.4.17, >= 11.0.0, < 11.3.0
• MEDIUM4.8HTTP Host Header Injection
  >= 11.0.0, < 11.5.0
• MEDIUM4.7Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
  >= 8.7.42, < 8.7.55, >= 9.5.29, < 9.5.44, >= 10.4.19, < 10.4.41, >= 11.3.2, < 11.5.33, >= 12.0.0, < 12.4.8
• MEDIUM4.7Cross-Site Scripting in ternary conditional operator
  >= 8.7.25, <= 8.7.25, >= 9.5.6, <= 9.5.6
• MEDIUM4.3Information Disclosure via Export Module
  >= 7.0.0, < 7.6.57, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM4.2TYPO3 vulnerable to Weak Authentication in Session Handling
  >= 8.0.0, < 8.7.55, >= 9.0.0, < 9.5.44, >= 10.0.0, < 10.4.41, >= 11.0.0, < 11.5.33, >= 12.0.0, < 12.4.8
• LOW3.7Information Disclosure in typo3/cms-install tool
  >= 12.2.0, < 12.4.8
• LOW3.7Information Disclosure due to Out-of-scope Site Resolution
  >= 9.4.0, < 9.5.42, >= 10.0.0, < 10.4.39, >= 11.0.0, < 11.5.30, >= 12.0.0, < 12.4.4
• LOW3.7XML External Entity in Dashboard Widget
  >= 10.0.0, < 10.4.10
• LOW3.7Information Disclosure in Password Reset
  >= 10.4.0, <= 10.4.0, >= 10.4.1, <= 10.4.1