Article - TYPO3 News

TYPO3 Extensions

TYPO3-EXT-SA-2016-016: Multiple vulnerabilities in extension "http:BL Blocking" (mh_httpbl)

News team

31 May 2016

It has been discovered that the extension "http:BL Blocking" (mh_httpbl) is susceptible to SQL Injection and Cross-Site Scripting.

TYPO3-EXT-SA-2016-015: Non-Persistent Cross-Site Scripting in extension "Static Methods since 2007" (div2007)

Marcus Krause

31 May 2016

It has been discovered that the extension "Static Methods since 2007" (div2007) is susceptible to Cross-Site Scripting.

TYPO3 Extensions

TYPO3-EXT-SA-2016-014: Information Disclosure in extension "Questionnaire" (ke_questionnaire)

Marcus Krause

31 May 2016

It has been discovered that the extension "Questionnaire" (ke_questionnaire) is susceptible to Information Disclosure.

TYPO3 Extensions

TYPO3-EXT-SA-2016-013: SQL Injection in extension "Browser - TYPO3 without PHP" (browser)

Marcus Krause

31 May 2016

It has been discovered that the extension "Browser - TYPO3 without PHP" (browser) is susceptible to SQL Injection.

This Week in TYPO3 (2016, Week 20)

ben van 't ende

27 May 2016

In this episode special attention for this year’s T3Rookies initiative. There is a new Kid on the Block: Usergroup Greece, more bootup days, updated manuals and focus on accessibility.

TYPO3 Extensions

TYPO3-EXT-SA-2016-012: Path Traversal in extension "Media management" (media)

Marcus Krause

27 May 2016

It has been discovered that the extension "Media management" (media) is susceptible to Path Traversal.

TYPO3 Extensions

TYPO3-EXT-SA-2016-011: Cross-Site Scripting in extension "Formhandler" (formhandler)

Marcus Krause

27 May 2016

It has been discovered that the extension "Formhandler" (formhandler) is susceptible to Cross-Site Scripting.

Developer & Technology

TYPO3 CMS 6.2.25, 7.6.9 and 8.1.2 released

Oliver Hader

24 May 2016

The TYPO3 Community announces the versions 6.2.25 LTS, 7.6.9 LTS and 8.1.2 of the TYPO3 Enterprise Content Management System.

TYPO3 Extensions

TYPO3-EXT-SA-2016-010: Missing Access Check in extension "Frontend User Registration" (sf_register)

Marcus Krause

24 May 2016

It has been discovered that the extension "Frontend User Registration" (sf_register) lacks a proper access check.

Product Updates & Roadmap
TYPO3 CMS

TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS

Helmut Hummel

24 May 2016

It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions.

TYPO3 News & Events Hub

What’s new & what’s comin’

TYPO3-EXT-SA-2016-016: Multiple vulnerabilities in extension "http:BL Blocking" (mh_httpbl)

TYPO3-EXT-SA-2016-015: Non-Persistent Cross-Site Scripting in extension "Static Methods since 2007" (div2007)

TYPO3-EXT-SA-2016-014: Information Disclosure in extension "Questionnaire" (ke_questionnaire)

TYPO3-EXT-SA-2016-013: SQL Injection in extension "Browser - TYPO3 without PHP" (browser)

This Week in TYPO3 (2016, Week 20)

TYPO3-EXT-SA-2016-012: Path Traversal in extension "Media management" (media)

TYPO3-EXT-SA-2016-011: Cross-Site Scripting in extension "Formhandler" (formhandler)

TYPO3 CMS 6.2.25, 7.6.9 and 8.1.2 released

TYPO3-EXT-SA-2016-010: Missing Access Check in extension "Frontend User Registration" (sf_register)

TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS