96 matches found
CVE-2021-28380
The aimeos aka Aimeos shop and e-commerce framework extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account...
CVE-2024-34355
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML...
CVE-2022-31048
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit...
EUVD-2021-1272
Malware in sbrugna...
EUVD-2020-0407
Malware in sbrugna...
EUVD-2021-0653
Malware in sbrugna...
EUVD-2021-1425
Malware in sbrugna...
EUVD-2021-0723
Malware in sbrugna...
EUVD-2024-1865
Malicious code in bioql PyPI...
EUVD-2024-1655
Malicious code in bioql PyPI...
CVE-2022-23504
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers coul...
CVE-2021-21340
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to explo...
CVE-2021-21357
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework...
CVE-2021-21358
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed...
CVE-2021-31778
The media2click aka 2 Clicks for External Media extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account...
CVE-2021-31779
The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...
CVE-2021-43561
An XSS issue was discovered in the googleforjobs aka Google for Jobs extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...
CVE-2020-11064
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is need...
CVE-2024-34537
TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...
Insecure Deserialization
TYPO3 is vulnerable to Insecure Deserialization. The vulnerability is due to failing to properly validate incoming data in the suggest wizard, which allows an attacker to exploit insecure unserialize operations. A valid backend user account is required to exploit this vulnerability...