XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the additionaltables configuration of the page and ttcontent indexers that accept arbitrary table and field names....

CVE-2026-46724

CVE-2026-46724 affects the Typo3 extension Faceted Search (ke_search). The file indexer does not normalize the configured directory path, allowing a backend user with permission to edit indexer configurations to index documents from arbitrary server file-system locations via path traversal. CVSS ...

TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

TYPO3-EXT-SA-2026-011: XML External Entity Injection in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

CVE-2023-35783

The kesearch aka Faceted Search extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A cross-site scripting vulnerability exists in TYPO3 versions 4.0.2 and earlier, 4.1.0 through 4.6.5, and 5.0.0 through 5.0.1, which stems from the kesearch extension that allows...

CVE-2020-15517

The kesearch aka Faceted Search extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS...