Tag: Security
Maintaining the “health” of your website is crucial and knowing that it is running securely is the most important question of all. Business websites need to be monitored, extended and updated on a regular basis. If you’re still running your website on an outdated TYPO3 version, gain peace of mind by opting for TYPO3 GmbH’s ELTS offer.
TYPO3-EXT-SA-2022-012: Cross-Site Scripting in extension "Embedding schema.org vocabulary" (schema)
It has been discovered that the extension "Embedding schema.org vocabulary" (schema) is susceptible to Cross-Site Scripting.
Read moreTYPO3-EXT-SA-2022-011: Cross-Site Scripting in extension "Matomo Integration" (matomo_integration)
It has been discovered that the extension "Matomo Integration" (matomo_integration) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2022-010: Cross-Site Scripting in extension "libconnect" (libconnect)
It has been discovered that the extension "libconnect" (libconnect) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2022-009: Cross-Site Scripting in extension "Grid Elements" (gridelements)
It has been discovered that the extension "Grid Elements" (gridelements) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2022-008: Multiple vulnerabilities in extension "Adminer" (t3adminer)
It has been discovered that the extension "Adminer" (t3adminer) is susceptible to Server-side request forgery and Cross-Site Scripting.
TYPO3-EXT-SA-2022-007: SQL Injection in extension "One is Enough Library" (oelib)
It has been discovered that the extension "One is Enough Library" (oelib) is susceptible to SQL Injection.
TYPO3-EXT-SA-2022-006: SQL Injection in extension "Seminar Manager" (seminars)
It has been discovered that the extension "Seminar Manager" (seminars) is susceptible to SQL Injection.
TYPO3-EXT-SA-2022-005: Remote Code Execution in extension "Job portal" (psvneo_jobfair)
It has been discovered that the extension "Job portal" (psvneo_jobfair) is susceptible to Remote Code Execution.
TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer
Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)
It has been discovered that the extension "Hardcoded text to Locallang" (mqk_locallangtools) is susceptible to File Content Injection.