TYPO3 News & Events Hub
What’s New & What’s Coming
Stay up to date with the latest TYPO3 news and announcements by subscribing to our RSS feed.
TYPO3-EXT-SA-2018-009: Information Disclosure in extension "TemplaVoilà! Plus" (templavoilaplus)
It has been discovered that the extension "TemplaVoilà! Plus" (templavoilaplus) is susceptible to Information Disclosure.
Mehr erfahrenTYPO3-EXT-SA-2018-008: Cross-Site Scripting in extension "Frontend Treeview" (mh_treeview)
It has been discovered that the extension "Frontend Treeview" (mh_treeview) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2018-007: Environment Variable Injection in extension "Amazon Web Services SDK " (aws_sdk)
It has been discovered that the extension "Amazon Web Services SDK " (aws_sdk) is susceptible to Environment Variable Injection.
TYPO3-EXT-SA-2018-006: Captcha bypass in extension "Front End User Registration" (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Captcha bypass.
TYPO3-EXT-SA-2018-005: Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)
It has been discovered that the extension "AWS SDK for PHP" (aws_sdk_php) is susceptible to Environment Variable Injection.
TYPO3-EXT-SA-2018-004: Cross-site scripting vulnerability in extension "Powermail" (powermail)
It has been discovered that the extension "Powermail" (powermail) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2018-003: Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)
It has been discovered that the extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3) is susceptible to Environment Variable Injection.
TYPO3-EXT-SA-2018-002: Missing Access Check in extension "Register to tt_address" (registeraddress)
It has been discovered that the extension "Register to tt_address" (registeraddress) has a missing access check.
TYPO3-EXT-SA-2018-001: Cross-Site Scripting in extension "Heise Shariff" (rx_shariff)
It has been discovered that the extension "Heise Shariff" (rx_shariff) is susceptible to Cross-Site Scripting.
July 2018: Developer Appreciation Day (DAD)
Welcome back to Developer Appreciation Day (DAD)! We’re very happy to present another analysis of contributions to TYPO3 CMS over the last month to you. No doubt about it, you developers rock - thanks a lot to all of you! Check our current list for names and some truly impressive numbers.