Tag: Security
Maintaining the “health” of your website is crucial and knowing that it is running securely is the most important question of all. Business websites need to be monitored, extended and updated on a regular basis. If you’re still running your website on an outdated TYPO3 version, gain peace of mind by opting for TYPO3 GmbH’s ELTS offer.
TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)
It has been discovered that the extension "Varnishcache" (varnishcache) is susceptible to Insecure direct object reference.
Read moreTYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)
It has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)
It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.
TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)
Components of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services used in web application scenarios may be affected.
TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters
It has been discovered that TYPO3 CMS is susceptible to cache poisoning.
TYPO3-EXT-SA-2021-018: Sensitive Data Exposure in extension "Job Fair" (jobfair)
It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.
TYPO3-EXT-SA-2021-017: Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)
It has been discovered that the extension"pixx.io integration for TYPO3 (DAM)" (pixxio) is susceptible to Server-side request forgery, Remote Code Execution, Broken Access Control and vulnerable 3rd Party Components.
TYPO3-EXT-SA-2021-016: Denial of Service in extension "Code Highlight" (codehighlight)
It has been discovered that the extension "Code Highlight" (codehighlight) is susceptible to Denial of Service.
TYPO3-EXT-SA-2021-015: Cross-Site Scripting in extension "Google for Jobs" (google_for_jobs)
It has been discovered that the extension"Google for Jobs" (google_for_jobs) is susceptible to Cross-Site Scripting.
Don’t Use Unsupported Software
Operating supported software protects your infrastructure but more importantly, it is part of your responsibility to protect the data of your customers.