Security Advisories
All Advisories
TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.
Read moreTYPO3-EXT-SA-2025-005: Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)
It has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2025-004: Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)
It has been discovered that the extension "Download manager" (reint_downloadmanager) is susceptible to Insecure Direct Object Reference.
TYPO3-CORE-SA-2025-016: Privilege Escalation to System Maintainer
It has been discovered that TYPO3 CMS is susceptible to broken authentication.
TYPO3-CORE-SA-2025-015: Broken Authentication in Backend MFA
It has been discovered that TYPO3 CMS is susceptible to broken authentication.
TYPO3-CORE-SA-2025-014: Unrestricted File Upload in File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
TYPO3-CORE-SA-2025-013: Unverified Password Change for Backend Users
It has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
TYPO3-CORE-SA-2025-012: Server-Side Request Forgery via Webhooks
It has been discovered that TYPO3 CMS is susceptible to server side request forgery..
TYPO3-CORE-SA-2025-011: Information Disclosure via DBAL Restriction Handling
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-EXT-SA-2025-003: Multiple vulnerabilities in extension “[clickstorm] SEO” (cs_seo)
It has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting and Insecure Direct Object Reference.