TYPO3 News & Events Hub
What’s New & What’s Coming
TYPO3 9.5.4 and 8.7.23 security releases published
The TYPO3 Community announces the versions 9.5.4 LTS and 8.7.23 LTS of the TYPO3 Enterprise Content Management System.
Read moreArbitrary Code Execution via File List Module
It has been discovered, that TYPO3 CMS is vulnerable to arbitrary code execution.
Cross-Site Scripting in Form Framework
It has been discovered, that TYPO3 CMS is vulnerable to cross-site scripting.
Cross-Site Scripting in Bootstrap CSS toolkit
It has been discovered, that TYPO3 CMS is vulnerable to cross-site scripting.
Cross-Site Scripting in Fluid ViewHelpers
It has been discovered, that TYPO3 CMS is vulnerable to cross-site scripting.
Cross-Site Scripting in Language Pack Handling
It has been discovered, that TYPO3 CMS is vulnerable to cross-site scripting.
Object Injection in extension "mkmailer" (mkmailer)
It has been discovered that the extension "mkmailer" (mkmailer) is susceptible to Object Injection.
Broken Access Control in Localization Handling
It has been discovered, that TYPO3 CMS is susceptible to broken access control.
Multiple vulnerabilities in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Validation Bypass and Information Disclosure
Security Misconfiguration for Backend User Accounts
It has been discovered, that TYPO3 CMS is susceptible to security misconfiguration.
Multiple vulnerabilities in extension "typo3_forum" (typo3_forum)
It has been discovered that the extension "typo3_forum" (typo3_forum) is susceptible to Broken Access Control and Improper Filesystem Permissions.
Information Disclosure of Installed Extensions
It has been discovered, that TYPO3 CMS is susceptible to information disclosure.
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting, CSRF, File Inclusion and Remote Code Execution.
Possible Arbitrary Code Execution in CommandUtility API
It has been discovered that TYPO3 CMS can be vulnerable to arbitrary code execution.
Username and Email Address Enumeration
It has been discovered, that usernames and email addresses may be enumerated with brute-force techniques, when using validators in order to ensure a unique username or email address.
Cross-Site Scripting in Flash component (ELTS)
It has been discovered, that TYPO3 CMS is vulnerable to cross-site scripting.
Mark Your Calendar! TYPO3 Events in Q1 2019 and Beyond
TYPO3 events are an invaluable opportunity to make new business connections, meet like-minded people, gain knowledge, and contribute to the TYPO3 Project. Whether it’s the the annual TYPO3 Conference, TYPO3 East Europe or TYPO3camps - Find out what’s...
Developing the TYPO3 Website Builder ‘toujou’
Developing a website builder that provides perfectly fine TYPO3 websites. Read about DFAU’s motivation to boost website quality. Serving companies. Kick-starting websites. Supporting the community. The mission is in its name. This is ‘toujou’.
December 2018: Developer Appreciation Day (DAD)
Happy New Year, everyone! On this first Developer Appreciation Day (DAD) of 2019, we’d like to acknowledge all the hard working developers who continuously contribute to the TYPO3 project: Thank you ever so much, folks! Find December’s most important...
This Month in TYPO3 - December 2018 - Issue #9
Again, the TYPO3 project can look back on a very successful year. Here is the last issue of This Month in TYPO3 for this year. Thank you very much for the constantly flowing input!