CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...

CVE-2024-34537

TYPO3 vulnerability CVE-2024-34537 affects TYPO3 core before 13.3.1 through the Bookmark Toolbar in the backend. The issue stems from insufficient input validation that allows manipulated data saved in the backend bookmark toolbar to trigger a denial-of-service condition, exploitable by an admini...

GHSA-FFCV-V6PW-QHRP Denial of Service in TYPO3 Bookmark Toolbar

Problem Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account. Solution Update to...

CVE-2024-47780 Information Disclosure in TYPO3 Page Tree

TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected...

CVE-2024-47780

TYPO3 CVE-2024-47780 is an information-disclosure vulnerability in the TYPO3 backend page tree. The issue allows backend users to view items for pages they should not access when mounts point to restricted pages or when mounts are absent but pages allow access to “everybody.” The underlying root ...

GHSA-RF5M-H8Q9-9W6Q Information Disclosure in TYPO3 Page Tree

Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Solution Upda...

Information Disclosure in TYPO3 Page Tree

Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Solution Upda...

TYPO3 10.0.0 < 10.4.46 ELTS / 11.0.0 < 11.5.40 / 12.0.0 < 12.4.21 / 13.0.0 < 13.3.1 (TYPO3-CORE-SA-2024-012)

The version of TYPO3 installed on the remote host is prior to 10.0.0 10.4.46 ELTS / 11.0.0 11.5.40 / 12.0.0 12.4.21 / 13.0.0 13.3.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-012 advisory. - Backend users could see items in the backend page tree without...

AZL-48620 CVE-2024-43890 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in getfreeelt "tracingmap-nextelt" in getfreeelt is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracingmap even though the maximum number of elements maxelts has be...

Joomla! 安全漏洞

Joomla! is a free, open-source content management system open-sourced by Joomla! A security vulnerability exists in Joomla! versions 3.4.6 through 3.10.16-elts, 4.0.0 through 4.4.6, and 5.0.0 through 5.1.2, which stems from an insufficient URL validation, which results in an invalid check to see ...

TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController

Problem Failing to properly encode user-controlled values in file entities, the ShowImageController eID txcmsshowpic is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. Solution Update to TYPO3 versions 9.5.48...

CVE-2024-34356

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...

CVE-2024-34357

TYPO3 shows a cross-site scripting vulnerability in the ShowImageController (eID tx_cms_showpic ) caused by improper encoding of user-controlled values in file entities. The issue affects versions 9.0.0 up to but not including fixed releases: 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, a...

CVE-2024-34357 TYPO3 vulnerable to Cross-Site Scripting in ShowImageController

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the ShowImageController eID txcmsshowpic is vulnerable to cross-si...

CVE-2024-34356 TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...

TYPO3 9.0.0 < 9.5.48 ELTS / 10.0.0 < 10.4.45 ELTS / 11.0.0 < 11.5.37 / 12.0.0 < 12.4.15 / 13.0.0 < 13.1.1 (TYPO3-CORE-SA-2024-010)

The version of TYPO3 installed on the remote host is prior to 9.0.0 9.5.48 ELTS / 10.0.0 10.4.45 ELTS / 11.0.0 11.5.37 / 12.0.0 12.4.15 / 13.0.0 13.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-010 advisory. - TYPO3 is an enterprise content management...

BIT-TYPO3-2020-8091

svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname...

BIT-TYPO3-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

BIT-TYPO3-2022-23503

TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible t...

BIT-TYPO3-2022-23504

TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers coul...