CRITICAL9.8CVE-2022-47406TYPO3 vulnerable to Insufficient Session Expiration from 0, < 2.0.5
CRITICAL9.8CVE-2011-3583Typo3 SQL injection due to faulty prepared statements >= 4.5.0, <= 4.5.5
CRITICAL9.8Typo3 Authentication Bypass
from 0, < 4.3.12
HIGH8.8TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
>= 10.0.0, < 10.4.35
HIGH8.8TYPO3 Vulnerable to Insecure Deserialization
>= 8.0.0, < 8.7.27
HIGH8.8TYPO3 Insecure Deserialization in Query Generator & Query View
>= 10.0.0, < 10.2.1
HIGH8.8TYPO3 Arbitrary Code Execution
>= 7.6.0, < 7.6.22
HIGH8.8Cross-Site-Request-Forgery in Backend
>= 11.2.0, < 11.5.0
HIGH8.8Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
>= 10.0.0, < 10.4.6
HIGH8.8Insecure Deserialization in Backend User Settings in TYPO3 CMS
>= 10.0.0, < 10.4.2
HIGH8.7Class destructors causing side-effects when being unserialized in TYPO3 CMS
>= 10.0.0, < 10.4.2
HIGH8.6Unrestricted File Upload in Form Framework
>= 10.0.0, < 10.4.14
HIGH8.3Broken Access Control in Form Framework
>= 10.0.0, < 10.4.14
HIGH8.1Cleartext storage of session identifier
>= 10.0.0, < 10.4.10
HIGH8.1Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
>= 10.0.0, < 10.4.6
HIGH8.0Backend Same-Site Request Forgery in TYPO3 CMS
>= 10.0.0, < 10.4.2
HIGH7.5TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
>= 10.0.0, < 10.4.33
HIGH7.5TYPO3 Image Processing susceptible to Code Execution
>= 8.0.0, < 8.7.25
HIGH7.1Deserialization of untrusted data in Symfony
>= 9.0.0, < 9.5.8
MEDIUM6.8TYPO3 Directory Traversal on ZIP extraction
>= 10.0.0, < 10.2.2
MEDIUM6.5TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
>= 4.5.0, < 4.5.32
MEDIUM6.5Typo3 Improper Access Control
from 0, < 4.4.9
MEDIUM6.5Typo3 Information Disclosure
from 0, < 4.5.4
MEDIUM6.5Typo3 Arbitrary Information Disclosure
from 0, < 4.3.12
MEDIUM6.5Typo3 Arbitrary File Delete
from 0, < 4.3.12
MEDIUM6.5Typo3 Information Disclosure
from 0, < 4.3.12
MEDIUM6.4Cross-Site Scripting in Backend Grid View
>= 10.0.0, < 10.4.18
MEDIUM6.4Cross-Site Scripting in Query Generator & Query View
>= 10.0.0, < 10.4.18
MEDIUM6.4Cross-Site Scripting in Page Preview
>= 10.0.0, < 10.4.18
MEDIUM6.3TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
>= 4.5.0, < 4.5.32
MEDIUM6.1TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
>= 10.0.0, < 10.4.33
MEDIUM6.1TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
>= 10.0.0, < 10.4.32
MEDIUM6.1Typo3 Cross-Site Scripting in Link Handling
>= 8.0.0, < 8.7.27
MEDIUM6.1Typo3 Cross-Site Scripting in Flash component (ELTS)
>= 7.0.0, < 7.2.0
MEDIUM6.1TYPO3 allows remote attackers to embed Flash videos from external domain
>= 6.2.0, < 6.2.16
MEDIUM6.1TYPO3 Backend component Cross-site scripting (XSS) vulnerability
>= 6.2.0, < 6.2.19
MEDIUM6.1Typo3 XSS in RemoveXSS function
from 0, < 4.3.12
MEDIUM6.1Cross-Site Scripting via Rich-Text Content
>= 10.0.0, < 10.4.19
MEDIUM6.1Open Redirection in Login Handling
>= 10.0.0, < 10.4.14
MEDIUM6.1Cross-Site Scripting in Fluid view helpers
>= 10.0.0, < 10.4.10
MEDIUM6.1Ckeditor XSS Vulnerability
>= 8.0.0, < 8.7.21
MEDIUM6.1Bootstrap Cross-site Scripting vulnerability
>= 8.0.0, < 8.7.23
MEDIUM6.0Insufficient Session Expiration in TYPO3's Admin Tool
>= 10.0.0, < 10.4.29
MEDIUM5.9TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
>= 10.0.0, < 10.4.33
MEDIUM5.9TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
>= 10.0.0, < 10.4.33
MEDIUM5.9TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
>= 11.4.0, < 11.5.16
MEDIUM5.9Denial of Service in Page Error Handling
>= 10.0.0, < 10.4.14
MEDIUM5.9Cleartext storage of session identifier
>= 10.0.0, < 10.4.14
MEDIUM5.7TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
>= 10.0.0, < 10.4.33
MEDIUM5.5TYPO3 SQL Injection in low-level Query Generator
>= 8.0, < 8.7.30
MEDIUM5.4TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
>= 10.0.0, < 10.4.33
MEDIUM5.4TYPO3 CMS missing check for expiration time of password reset token for backend users
>= 10.4.0, < 10.4.32
MEDIUM5.4TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
>= 10.0.0, < 10.4.32
MEDIUM5.4TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
>= 10.3.0, < 10.4.32
MEDIUM5.4Cross-Site Scripting in TYPO3's Frontend Login Mailer
>= 10.0.0, < 10.4.29
MEDIUM5.4Cross-Site Scripting in TYPO3's Form Framework
>= 10.0.0, < 10.4.29
MEDIUM5.4TYPO3 CMS indexed search Cross-site Scripting vulnerability
>= 6.2.0, < 6.2.16
MEDIUM5.4TYPO3 Cross-site Scripting vulnerability
>= 6.2.0, < 6.2.16
MEDIUM5.4Typo3 XSS Vulnerability
>= 6.2, < 6.2.16
MEDIUM5.4Typo3 XSS Vulnerability
>= 4.5.0, < 4.5.4
MEDIUM5.4Typo3 XSS Vulnerabilities
from 0, < 4.3.12
MEDIUM5.4Cross-Site Scripting in Content Preview (CType menu)
>= 10.0.0, < 10.4.14
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
>= 10.0.0, < 10.4.14
MEDIUM5.4Cross-Site Scripting in Content Preview
>= 10.0.0, < 10.4.14
MEDIUM5.4Cross-Site Scripting in TYPO3 CMS Link Handling
>= 10.0.0, < 10.4.2
MEDIUM5.4Cross-Site Scripting in TYPO3 CMS Form Engine
>= 10.0.0, < 10.4.2
MEDIUM5.3TYPO3 CMS vulnerable to User Enumeration via Response Timing
>= 10.0.0, < 10.4.32
MEDIUM5.3Insertion of Sensitive Information into Log File in typo3/cms-core
>= 10.0.0, < 10.4.29
MEDIUM5.3TYPO3 Information Disclosure Vulnerability
MEDIUM5.3Information Disclosure in User Authentication
>= 10.0.0, < 10.4.18
MEDIUM4.8Typo3 XSS Vulnerability
from 0, < 9.2.0
MEDIUM4.8HTTP Host Header Injection
>= 11.0.0, < 11.5.0
MEDIUM4.7Cross-Site Scripting in ternary conditional operator
>= 8.0.0, < 8.7.25
MEDIUM4.3Information Disclosure via Export Module
>= 10.0.0, < 10.4.29
LOW3.7XML External Entity in Dashboard Widget
>= 10.0.0, < 10.4.10
LOW3.7Information Disclosure in Password Reset
>= 10.0.0, < 10.4.2
LOW3.0TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
>= 4.5.0, < 4.5.32
—TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
>= 4.2.0, < 4.2.15
—TYPO3 allows remote attackers to obtain the database name via a direct request
>= 4.4.0, <= 4.4.13
—Typo3 Backend XSS Vulnerabilities
>= 4.4.0, < 4.4.14
—Typo3 API XSS Vulnerabilities
>= 4.4.0, < 4.4.14
—Typo3 Extbase Framework Unsafe Deserialization
>= 4.6, < 4.6.7
—Typo3 Backend History Module Vulnerable to XSS
>= 4.5, < 4.5.21
—TYPO3 vulnerable to remote authenticated arbitrary code execution
>= 6.0.0, < 6.0.9
—TYPO3 doesn't properly check file extensions
>= 6.0.0, < 6.0.8
—TYPO3 Improper Session Invalidation
>= 6.2.0, < 6.2.3
—Typo3 Information Disclosure
>= 6.2.0, < 6.2.3
—TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash
from 0, < 6.2.0
—Typo3 Vulnerable to Cache Poisoning
>= 4.5.0, < 4.5.39
—PHP OpenID Library Denial of Service vulnerability
>= 6.2.0, < 6.2.6
—Typo3 Open Redirect In Frontend Rendering
>= 4.5.0, < 4.5.39
—TYPO3 Directory Traversal vulnerability
>= 4.2.0, < 4.2.16
—TYPO3 Path Traversal vulnerability
>= 4.2.0, < 4.2.16
—TYPO3 SQL Injection vulnerability
>= 4.2.0, < 4.2.16
—Typo3 Exception Handler XSS
>= 4.4, < 4.4.15
—TYPO3 allows remote authenticated backend users to unserialize arbitrary objects
>= 4.5.0, < 4.5.19
—Typo3 Backend XSS Vulnerability
>= 4.5, < 4.5.19
—Typo3 Backend Configuration XSS Vulnerability
>= 4.5, < 4.5.19
—Typo3 API XSS Vulnerability
>= 4.5, < 4.5.19
—Typo3 Install Tool XSS Vulnerability
>= 4.5, < 4.5.19