Security Advisories
All Advisories
TYPO3-EXT-SA-2022-005: Remote Code Execution in extension "Job portal" (psvneo_jobfair)
It has been discovered that the extension "Job portal" (psvneo_jobfair) is susceptible to Remote Code Execution.
Mehr erfahrenTYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer
Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)
It has been discovered that the extension "Hardcoded text to Locallang" (mqk_locallangtools) is susceptible to File Content Injection.
TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)
It has been discovered that the extension "Varnishcache" (varnishcache) is susceptible to Insecure direct object reference.
TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)
It has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)
It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.
TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)
Components of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services used in web application scenarios may be affected.
TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters
It has been discovered that TYPO3 CMS is susceptible to cache poisoning.
TYPO3-EXT-SA-2021-018: Sensitive Data Exposure in extension "Job Fair" (jobfair)
It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.
TYPO3-EXT-SA-2021-017: Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)
It has been discovered that the extension"pixx.io integration for TYPO3 (DAM)" (pixxio) is susceptible to Server-side request forgery, Remote Code Execution, Broken Access Control and vulnerable 3rd Party Components.