Security Advisories
All Advisories
TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5
It has been discovered that TYPO3 CMS 4.5.x is vulnerable to Authentication Bypass.
Read moreTYPO3-PSA-2015-001: Important Security-Bulletin Pre-Announcement
A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.
TYPO3-EXT-SA-2015-005: Cross-Site Scripting in extension Gridelements (gridelements)
It has been discovered that the extension "gridelements" (gridelements) is susceptible to Cross-Site Scripting
TYPO3-EXT-SA-2015-004: Information Disclosure in Direct Mail Subscription (direct_mail_subscription)
It has been discovered that the extension "Direct Mail Subscription" (direct_mail_subscription) is susceptible to Information Disclosure.
TYPO3-EXT-SA-2015-003: Multiple vulnerabilities in Content Rating Extbase (content_rating_extbase)
It has been discovered that the extension "Content Rating Extbase" (content_rating_extbase) is susceptible to Cross-Site Scripting and SQL Injection.
TYPO3-EXT-SA-2015-002: Multiple vulnerabilities in Content Rating (content_rating)
It has been discovered that the extension "Content Rating" (content_rating) is susceptible to Cross-Site Scripting and SQL Injection.
TYPO3-EXT-SA-2015-001: Improper Authentication in LDAP / SSO Authentication (ig_ldap_sso_auth)
It has been discovered that the extension "LDAP / SSO Authentication" (ig_ldap_sso_auth) is susceptible to Improper Authentication.
TYPO3-EXT-SA-2014-021: Cross-Site Scripting vulnerability in wfGallery (wf_gallery)
It has been discovered that the extension "wfGallery" (wf_gallery) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2014-020: Multiple vulnerabilities in BibTex Publications (si_bibtex)
It has been discovered that the extension "BibTex Publications" (si_bibtex) is susceptible to Cross-Site Scripting and SQL Injection.
TYPO3-EXT-SA-2014-019: Multiple vulnerabilities in Drag Drop Mass Upload (ameos_dragndropupload)
It has been discovered that the extension "Drag Drop Mass Upload" (ameos_dragndropupload) is susceptible to Cross-Site Scripting, Cross-Site Request Forgery and Improper Access Control.