Security Advisories
All Advisories
TYPO3-EXT-SA-2021-003: Cross-Site Scripting in extension "Aimeos shop and e-commerce framework" (aimeos)
It has been discovered that the extension"Aimeos shop and e-commerce framework" (aimeos) is susceptible to Cross-Site Scripting.
Read moreTYPO3-EXT-SA-2021-002: Denial of Service in extension "Code Highlight" (codehighlight)
It has been discovered that the extension "Code Highlight" (codehighlight) is susceptible to Denial of Service.
TYPO3-EXT-SA-2021-001: SQL Injection in extension "VHS: Fluid ViewHelpers" (vhs)
It has been discovered that the extension "VHS: Fluid ViewHelpers" (vhs) is susceptible to SQL Injection.
TYPO3-PSA-2020-003: Mitigation of Cross-Site Scripting Vulnerabilities in File Upload Handling
Repeating and refining public service announcement TYPO3-PSA-2019-010.
TYPO3-PSA-2020-002: Protecting Install Tool with Sudo Mode
Accessing Install Tool via TYPO3 Backend requires password verification - known as Sudo Mode.
TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget
It has been discovered that TYPO3 CMS is susceptible to XML external entity processing.
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting..
TYPO3-CORE-SA-2020-009: Cross-Site Scripting through Fluid view helper arguments
It has been discovered that the Fluid Engine is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2020-020: Denial of Service in extension "Authenticator" (defbu_authenticator)
It has been discovered that the extension "Authenticator" (defbu_authenticator) is susceptible to Denial of Service.