EUVD-2021-0587

Malware in sbrugna...

Cross site scripting

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid...

Sql injection

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited...

PT-2021-14432 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 6.2.57 TYPO3 versions prior to 7.6.51 TYPO3 versions prior to 8.7.40 TYPO3 versions prior to 9.5.25 TYPO3 versions prior to 10.4.14 TYPO3 versions prior to 11.1.1 Description: The Login Handling in TYPO3 is susceptible...

PT-2021-14433 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 6.2.57 TYPO3 versions prior to 7.6.51 TYPO3 versions prior to 8.7.40 TYPO3 versions prior to 9.5.25 TYPO3 versions prior to 10.4.14 TYPO3 versions prior to 11.1.1 Description: The issue concerns user session identifier...