VYPR

Packagist (Composer) package

typo3/cms-core

pkg:composer/typo3/cms-core

Vulnerabilities (92)

  • CVE-2018-17960MedNov 14, 2018
    affected >= 8.0.0, < 8.7.21fixed 8.7.21

    CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.

  • CVE-2018-14041MedJul 13, 2018
    affected >= 8.0.0, < 8.7.23fixed 8.7.23

    In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

  • CVE-2013-4320May 20, 2014
    affected >= 6.0, < 6.0.9fixed 6.0.9

    The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

  • CVE-2013-7078Jan 19, 2014
    affected >= 4.5.0, < 4.5.31fixed 4.5.31

    Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows

  • CVE-2013-7081Dec 23, 2013
    affected >= 4.5.0, < 4.5.31fixed 4.5.31

    The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

  • CVE-2013-7080Dec 23, 2013
    affected >= 4.5.0, < 4.5.31fixed 4.5.31

    The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted lin

  • CVE-2013-7077Dec 21, 2013
    affected >= 6.0, < 6.0.12fixed 6.0.12

    Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-1843Mar 20, 2013
    affected >= 4.5.0, < 4.5.24fixed 4.5.24

    Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2013-1842Mar 20, 2013
    affected >= 4.5.0, < 4.5.24fixed 4.5.24

    SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation va

  • CVE-2010-5104May 21, 2012
    affected >= 4.2.0, < 4.2.16fixed 4.2.16

    The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characte

  • CVE-2009-3633Nov 2, 2009
    affected <= 4.0.13

    Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to

  • CVE-2008-2717Jun 16, 2008
    affected >= 4.0.0, < 4.0.9fixed 4.0.9

    TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload atta

Page 5 of 5