TYPO3 News & Events Hub
What’s new & what’s comin’
TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Read moreTYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)
It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.
TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)
It has been discovered that the extension "gForum" (g_forum) is susceptible to Broken Access Control.
TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)
It has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Denial of Service, Broken Access Control, Open Redirect and Information Disclosure.
TYPO3 10.4.2 and 9.5.17 security releases published
The versions 10.4.2 and 9.5.17 of the TYPO3 Enterprise Content Management System have just been released.
TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to SQL Injection.
CMS-Learning Curriculum for Educators and Students
SkillDisplay announces ready-to-use curriculum to help students learn about content management.
April 2020: Developer Appreciation Day (DAD)
Now that May is in the starting blocks, let’s recap on the achievements of the last month. As we look back, we find a great deal of contributions to the TYPO3 Project. Learn more details in our Developer Appreciation Day post!