Security Advisories
All Advisories
TYPO3-EXT-SA-2015-017: Cross-Site Scripting in extension "News system" (news)
It has been discovered that the extension "News system" (news) is susceptible to Cross-Site Scripting.
Read moreTYPO3-EXT-SA-2015-016: Information Disclosure in extension "LDAP" (eu_ldap)
It has been discovered that the extension "LDAP" (eu_ldap) is susceptible to Information Disclosure.
TYPO3-CORE-SA-2015-009: Non-Persistent Cross-Site Scripting
It has been discovered, that TYPO3 is susceptible to Non-Persistent Cross-Site Scripting
TYPO3-CORE-SA-2015-008: Unauthenticated Path Disclosure
It has been discovered, that TYPO3 is susceptible to unauthenticated path disclosure.
TYPO3-CORE-SA-2015-002: Access bypass when editing file metadata
It has been discovered, that editors could change, create or delete metadata of files without permission.
TYPO3-CORE-SA-2015-003: Frontend login Session Fixation
It has been discovered that TYPO3 is susceptible to session fixation.
TYPO3-CORE-SA-2015-004: Cross-Site Scripting in Link Handling & File List
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting.
TYPO3-CORE-SA-2015-005: Information Disclosure possibility exploitable by Editors
It has been discovered, that editors could list all files and folders in the root directory of a TYPO3 installation.
TYPO3-CORE-SA-2015-006: Brute Force Protection Bypass in backend login
It has been discovered, that the backend login brute force protection can be bypassed
TYPO3-CORE-SA-2015-007: Cross-Site Scripting in 3rd party library Flowplayer
It has been discovered, that third party component Flowplayer Flash is vulnerable to cross-site scripting.