CVE-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...

PT-2024-40443 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: A issue has been found that allows editors with access to the file list module to list all file names and folder names in the root directory of a TYPO3 installation. However, modification of...

PT-2024-25813 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.47 ELTS TYPO3 versions 10.0.0 through 10.4.44 ELTS TYPO3 versions 11.0.0 through 11.5.36 LTS TYPO3 versions 12.0.0 through 12.4.14 LTS TYPO3 versions 13.0.0 through 13.0.0 Description: The form manager backend...

PT-2024-20762 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: In affected...

PT-2020-12525 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.16 TYPO3 CMS versions 10.0.0 through 10.4.1 Description: A cross-site scripting issue has been discovered in the HTML placeholder attributes, which contain data from other database records. This issue can ...