Search CVE reports
1 – 10 of 126 results
CVE-2023-38500
Medium priorityTYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Not in release |
CVE-2023-24814
Medium priorityTYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Not in release |
CVE-2022-23504
Medium priorityTYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Ignored |
CVE-2022-23503
Medium priorityTYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Ignored |
CVE-2022-23502
Medium priorityTYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Ignored |
CVE-2022-23501
Medium priorityTYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users,...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Ignored |
CVE-2022-23500
Medium priorityTYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Ignored |
CVE-2021-41114
Medium priorityTYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Ignored |
CVE-2021-41113
Medium priorityTYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Ignored |
CVE-2021-32768
Medium priorityTYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the...
1 affected packages
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | Not in release | Not in release | Not in release | Ignored |