234 matches found
CVE-2023-47127
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the...
FreeBSD : typo3-{11,12} -- multiple vulnerabilities (1ad3d264-e36b-11ee-9c27-40b034429ecf)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ad3d264-e36b-11ee-9c27-40b034429ecf advisory. - In TYPO3 11.5.24, the filelist component allows attackers who have access to the administrat...
BIT-TYPO3-2021-32768
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
BIT-TYPO3-2021-41113
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...
BIT-TYPO3-2021-41114
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...
BIT-TYPO3-2022-36104
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...
BIT-TYPO3-2022-36106
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even ...
BIT-TYPO3-2022-36107
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account i...
BIT-TYPO3-2023-47126
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...
CVE-2024-25118
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...
Design/Logic Flaw
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records although only if a valid link-handling...
CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...
CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...
CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...
CVE-2024-25120
CVE-2024-25120 affects TYPO3 and concerns improper access control of resources referenced by the t3:// URI scheme. The vulnerability could allow a backend authenticated user to access resources outside the user’s permission scope (files, folders, pages, records) via t3:// link handling. Affected ...
CVE-2024-25120 Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records although only if a valid link-handling...
CVE-2024-25120 Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records although only if a valid link-handling...
CVE-2024-25121
CVE-2024-25121 is an access control vulnerability in TYPO3’s File Abstraction Layer (FAL). When persisting FAL entities directly via DataHandler, attackers with a valid backend account could reference files in the fallback storage (zero-storage) and retrieve file names and contents. The fallback ...
TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-006)
The version of TYPO3 installed on the remote host is prior to 8.0.0 isImporting = true;. CVE-2024-25121 Note t...
TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-005)
The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.57 ELTS / 9.0.0 9.5.46 ELTS / 10.0.0 10.4.43 ELTS / 11.0.0 11.5.35 / 12.0.0 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-005 advisory. - TYPO3 is an open source PHP...