Security Advisories
All Advisories
TYPO3-EXT-SA-2019-021: Cross Site Scripting in extension "File List" (file_list)
It has been discovered that the extension "File List" (file_list) is susceptible to Cross Site Scripting.
Mehr erfahrenTYPO3-EXT-SA-2019-020: CSRF in extension "Change password for frontend users" (fe_change_pwd)
It has been discovered that the extension "Change password for frontend users" (fe_change_pwd) is susceptible to Cross-Site-Request-Forgery (CSRF).
TYPO3-EXT-SA-2019-019: Multiple vulnerabilities in extension "MKSamlAuth" (mksamlauth)
It has been discovered that the extension "MKSamlAuth" (mksamlauth) is susceptible to Broken Authentication and Authentication Bypass.
TYPO3-CORE-SA-2019-026: Insecure Deserialization in Query Generator & Query View
It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
TYPO3-CORE-SA-2019-025: SQL Injection in low-level Query Generator
It has been discovered that TYPO3 CMS is vulnerable to SQL injection.
TYPO3-CORE-SA-2019-024: Directory Traversal on ZIP extraction
It has been discovered that TYPO3 CMS is vulnerable to directory traversal.
TYPO3-CORE-SA-2019-023: Cross-Site Scripting in Filelist Module
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2019-022: Cross-Site Scripting in Link Handling
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting in Link Handling.
TYPO3-CORE-SA-2019-021: Cross-Site Scripting in Form Framework validation handling
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-PSA-2019-011: Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that TYPO3 CMS can be vulnerable to insecure deserialization.