Security Advisories
All Advisories
TYPO3-EXT-SA-2018-008: Cross-Site Scripting in extension "Frontend Treeview" (mh_treeview)
It has been discovered that the extension "Frontend Treeview" (mh_treeview) is susceptible to Cross-Site Scripting.
Read moreTYPO3-EXT-SA-2018-007: Environment Variable Injection in extension "Amazon Web Services SDK " (aws_sdk)
It has been discovered that the extension "Amazon Web Services SDK " (aws_sdk) is susceptible to Environment Variable Injection.
TYPO3-EXT-SA-2018-006: Captcha bypass in extension "Front End User Registration" (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Captcha bypass.
TYPO3-EXT-SA-2018-005: Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)
It has been discovered that the extension "AWS SDK for PHP" (aws_sdk_php) is susceptible to Environment Variable Injection.
TYPO3-EXT-SA-2018-004: Cross-site scripting vulnerability in extension "Powermail" (powermail)
It has been discovered that the extension "Powermail" (powermail) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2018-003: Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)
It has been discovered that the extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3) is susceptible to Environment Variable Injection.
TYPO3-EXT-SA-2018-002: Missing Access Check in extension "Register to tt_address" (registeraddress)
It has been discovered that the extension "Register to tt_address" (registeraddress) has a missing access check.
TYPO3-EXT-SA-2018-001: Cross-Site Scripting in extension "Heise Shariff" (rx_shariff)
It has been discovered that the extension "Heise Shariff" (rx_shariff) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2018-004: Insecure Deserialization in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Insecure Deserialization.
TYPO3-CORE-SA-2018-003: Privilege Escalation & SQL Injection in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Privilege Escalation and SQL Injection.