HIGH8.8CVE-2023-24814TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering >= 12.0.0, < 12.2.0
>= 8.0.0, < 8.7.27
HIGH8.8CVE-2019-19849TYPO3 Insecure Deserialization in Query Generator & Query View >= 10.0.0, < 10.2.1
HIGH8.8Cross-Site-Request-Forgery in Backend
>= 11.2.0, < 11.5.0
HIGH8.8Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
>= 9.0.0, < 9.5.20
HIGH8.8Insecure Deserialization in Backend User Settings in TYPO3 CMS
>= 9.0.0, < 9.5.17
HIGH8.7Class destructors causing side-effects when being unserialized in TYPO3 CMS
>= 9.0.0, < 9.5.17
HIGH8.6Unrestricted File Upload in Form Framework
>= 10.0.0, < 10.4.14
HIGH8.3Broken Access Control in Form Framework
>= 10.0.0, < 10.4.14
HIGH8.1Cleartext storage of session identifier
>= 9.0.0, < 9.5.23
HIGH8.1Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
>= 9.0.0, < 9.5.20
HIGH8.0Backend Same-Site Request Forgery in TYPO3 CMS
>= 9.0.0, < 9.5.17
HIGH7.5TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
>= 8.0.0, < 8.7.49
HIGH7.5TYPO3 Image Processing susceptible to Code Execution
>= 8.0.0, < 8.7.25
HIGH7.4TYPO3 SQL injection vulnerability in the Extbase Framework
>= 4.5.0, < 4.5.24
HIGH7.2TYPO3 Allows Privilege Escalation to System Maintainer
>= 10.4.0, < 10.4.50
HIGH7.2TYPO3 Install Tool vulnerable to Code Execution
>= 8.0.0, < 8.7.57
HIGH7.1TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
>= 8.0.0, < 8.7.57
HIGH7.1Deserialization of untrusted data in Symfony
>= 9.0.0, < 9.5.8
MEDIUM6.8TYPO3 Directory Traversal on ZIP extraction
>= 10.0.0, < 10.2.2
MEDIUM6.5TYPO3 CMS uses insufficient entropy when generating passwords
>= 12.0.0, < 12.4.37
MEDIUM6.4Cross-Site Scripting in Backend Grid View
>= 8.0.0, < 8.7.41
MEDIUM6.4Cross-Site Scripting in Query Generator & Query View
>= 8.0.0, < 8.7.41
MEDIUM6.4Cross-Site Scripting in Page Preview
>= 9.0.0, < 9.5.28
MEDIUM6.1TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
>= 10.0.0, < 10.4.32
MEDIUM6.1Typo3 Cross-Site Scripting in Link Handling
>= 8.0.0, < 8.7.27
MEDIUM6.1Cross-Site Scripting via Rich-Text Content
>= 7.0.0, < 7.6.53
MEDIUM6.1Open Redirection in Login Handling
>= 6.2.0, < 6.2.57
MEDIUM6.1Cross-Site Scripting in Fluid view helpers
>= 9.0.0, < 9.5.23
MEDIUM6.1Ckeditor XSS Vulnerability
>= 8.0.0, < 8.7.21
MEDIUM6.1Bootstrap Cross-site Scripting vulnerability
>= 8.0.0, < 8.7.23
MEDIUM6.0Insufficient Session Expiration in TYPO3's Admin Tool
>= 9.0.0, < 9.5.35
MEDIUM5.9TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
from 0, < 8.7.49
MEDIUM5.9TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
>= 9.0.0, < 9.5.38
MEDIUM5.9TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
>= 11.4.0, < 11.5.16
MEDIUM5.9Denial of Service in Page Error Handling
>= 10.0.0, < 10.4.14
MEDIUM5.9Cleartext storage of session identifier
>= 6.2.0, < 6.2.57
MEDIUM5.7TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
>= 9.0.0, < 9.5.38
MEDIUM5.5Path Traversal in TYPO3 File Abstraction Layer Storages
>= 8.0.0, < 8.7.57
MEDIUM5.5TYPO3 SQL Injection in low-level Query Generator
>= 8.0, < 8.7.30
MEDIUM5.4TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
>= 9.0.0, < 9.5.51
MEDIUM5.4TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
>= 9.0.0, < 9.5.48
MEDIUM5.4TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
>= 9.0.0, < 9.5.48
MEDIUM5.4TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
>= 10.0.0, < 10.4.33
MEDIUM5.4TYPO3 CMS missing check for expiration time of password reset token for backend users
>= 10.4.0, < 10.4.32
MEDIUM5.4TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
>= 7.0.0, < 7.6.58
MEDIUM5.4TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
>= 10.3.0, < 10.4.32
MEDIUM5.4Cross-Site Scripting in TYPO3's Frontend Login Mailer
>= 9.0.0, < 9.5.35
MEDIUM5.4Cross-Site Scripting in TYPO3's Form Framework
>= 8.0.0, < 8.7.47
MEDIUM5.4Cross-Site Scripting in Content Preview (CType menu)
>= 10.0.0, < 10.4.14
MEDIUM5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
>= 10.0.0, < 10.4.14
MEDIUM5.4Cross-Site Scripting in Content Preview
>= 10.0.0, < 10.4.14
MEDIUM5.4Cross-Site Scripting in TYPO3 CMS Link Handling
>= 10.0.0, < 10.4.2
MEDIUM5.4Cross-Site Scripting in TYPO3 CMS Form Engine
>= 9.0.0, < 9.5.17
MEDIUM5.3TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
>= 9.0.0, < 9.5.48
MEDIUM5.3TYPO3 CMS vulnerable to User Enumeration via Response Timing
>= 7.0.0, < 7.6.58
MEDIUM5.3Insertion of Sensitive Information into Log File in typo3/cms-core
>= 7.0.0, < 7.6.57
MEDIUM5.3TYPO3 Open redirect vulnerability in the Access tracking mechanism
>= 4.5.0, < 4.5.24
MEDIUM5.3TYPO3 is vulnerable to Information Disclosure in the HTML mailing API
from 0, < 4.2.13
MEDIUM5.3Information Disclosure in User Authentication
>= 7.0.0, < 7.6.52
MEDIUM4.9TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
>= 8.0.0, < 8.7.57
MEDIUM4.8TYPO3 Potential Open Redirect via Parsing Differences
>= 9.0.0, < 9.5.49
MEDIUM4.8HTTP Host Header Injection
>= 11.0.0, < 11.5.0
MEDIUM4.7Cross-Site Scripting in ternary conditional operator
>= 8.0.0, < 8.7.25
MEDIUM4.3TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
>= 8.0.0, < 8.7.57
MEDIUM4.3TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
>= 8.0.0, < 8.7.57
MEDIUM4.3Information Disclosure via Export Module
>= 7.0.0, < 7.6.57
MEDIUM4.2TYPO3 vulnerable to Weak Authentication in Session Handling
>= 8.0.0, < 8.7.55
LOW3.8TYPO3 Unverified Password Change for Backend Users
>= 9.0.0, < 9.5.51
LOW3.7TYPO3 Allows Information Disclosure via DBAL Restriction Handling
>= 9.0.0, < 9.5.51
LOW3.7Information Disclosure due to Out-of-scope Site Resolution
>= 9.4.0, < 9.5.42
LOW3.7XML External Entity in Dashboard Widget
>= 10.0.0, < 10.4.10
LOW3.7Information Disclosure in Password Reset
>= 10.0.0, < 10.4.2
LOW3.5TYPO3 vulnerable to an HTML Injection in the History Module
>= 13.0.0, < 13.1.1
—TYPO3 CMS has Broken Access Control in its Form Framework
from 0, < 10.4.57
—TYPO3 CMS has Broken Access Control in the Recycler Module
from 0, < 10.4.57
—TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities
from 0, < 10.4.57
—TYPO3 CMS: Destructive Actions on File Mount Folders
from 0, < 10.4.57
—TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework
>= 14.0.0, < 14.3.3
—TYPO3 CMS has Broken Access Control in its DataHandler
>= 13.0.0, < 13.4.31
—TYPO3 CMS has Broken Access Control in its Form Framework
from 0, < 10.4.57
—TYPO3 CMS has Broken Access Control in its Media Module
>= 11.0.0, < 11.5.51
—TYPO3 CMS has Insecure Deserialization via Core API
from 0, < 10.4.57
—TYPO3 CMS has Broken Access Control in its File Abstraction Layer
from 0, < 10.4.57
—TYPO3 CMS has Broken Access Control in Backend API
from 0, < 10.4.57
—TYPO3 CMS: Broken Access Control in Media Module
from 0, < 10.4.57
—TYPO3 CMS has Cross-Site Scripting in Indexed Search
>= 13.0.0, < 13.4.31
—TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
>= 14.0.0, < 14.0.2
—TYPO3 CMS exposes sensitive information in an error message
>= 9.0.0, < 12.4.37
—TYPO3 CMS has an open‑redirect vulnerability
>= 9.0.0, < 12.4.37
—TYPO3 Improper Access Control vulnerability
>= 4.5.0, < 4.5.31
—TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
>= 4.5.0, < 4.5.31
—TYPO3 Improper Access Management in the File Abstraction Layer
>= 6.0, < 6.0.9
—TYPO3 Sensitive Information Disclosure via escapeStrForLike method
>= 4.2.0, < 4.2.16
—TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
>= 4.5.0, < 4.5.31
—TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
>= 6.0, < 6.0.12
—TYPO3 API function vulnerable to Cross-site Scripting
from 0, <= 4.0.13
—TYPO3 Unrestricted File Upload vulnerability
>= 4.0.0, < 4.0.9