Security Advisories

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-012: Cross-Site Scripting in extension "Google reCAPTCHA (v2/v3)" (jh_captcha)

• Torben Hansen

07 July 2020

It has been discovered that the extension "Google reCAPTCHA (v2/v3)" (jh_captcha) is susceptible to Cross-Site Scripting.

Read more

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-011: Remote Code Execution in extension "Turn!" (turn)

• Torben Hansen

07 July 2020

It has been discovered that the extension "Turn!" (turn) is susceptible to Remote Code Execution.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-010: Broken Access Control in extension "typo3_forum" (typo3_forum)

• Torben Hansen

07 July 2020

It has been discovered that the extension "typo3_forum" (typo3_forum) is susceptible to Broken Access Control.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-009: Cross-Site Scripting in extension "Faceted Search" (ke_search)

• Torben Hansen

07 July 2020

It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to Cross-Site Scripting.

• Developer & Technology
• TYPO3 CMS

TYPO3-CORE-SA-2020-006: Same-Origin Request Forgery to Backend User Interface

• Oliver Hader

12 May 2020

It has been discovered that TYPO3 CMS is vulnerable to same-origin request forgery.

• Developer & Technology
• TYPO3 CMS

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

• Oliver Hader

12 May 2020

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)

• Oliver Hader

12 May 2020

It has been discovered that the extension "SVG Sanitizer" (svg_sanitizer) is vulnerable to Cross-Site Scripting.

• Developer & Technology
• TYPO3 CMS

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

• Oliver Hader

12 May 2020

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.

• Developer & Technology
• TYPO3 CMS

TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

• Oliver Hader

12 May 2020

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)

• Torben Hansen

12 May 2020

It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.