CVE-2024-25120

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records although only if a valid link-handling...

Information Disclosure

typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks, allowing editors to gain knowledge of protected storages and their folders. Attackers can exploit this by using a valid backend user account to include protected files in a collection render...

PT-2024-40283 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue arises from the failure to properly encode user input, making notifications shown in modal windows in the backend susceptible to cross-site scripting. A valid backend user account i...

PT-2024-25812 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 13.0.0 through 13.1.0 Description: The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML marku...

TYPO3 Backend Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the TYPO3 backend. Because the program fails to properly encode user input, an attacker would need to use a valid backend user...