TYPO3 Session Expiration Vulnerability (TYPO3-CORE-SA-2022-005)

TYPO3 is prone to an insufficient session expiration vulnerability in the admin tool. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-004)

TYPO3 is prone to a cross-site scripting XSS vulnerability in the Frontend Login Mailer. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Design/Logic Flaw

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

CVE-2022-31048 Cross-Site Scripting in Form Framework

TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit...

TYPO3 代码问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A code issue vulnerability exists in TYPO3 that stems from the fact that administrative tool sessions initiated through the TYPO3 back-end user interface are not revoked, and affects the...

TYPO3 日志信息泄露漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A log message disclosure vulnerability exists in TYPO3, which arises from the fact that internal system credentials or keys can be logged in plaintext in an exception handler, and affects...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 that arises from the use of user-submitted content that is not properly encoded in the HTML email sent to the user, and affects the...

PT-2022-20487 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.34 ELTS TYPO3 versions prior to 10.4.29 TYPO3 versions prior to 11.5.11 Description: The issue concerns user-submitted content not being properly encoded in HTML emails sent to users. The affected components are ma...

PT-2022-20485 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.57 ELTS TYPO3 versions prior to 8.7.47 ELTS TYPO3 versions prior to 9.5.34 ELTS TYPO3 versions prior to 10.4.29 TYPO3 versions prior to 11.5.11 Description: System internal credentials or keys, such as database...