Lucene search
K

38 matches found

Tenable Nessus
Tenable Nessus
added 2024/10/08 12:0 a.m.10 views

TYPO3 10.0.0 < 10.4.46 ELTS / 11.0.0 < 11.5.40 / 12.0.0 < 12.4.21 / 13.0.0 < 13.3.1 (TYPO3-CORE-SA-2024-012)

The version of TYPO3 installed on the remote host is prior to 10.0.0 10.4.46 ELTS / 11.0.0 11.5.40 / 12.0.0 12.4.21 / 13.0.0 13.3.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-012 advisory. - Backend users could see items in the backend page tree without...

4.3CVSS5.6AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2024/06/05 5:22 p.m.6 views

GHSA-F5RR-9R84-WWQF Typo3 Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...

8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/30 6:25 p.m.14 views

TYPO3 Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...

8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 8:13 p.m.32 views

TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

Problem The ShowImageController eID txcmsshowpic lacks a cryptographic HMAC-signature on the frame HTTP query parameter e.g. /index.php?eID=txcmsshowpic?file=3&...&frame=12345. This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side...

5.3CVSS5.4AI score0.0047EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/13 8:32 p.m.39 views

TYPO3 Install Tool vulnerable to Code Execution

Problem Several settings in the Install Tool for configuring the path to system binaries were vulnerable to code execution. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. The corresponding change for this advisory involves...

7.2CVSS7.2AI score0.02017EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/02/13 5:23 p.m.21 views

GHSA-H47M-3F78-QP9G TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

Problem The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this...

4.9CVSS5.2AI score0.00363EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/02/13 5:23 p.m.25 views

TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

Problem The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this...

4.9CVSS7.1AI score0.00363EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/13 12:0 a.m.18 views

TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-001)

The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.57 ELTS / 9.0.0 9.5.46 ELTS / 10.0.0 10.4.43 ELTS / 11.0.0 11.5.35 / 12.0.0 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-001 advisory. - In TYPO3 11.5.24, the filelis...

4.9CVSS5.6AI score0.01161EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.41 views

TYPO3 8.7.0 < 8.7.51 ELTS / 9.0.0 < 9.5.40 ELTS / 10.0.0 < 10.4.36 / 11.0.0 < 11.5.23 / 12.0.0 < 12.2.0 XSS (TYPO3-CORE-SA-2023-001)

The version of TYPO3 installed on the remote host is prior to 8.7.0 8.7.51 ELTS / 9.0.0 9.5.40 ELTS / 10.0.0 10.4.36 / 11.0.0 11.5.23 / 12.0.0 12.2.0. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-001 advisory. - TYPO3 core component...

8.8CVSS7AI score0.00831EPSS
Exploits1References2
OSV
OSV
added 2022/12/13 5:13 p.m.25 views

GHSA-8W3P-QH3X-6GJR TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C 5.3 Problem Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messag...

5.7CVSS5.5AI score0.00514EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/12/13 5:11 p.m.37 views

TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework

Problem Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it was possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular...

8.8CVSS3.1AI score0.00785EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2022/09/16 5:16 p.m.47 views

GHSA-FFFR-7X4X-F98Q TYPO3 CMS vulnerable to Denial of Service in Page Error Handling

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 5.5 Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the...

5.9CVSS6.4AI score0.01312EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/09/15 3:26 a.m.12 views

TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 Problem Due to a parsing issue in upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanis...

0.4AI score
Exploits0References3Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/09/13 8:7 a.m.28 views

TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-006...

7.5CVSS7.2AI score0.01312EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/09/13 8:7 a.m.42 views

TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-011...

6.1CVSS7.2AI score0.00633EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/06/15 12:0 a.m.13 views

TYPO3 Information Disclosure Vulnerability (TYPO3-CORE-SA-2022-001)

TYPO3 is prone to an information disclosure vulnerability via the Export Module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS4.4AI score0.00585EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2022/06/14 7:11 a.m.29 views

TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...

4.3CVSS7.2AI score0.00585EPSS
Exploits0Affected Software1
Prion
Prion
added 2021/10/05 6:15 p.m.24 views

Cross site request forgery (csrf)

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

6.8CVSS8.5AI score0.00699EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/10/05 5:20 p.m.82 views

CVE-2021-41113

CVE-2021-41113 — TYPO3 Backend CSRF : TYPO3’s v11 feature for creating/sharing deep links in the backend UI is vulnerable to cross-site request forgery. An unauthenticated attacker could exploit a logged-in victim’s session to perform actions, potentially creating an admin user account and taking...

8.8CVSS8.1AI score0.00619EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/10/05 5:15 p.m.76 views

CVE-2021-41114

TYPO3 CMS is vulnerable to host header spoofing due to improper validation of the HTTP Host header. The regression in TYPO3 v11 reintroduced the issue after a previously mitigated design (trustedHostsPattern) was not evaluated. The CVE-2021-41114 entry describes host spoofing during frontend rend...

5.3CVSS4.9AI score0.0116EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder