VYPR

Packagist (Composer) package

typo3/cms-core

pkg:composer/typo3/cms-core

Vulnerabilities (92)

  • CVE-2022-31050MedJun 14, 2022
    affected >= 9.0.0, < 9.5.35fixed 9.5.35

    TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled

  • CVE-2022-31049MedJun 14, 2022
    affected >= 9.0.0, < 9.5.35fixed 9.5.35

    TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages.

  • CVE-2022-31048MedJun 14, 2022
    affected >= 8.0.0, < 8.7.47fixed 8.7.47

    TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is ne

  • CVE-2022-31047MedJun 14, 2022
    affected >= 7.0.0, < 7.6.57fixed 7.6.57

    TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete except

  • CVE-2022-31046MedJun 14, 2022
    affected >= 7.0.0, < 7.6.57fixed 7.6.57

    TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export

  • CVE-2021-41114MedOct 5, 2021
    affected >= 11.0.0, < 11.5.0fixed 11.5.0

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute

  • CVE-2021-41113HigOct 5, 2021
    affected >= 11.2.0, < 11.5.0fixed 11.5.0

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact

  • CVE-2021-32768MedAug 10, 2021
    affected >= 7.0.0, < 7.6.53fixed 7.6.53

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting

  • CVE-2021-32767MedJul 20, 2021
    affected >= 7.0.0, < 7.6.52fixed 7.6.52

    TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default config

  • CVE-2021-32669MedJul 20, 2021
    affected >= 8.0.0, < 8.7.41fixed 8.7.41

    TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view i

  • CVE-2021-32668MedJul 20, 2021
    affected >= 8.0.0, < 8.7.41fixed 8.7.41

    TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryVie

  • CVE-2021-32667MedJul 20, 2021
    affected >= 9.0.0, < 9.5.28fixed 9.5.28

    TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (

  • CVE-2021-21370MedMar 23, 2021
    affected >= 10.0.0, < 10.4.14fixed 10.4.14

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the pa

  • CVE-2021-21359MedMar 23, 2021
    affected >= 10.0.0, < 10.4.14fixed 10.4.14

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another pag

  • CVE-2021-21358MedMar 23, 2021
    affected >= 10.0.0, < 10.4.14fixed 10.4.14

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form

  • CVE-2021-21357HigMar 23, 2021
    affected >= 10.0.0, < 10.4.14fixed 10.4.14

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of th

  • CVE-2021-21355HigMar 23, 2021
    affected >= 10.0.0, < 10.4.14fixed 10.4.14

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - how

  • CVE-2021-21340MedMar 23, 2021
    affected >= 10.0.0, < 10.4.14fixed 10.4.14

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account

  • CVE-2021-21339MedMar 23, 2021
    affected >= 6.2.0, < 6.2.57fixed 6.2.57

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cann

  • CVE-2021-21338MedMar 23, 2021
    affected >= 6.2.0, < 6.2.57fixed 6.2.57

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and con