Security Advisories

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2021-016: Denial of Service in extension "Code Highlight" (codehighlight)

Torben Hansen

10 November 2021

It has been discovered that the extension "Code Highlight" (codehighlight) is susceptible to Denial of Service.

TYPO3-EXT-SA-2021-015: Cross-Site Scripting in extension "Google for Jobs" (google_for_jobs)

Torben Hansen

10 November 2021

It has been discovered that the extension"Google for Jobs" (google_for_jobs) is susceptible to Cross-Site Scripting.

Developer & Technology
TYPO3 CMS

TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling

Oliver Hader

05 October 2021

It has been discovered that TYPO3 CMS is vulnerable to HTTP header injection.

Developer & Technology
TYPO3 CMS

TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling

Oliver Hader

05 October 2021

It has been discovered that TYPO3 CMS is vulnerable to cross-site-request-forgery.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2021-014: SQL Injection in extension "Newsletter" (newsletter)

Torben Hansen

10 August 2021

It has been discovered that the extension"Newsletter" (newsletter) is susceptible to SQL Injection.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2021-013: Multiple vulnerabilities in Extension "Dated News" (dated_news)

Torben Hansen

10 August 2021

It has been discovered that the extension"Dated News" (dated_news) is susceptible to SQL Injection, Cross-Site Scripting, Information Disclosure and Broken Access Control.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2021-012: Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)

Torben Hansen

10 August 2021

It has been discovered that the extension "Yoast SEO for TYPO3" (yoast_seo) is susceptible to Cross Site Scripting.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2021-011: Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)

Torben Hansen

10 August 2021

It has been discovered that the extension "Miniorange Saml" (miniorange_saml) is susceptible to Cross-Site Scripting, Sensitive Data Exposure and vulnerable 3rd Party Components.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2021-010: Cross-Site Scripting in Extension "femanager" (femanager)

Torben Hansen

10 August 2021

It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site Scripting.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2021-009: Denial of Service in Extension "Deferred image processing" (deferred_image_processing)

Torben Hansen

10 August 2021

It has been discovered that the extension "Deferred image processing" (deferred_image_processing) is susceptible to Denial of Service.

All Advisories