Security Advisories
All Advisories
TYPO3-CORE-SA-2019-017: Broken Access Control in Import Module
It has been discovered, that TYPO3 CMS is susceptible to broken access control.
Mehr erfahrenTYPO3-CORE-SA-2019-016: Possible deserialization side-effects in symfony/cache
It has been discovered that a third party dependency used by TYPO3 CMS is susceptible of being used during insecure deserialization.
TYPO3-CORE-SA-2019-015: Cross-Site Scripting in Link Handling
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2019-014: Information Disclosure in Backend User Interface
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-PSA-2019-008: By-passing protection of Phar Stream Wrapper Interceptor
It has been discovered that the protection against insecure deserialization can be by-passed in Phar Stream Wrapper component.
TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor
It has been discovered that the protection against insecure deserialization can be by-passed in Phar Stream Wrapper component.
TYPO3-EXT-SA-2019-013: SQL Injection in extension "comsolit Suggest" (comsolit_suggest)
It has been discovered that the extension "comsolit Suggest" (comsolit_suggest) is susceptible to SQL Injection.
TYPO3-EXT-SA-2019-012: Arbitrary file Upload in extension "Yet Another Gallery" (yag)
It has been discovered that the extension "Yet Another Gallery" (yag) is susceptible to Arbitrary File Upload.
TYPO3-EXT-SA-2019-011: SQL Injection in extension "Event Calender" (pits_wd_calender)
It has been discovered that the extension "Event Calender" (pits_wd_calender) is susceptible to SQL Injection.
TYPO3-EXT-SA-2019-010: Cross Site Scripting in extension "Instagram" (ws_instagram)
It has been discovered that the extension "Instagram" (ws_instagram) is susceptible to Cross Site Scripting.