90 matches found
Exploit for Improper Input Validation in Typo3
TYPO3 CVE-2020-15099 — Unauthenticated RCE PHP Object Injecti...
CVE-2025-23041
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...
EUVD-2025-0061
Malicious code in bioql PyPI...
EUVD-2025-0070
Malicious code in bioql PyPI...
CVE-2024-55922
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2021-21357
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework...
CVE-2024-55922
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55922
CVE-2024-55922 is a CSRF vulnerability in TYPO3’s backend UI deep-link functionality affecting the Form Framework Module. The issue allows an attacker to manipulate or delete persisted form definitions when a victim with an active backend session is deceived into visiting a malicious URL. Conditi...
CVE-2024-55922 Cross-Site Request Forgery in Form Framework Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55922 Cross-Site Request Forgery in Form Framework Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery
Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...
PT-2025-3150 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...
TYPO3 Cross-Site Scripting in Form Framework validation handling
It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting...
GHSA-V8M4-3W37-GHXX TYPO3 Cross-Site Scripting in Form Framework validation handling
It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting...
TYPO3 Cross-Site Scripting in Form Framework
Failing to properly encode user input, frontend forms handled by the form framework system extension “form” are vulnerable to cross-site scripting...
GHSA-4H5C-5G25-V7FH TYPO3 Cross-Site Scripting in Form Framework
Failing to properly encode user input, frontend forms handled by the form framework system extension “form” are vulnerable to cross-site scripting...
Typo3 Broken Access Control in Import Module
It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...
GHSA-F5RR-9R84-WWQF Typo3 Broken Access Control in Import Module
It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...
GHSA-7QWG-FCPW-XG5G Privilege Escalation & SQL Injection in TYPO3 CMS
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework system extension "form" is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...
Insecure Deserialization in TYPO3 CMS
It has been discovered that the Form Framework system extension "form" is vulnerable to Insecure Deserialization when being used with the additional PHP PECL package “yaml”, which is capable of unserializing YAML contents to PHP objects. A valid backend user account as well as having PHP setting...