473 matches found
Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "AIRware Lexicon" airlexicon, "AST ZipCodeSearch" astaddresszipsearch, "Car" car, "Event Registration" eventregistr, "Solidbase Bannermanagement" SBbanner, "t3maffiliate" t3maffiliate, "AJAX Chat" vjchat Releas...
Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, cross-site scripting is possible in the tooltip or popover data-template attribute...
Several vulnerabilities in extension mm_forum (mm_forum)
It has been discovered that the extension "mmforum" mmforum is vulnerable to Arbitrary Code Execution, Cross-Site Scripting and Cross-Site Request Forgery Release Date: February 12, 2014 Bulletin update: September 18, 2014 added CVEs Component Type: Third party extension. This extension is not a...
Several vulnerabilities in extension AWStats (cc_awstats)
It has been discovered that the extension "AWStats" ccawstats contains an unspecific vulnerability in the bundled AWStats version. Release Date: September 25, 2013 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version...
Cross-Site Scripting Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting. Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.16, 4.6.0 up to 4.6.9, 4.7.0 up to 4.7.1 and development releases of the 6.0 branch. Bulletin history: July 4, 2012 - corrected Secunia Advisory ID Vulnerabl...
Cross-Site Scripting in CKEditor
It has been discovered, that the third party library CKEditor is vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability...
Denial of Service in Page Error Handling
Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack...
Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)
The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...
Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)
It has been discovered that the extension Frontend User Registration srfeuserregister is susceptible to Cross Site Scripting XSS attacks and allows Remote Command Execution. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation. Affected Versions:...
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
Multiple vulnerabilities have been found in the phpMyAdmin component...
By-passing protection of Phar Stream Wrapper Interceptor
Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details...
Environment Variable Injection in extension "Amazon Web Services SDK " (aws_sdk)
The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...
SQL Injection in extension "Dynamic Content Element" (dce)
The extension fails to properly sanitize user input and is susceptible to SQL Injection. A TYPO3 backend user account is required to exploit the vulnerability...
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
Multiple vulnerabilities have been found in the phpMyAdmin component...
Several Vulnerabilities in extension Formhandler (formhandler)
It has been discovered that the extension Formhandler formhandler is vulnerable to SQL-Injection and Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.9.14 and below Vulnerability Types: SQL...
Potential Privilege Escalation
In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the...
Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)
The extension bundles a vulnerable version of the 3rd party JavaScript component “Datatables” which was known to be vulnerable against Cross-Site Scripting...
Cross-Site Scripting in extension "Aimeos shop and e-commerce framework" (aimeos)
The extension fails to properly encode user input for output in HTML context. A valid backend user account with access to the Aimeos module is needed to exploit this vulnerability...
Remote Code Execution in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Remote Code Execution. Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.8, 4.6.0 and 4.6.1 + development releases of 4.7 branch Vulnerability Types: Remote Code Execution Overall Severity: Critical Release Date: December 16, 201...
Multiple vulnerabilities in BibTex Publications (si_bibtex)
It has been discovered that the extension "BibTex Publications" sibibtex is susceptible to Cross-Site Scripting and SQL Injection. Release Date: December 15, 2014 Bulletin Update: January 9, 2015 added CVEs Component Type: Third party extension. This extension is not a part of the TYPO3 default...
Insecure direct object reference in extension "Varnishcache" (varnishcache)
The Edge Site Includes ESI content element renderer component of the extension does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR with the potential of exposing internal content elements...
Broken Access Control in Form Framework
Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework...
Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)
An authenticated backend user can use the backend module to upload arbitrary files resulting in Remote Code Execution. Also, the backend module is susceptible to path traversal which allows an authenticated backend user to upload and overwrite files in all locations the webserver has access to...
Cross-Site Scripting in Link Handling
It has been discovered that the t3:// URL handling is vulnerable to cross-site scripting when making use of javascript: or data: scheme in link fields like the following...
Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "A21glossary Advanced Output" a21glossaryadvancedoutput, "ClickStream Analyzer output" alternetcsaout, "Directory Listing" dirlisting, "Store Locator" locator, "Userdata Create/Edit" sguserdata, "Versatile...
Sanitization bypass in SVG Sanitizer
The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+xml were not affected...
SQL Injection in extension "phpMyAdmin" (phpmyadmin)
Multiple vulnerabilities have been found in the phpMyAdmin component...
Several Vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to SQL Injection, Information Disclosure and Cross-Site Scripting Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.20, 4.6.0 up to 4.6.13, 4.7.0 up to 4.7.5 and development releases of the 6.0 branch. Vulnerability Types: SQL...
Open Redirection in Login Handling
It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability...
Cross-Site Scripting in fe_adminLib.inc
A problem has been discovered with feadminLib.inc bein vulnerable for Cross-Site Scripting XSS Component Type: TYPO3 Core Affected Versions: TYPO3 4.0.3 IMPORTANT: customized version still need manual correction Vulnerability Type: cross Site Scripting XSS Severity: minor Problem Description: The...
Denial of Service vulnerability in extension Calendar Base (cal)
It has been discovered that the extension "Calendar Base" cal is susceptible to Denial of Service. Release Date: October 17, 2014 Bulletin Update: October 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: a...
Multiple vulnerabilities in Extension "Dated News" (dated_news)
The extension fails to properly encode user input for output in HTML context CVE-2021-36790 and contains a blind SQL injection vulnerability CVE-2021-36789. It is also possible to confirm various applications CVE-2021-36792 and thereby obtain all application registration data CVE-2021-36791...
Cleartext storage of session identifier
User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system...
Possible deserialization side-effects in symfony/cache
Third party component symfony/cache could have been potentially leading to removal of arbitrary files in combination with other insecure deserialization vulnerabilities...
Arbitrary code execution in extension "powermail" (powermail)
It has been discovered that the extension "powermail" powermail is susceptible to arbitrary code execution and Cross-Site Scripting Release Date: May 22, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: powermail:...
Multiple vulnerabilities in extension WT Gallery (wt_gallery)
It has been discovered that the extension wtgallery is susceptible to Path Traversal and Cross Site Scripting XSS attacks. Besides that, it may disclose sensitive information. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions:...
Cross-Site Scripting in extension "Bootstrap Package" (bootstrap_package)
The extension fails to properly encode user input for output in HTML context. The following templates are affected by the vulnerability:...
By-passing protection of Phar Stream Wrapper Interceptor
Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details...
Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...
Cleartext storage of session identifier
User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system...
SQL Injection vulnerability in extension CoolURI (cooluri)
It has been discovered that the extension "CoolURI" cooluri is vulnerable to SQL Injection. Release Date: February 19, 2012 Bulletin Update: November 06, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Versio...
Cross-Site Scripting in Content Preview
It has been discovered that database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed in the page module. A valid backend user account is needed to exploit this vulnerability...
Cross-Site Scripting through Fluid view helper arguments
Three XSS vulnerabilities have been detected in Fluid:...
Server-side request forgery in extension "Yoast SEO for TYPO3" (yoast_seo)
The extension fails to restrict analyzed URLs to domains managed by the current TYPO3 website. A logged in TYPO3 backend user can use the vulnerability to make HTTP requests to arbitrary domains including the webserver itself or other internally managed resources...
Improper Authentication in LDAP / SSO Authentication (ig_ldap_sso_auth)
It has been discovered that the extension "LDAP / SSO Authentication" igldapssoauth is susceptible to Improper Authentication. Release Date: January 8, 2015 Bulletin Update: January 8, 2015 Affected Versions, Severity; February 23, 2015 added CVE Component Type: Third party extension. This...
Cross-Site Scripting in Fluid view helpers
It has been discovered that system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers...
Denial of Service in extension "Code Highlight" (codehighlight)
The extension bundles a vulnerable version of the 3rd party JavaScript component “prism” which is known to be vulnerable against Regular expression Denial of Service ReDoS...
XSS and SQL Injection vulnerabilities in extension "Direct Mail" (direct_mail)
TYPO3-SA-2011-002 Release Date: March 15, 2011 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.6.9 and all versions below Vulnerability Type: Cross-Site Scripting XSS, SQL Injection Severity: Low Suggested CVSS...
Multiple vulnerabilities in third-party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Commenting system Backend Module commentsbe, Tiny Market hmtinymarket, Yet Another Calendar keyac, The official twitter tweet button for your page tweetbutton, XING Button xing Release Date: September 2, 2010...
TYPO3 Security Bulletin
Unless the default encryption key settings have been changed by the administrator, the TYPO3 mailform can be compromised to send mail to a wrong receipient. Thus, spam mails may be sent from a remote site. Component Type: Core Affected Component: mailforms Version: 3.7.0 and earlier Vulnerability...