19 matches found
Missing Authorization Checks
typo3/cms-workspaces is vulnerable to missing authorization checks. The vulnerability is due to improper access control in the Workspace Module, which allows an attacker to directly invoke the AJAX backend route and disclose sensitive information without proper access permissions...
EUVD-2025-27227
Malicious code in bioql PyPI...
CVE-2025-59018
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...
Missing Authorization
Overview typo3/cms-workspaces is a typo3 component for workflows with custom stages and versioning for a better editing and publishing experience Affected versions of this package are vulnerable to Missing Authorization in the Workspace Module's AJAX backend route. An authenticated attacker can...
TYPO3 Workspaces Module Information Disclosure
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...
CVE-2025-59018
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...
CVE-2025-59018
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...
CVE-2025-59018 Information Disclosure in Workspaces Module
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...
PT-2025-36694
Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The Workspace Module ...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS, which stems from a lack of authorization checking in the Workspace module and could lead to the disclosure of sensitive information. The following versions are affected: 9.5.54 and...
TYPO3 Multiple Vulnerabilities (Jan 2009)
TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...
FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)
Secunia reports : Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The 'Install tool' system extension uses...
DSA-1711-1 typo3-src - remote code execution
Bulletin has no description...
CVE-2009-0257
Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 content of indexed files to the a Indexed Search Engine indexedsearch system extension; b...
CVE-2009-0257
Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 content of indexed files to the a Indexed Search Engine indexedsearch system extension; b...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 content of indexed files to the a Indexed Search Engine indexedsearch system extension; b...
CVE-2009-0257
Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 content of indexed files to the a Indexed Search Engine indexedsearch system extension; b...
CVE-2009-0257
Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 content of indexed files to the a Indexed Search Engine indexedsearch system extension; b...
Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Broken Authentication and Session Management, Cross-Site Scripting, Insecure Randomness and Remote Command Execution. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 4.0.0 to 4.0.9, 4.1.0 to 4.1.7, 4.2.0 to 4.2.3 Vulnerability...