Loading...
Loading...
Packagist116 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
vulnerable: v12.0.0, v12.1.0
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particu…
vulnerable: v12.0.0, v12.1.0
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configura…
vulnerable: v12.0.0, v12.1.0
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expression…
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table.…
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception h…
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user acc…
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were …
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was …
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious…
vulnerable: v11.4.0 ... v11.5.9 (17 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be…
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing a…
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password …
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are …
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. …
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been …
vulnerable: v12.0.0, v12.1.0, v12.1.1, v12.1.2, v12.1.3
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_…
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for typo3/cms CVEs against the assets you own.
Start Free Scan →