473 matches found
SQL Injection in extension "Newsletter" (newsletter)
It has been discovered that the extension is susceptible to SQL Injection when processing bounced emails...
Cross-Site Scripting in Form Framework
It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability...
Critical vulnerability in legacy versions of TYPO3 CMS
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...
TYPO3 Security Bulletin
It has been discovered that the extension DR Wiki - Typo3 Wiki extension drwiki is vulnerable to Cross-Site Scripting XSS. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.7.1 and all versions below Vulnerability...
Multiple vulnerabilities in extension "Direct Mail" (direct_mail)
Denial of Service CVE-2020-12697 The extension provides a functionality to log clicks on links in sent newsletters. This functionality does not limit the amount of log entries generated per link, so it is possible to use a valid link to fill the log table with a huge amount of records...
Server-side request forgery in extension "Kitodo.Presentation" (dlf)
A missing access check in an eID script of the extension allows an unauthenticated user to submit arbitrary URLs to this component. This results in Server-side request forgery allowing users to view the content of any file or webpage the webserver has access to...
Cross-Site-Request-Forgery in Backend URI Handling
It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery...
Cross-Site Scripting via Rich-Text Content
Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser do not consider all potentially malicious HTML tag ...
Cross-Site Scripting in extension "2 Clicks for External Media" (media2click)
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...
Sensitive Data Exposure in extension "View frontend statistics" (view_statistics)
The extension saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data e.g. plain text passwords if ext:felogin is installed may be saved...
Insecure Deserialization in TYPO3 CMS
It has been discovered that FormEngine and DataHandler are vulnerable to insecure deserialization. A valid backend user account is needed in order to exploit this vulnerability...
Vulnerabilitiy in extension 404 Error Page Handling (error_404_handling)
It has been discovered that the extension 404 Error Page Handling error404handling is susceptible to SQL Injection attacks. Component Type: Third party extension. This extensions is not part of the TYPO3 default installation. Affected Versions: 0.1.1 and all versions below Vulnerability Type: SQL...
Cross-Site Scripting in extension "Apache Solr for TYPO3" (solr)
It has been discovered that the extension "Apache Solr for TYPO3" solr is susceptible to Cross-Site Scripting. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.8.3 and below, 3.0.0 to...
Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)
The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...
Cross-Site Scripting in Extension "femanager" (femanager)
The extension allows by default to upload SVG files when a logged in frontend user uploads a new profile image. This may lead to Cross-Site Scripting, when the uploaded SVG image is used as is on the website...
Sensitive Information Disclosure
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...
Sensitive Information Disclosure in extension "Media Content Element" (mediace)
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...
Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: news, onetimeaccount, phpunit, div2007, t3mootools, t3jquery, oneclicklogin Release Date: January 11, 2013 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with...
XML External Entity in Dashboard Widget
It has been discovered that RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions...
Cross-Site Scripting in extension "Google reCAPTCHA (v2/v3)" (jh_captcha)
The extension fails to properly encode user input for output in HTML context. The issue is only exploitable by backend users with access to TypoScript settings of the extension...
Information Disclosure vulnerability in Dynamic Content Elements (dce)
It has been discovered that the extension "Dynamic Content Elements" dce is susceptible to Information Disclosure. Release Date: October 17, 2014 Bulletin Update: October 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation...
Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Remote File Disclosure, Cross-Site Scripting XSS, Privilege Escalation and Denial of Service. Component Type: TYPO3 Core Affected Versions: 4.2.14 and below, 4.3.6 and below, 4.4.3 and below Vulnerability Types: Remote File Disclosure,...
Denial of Service in Extension "Deferred image processing" (deferred_image_processing)
Wrong usage of the TYPO3 FAL API results in copies of processed files being saved to the /var/transient/ folder of a TYPO3 website on every frontend request. This can result in Denial of Service, since the webspace may be filled up with image files simply by crafting a large amount of requests to...
Mitigation of Cross-Site Scripting Vulnerabilities in File Upload Handling
According to TYPO3-PSA-2019-010 authenticated users - but not having administrator privileges - are allowed to upload files to their granted file mounts e.g. fileadmin/ in most cases. This also includes the possibility to upload potential malicious code in HTML or SVG files using JavaScript,...
Cross-Site Scripting in extension Gridelements (gridelements)
It has been discovered that the extension "gridelements" gridelements is susceptible to Cross-Site Scripting Release Date: February 17, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: gridelements: Versions 3.0.0, 2.1....
Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)
The extension fails to restrict the image download to the configured pixx.io DAM URL resulting in Server-side request forgery. As a result of the Server-side request forgery vulnerability, an attacker can download various content from a remote location and save it to a user controlled filename...
Protecting Install Tool with Sudo Mode
When the system maintainer concept was introduced with TYPO3 v9.0.0 the necessity of having to enter a password when accessing the Install Tool via backend user interface was removed...
Cross-Site Scripting in TYPO3 component Backend
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: February 23, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.18 Severity: Low Suggested CVSS v2.0:...
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...
Potential SQL injection vulnerability in TYPO3 Core
It has been discovered that the TYPO3 prepared statement database API allows SQL Injections. Component Type: TYPO3 Core Affected Versions: 4.5.0 - 4.5.5 Release Date: September 14, 2011 Vulnerable subcomponent: Database API Vulnerability Type: SQL Injection Severity: Medium Suggested CVSS v2.0:...
Cross-Site Scripting vulnerability in extension Direct Mail (direct_mail)
It has been discovered that the extension Direct Mail directmail is vulnerable to XSS. Release Date: December 1, 2009 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.6.4 and all versions below Vulnerability Type:...
Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)
When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...
Possible Arbitrary Code Execution in Image Processing
Image processing, e.g. for generating thumbnails, is actually delegated to ImageMagick or GraphicsMagick for the low-level processing. Whenever ImageMagick is invoked in order to convert data the mime-type of the source is identified for invoking according coders when reading data. In case an...
Class destructors causing side-effects when being unserialized
Calling unserialize on malicious user-submitted content can result in the following scenarios:...
Denial of Service in extension "Authenticator" (defbu_authenticator)
The extension bundles demo files of a 3rd party QR Code generator allowing a remote user to create QR Codes saved as PNG files on the webserver. This can result in Denial of Service, since the webspace can be filled up with a large amount of PNG files...
Cross-Site Scripting in extension "Faceted Search" (ke_search)
The extension fails to properly encode user input for output in HTML context. The issue is only exploitable by backend users with access to indexer- and filter-configurations...
TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions. Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant download numbers nor other special importance amongst the TYPO3 Community. The intention of CSBs is to...
Information Disclosure from phpmyadmin
An information disclosure issue has been found in the phpmyadmin extension of TYPO3 that may give access to phpinfo information in special cases. The standalone version of phpmyadmin is not affected. Component Type: Third party extension. This extension is not part of the TYPO3 default...
SQL Injection in fechangepassword
It has been discovered that the extension fechangepassword is open for a SQL injection when updating the password. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 2.1.2 and all versions below Vulnerability Type: SQL...
Insecure Deserialization in Backend User Settings
It has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability...
Directory Traversal on ZIP extraction
It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal...
Cross-Site Scripting in Fluid Engine
It has been discovered that the Fluid Engine package typo3fluid/fluid is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like the following...
SQL Injection vulnerability in extension RealURL: speaking paths for TYPO3 (realurl)
It has been discovered that the extension "RealURL: speaking paths for TYPO3" realurl is vulnerable to SQL-Injection. Release Date: September 25, 2013 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.12.6 and below...
SQL Injection and Open Redirection in TYPO3 Core
It has been discovered that TYPO3 Core is susceptible to SQL Injection and Open Redirection Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.23, 4.6.0 up to 4.6.16, 4.7.0 up to 4.7.8 and 6.0.0 up to 6.0.2 Vulnerability Types: SQL Injection, Open Redirection Overall Severity: High...
Multiple vulnerabilities in extension T3BLOG (t3blog)
It has been discovered that the extension T3BLOG t3blog is vulnerable to SQL Injection and Cross–Site Scripting. Release Date: February 1, 2010 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.6.2 and all version...
Sensitive Data Exposure in extension "Job Fair" (jobfair)
The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files e.g uploads/txjobfair/cv.pdf...
CSV Code Injection
CSV code injection is an attack scenario, where untrusted user input is written to a CSV file and leads to the execution of code formulas when the file is consumed by an external application e.g. Microsoft Excel or Google Sheets. As a result, this may lead to Data Exfiltration or Remote Code...
Cross-Site Scripting in Query Generator & Query View
Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability...
Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile...
Information Disclosure in User Authentication
It has been discovered that user credentials have been logged as plaintext when explicitly using log level debug, which is not the default configuration...