TYPO3 9.5.12 < 9.5.17 / 10.2 < 10.4.2 XSS (TYPO3-CORE-SA-2020-003)

The version of TYPO3 installed on the remote host is 9.5.12 prior to 9.5.17 or 10.2 prior to 10.4.2. It is, therefore, affected by a cross-site scripting XSS vulnerability in its link handling component due to improper validation of user-supplied input before returning it to users. An...

CVE-2020-11067

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user...