TYPO3 News & Events Hub
What’s New & What’s Coming
Multiple vulnerabilities in Extension "Dated News" (dated_news)
It has been discovered that the extension"Dated News" (dated_news) is susceptible to SQL Injection, Cross-Site Scripting, Information Disclosure and Broken Access Control.
Read moreCross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)
It has been discovered that the extension "Yoast SEO for TYPO3" (yoast_seo) is susceptible to Cross Site Scripting.
Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)
It has been discovered that the extension "Miniorange Saml" (miniorange_saml) is susceptible to Cross-Site Scripting, Sensitive Data Exposure and vulnerable 3rd Party Components.
Cross-Site Scripting in Extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site Scripting.
Denial of Service in Extension "Deferred image processing" (deferred_image_processing)
It has been discovered that the extension "Deferred image processing" (deferred_image_processing) is susceptible to Denial of Service.
Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)
It has been discovered that the extension “Extbase Yaml Routes” (routes) is susceptible to Sensitive Information Disclosure.
Cross-Site Scripting via Rich-Text Content
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3 11.3.2, 10.4.19, 9.5.29, 8.7.42, 7.6.53 security releases published
The versions 11.3.2, 10.4.19, 9.5.29, 8.7.42, 7.6.53 of the TYPO3 Enterprise Content Management System have just been released.
The TYPO3 Demo Project Meets Hebrew
Have you ever wanted to see a TYPO3 website with a right-to-left language? Well now you can! We are happy to announce that the TYPO3 demo project is now available in Hebrew.
July 2021: Developer Appreciation Day (DAD)
Each month, we take the opportunity to celebrate contributors in our Developer Appreciation Day post. Please take a moment to share gratitude for their continued passion, commitment, and time they give to making TYPO3 CMS awesome.
Documentation Restructuring—Status Update
We are pleased to announce that the first stage of the documentation restructuring process has been completed. The documentation homepage and the global menu changes were published last week and contain a new layout for the homepage and a...
TYPO3 7.6.52 and 8.7.41 ELTS Released
Still sticking to an older version of TYPO3? Today, 7.6.52 and 8.7.41 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
TYPO3 11.3.1, 10.4.18, 9.5.28, 8.7.41, 7.6.52 security releases published
The versions 11.3.1, 10.4.18, 9.5.28, 8.7.41, 7.6.52 of the TYPO3 Enterprise Content Management System have just been released.
CSV Code Injection
It has been discovered that the TYPO3 extensions offering a CSV export might create CSV files that can contain formulas executed in external applications.
Sensitive links in search results of TYPO3 extension indexed_search
It has been discovered that the TYPO3 extension “Indexed Search” may index sensitive links under certain conditions.
Information Disclosure in User Authentication
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Cross-Site Scripting in Backend Grid View
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Cross-Site Scripting in Query Generator & Query View
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Cross-Site Scripting in Page Preview
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Reinventing Enterprise Certifications
Certifying your skills is a great thing, and we are implementing a different approach to make it easier than ever to be acknowledged for newly acquired skills.