Packagist (Composer) package
typo3/cms-install
pkg:composer/typo3/cms-install
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-55891 | — | >= 13.4.2, < 13.4.3 | 13.4.3 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS w | ||
| CVE-2023-47126 | — | >= 12.2.0, < 12.4.8 | 12.4.8 | Nov 14, 2023 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-b | ||
| CVE-2010-3671 | — | < 4.1.14 | 4.1.14 | Nov 5, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | ||
| CVE-2010-3666 | — | < 4.1.14 | 4.1.14 | Nov 4, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | ||
| CVE-2010-5100 | — | >= 4.2.0, < 4.2.16 | 4.2.16 | May 21, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2009-3636 | — | <= 4.0.13 | — | Nov 2, 2009 | Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
- CVE-2024-55891Jan 14, 2025affected >= 13.4.2, < 13.4.3fixed 13.4.3
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS w
- CVE-2023-47126Nov 14, 2023affected >= 12.2.0, < 12.4.8fixed 12.4.8
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-b
- CVE-2010-3671Nov 5, 2019affected < 4.1.14fixed 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
- CVE-2010-3666Nov 4, 2019affected < 4.1.14fixed 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
- CVE-2010-5100May 21, 2012affected >= 4.2.0, < 4.2.16fixed 4.2.16
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-3636Nov 2, 2009affected <= 4.0.13
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.