Typo3
by TYPO3
Source repositories
CVEs (206)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59014 | 0.00 | — | 0.00 | Sep 9, 2025 | An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the… | |||
| CVE-2025-59013 | 0.00 | — | 0.00 | Sep 9, 2025 | An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a… | |||
| CVE-2025-47941 | 0.00 | — | 0.00 | May 20, 2025 | TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient… | |||
| CVE-2025-47940 | 0.00 | — | 0.00 | May 20, 2025 | TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and… | |||
| CVE-2025-47939 | 0.00 | — | 0.00 | May 20, 2025 | TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context.… | |||
| CVE-2025-47938 | 0.00 | — | 0.00 | May 20, 2025 | TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current… | |||
| CVE-2025-47937 | 0.00 | — | 0.00 | May 20, 2025 | TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction… | |||
| CVE-2025-47936 | 0.00 | — | 0.00 | May 20, 2025 | TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery (CSRF), which can be exploited by adversaries to target… | |||
| CVE-2024-55892 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is… | |||
| CVE-2024-55893 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing… | |||
| CVE-2024-55894 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing… | |||
| CVE-2024-55920 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing… | |||
| CVE-2024-55921 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing… | |||
| CVE-2024-55922 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing… | |||
| CVE-2024-55923 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing… | |||
| CVE-2024-55924 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing… | |||
| CVE-2024-55945 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing… | |||
| CVE-2024-55891 | 0.00 | — | 0.00 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS… | |||
| CVE-2024-34537 | 0.00 | — | 0.01 | Oct 28, 2024 | TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS,… | |||
| CVE-2024-47780 | 0.00 | — | 0.00 | Oct 8, 2024 | TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody."… |
- CVE-2025-59014Sep 9, 2025risk 0.00cvss —epss 0.00
An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the…
- CVE-2025-59013Sep 9, 2025risk 0.00cvss —epss 0.00
An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a…
- CVE-2025-47941May 20, 2025risk 0.00cvss —epss 0.00
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient…
- CVE-2025-47940May 20, 2025risk 0.00cvss —epss 0.00
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and…
- CVE-2025-47939May 20, 2025risk 0.00cvss —epss 0.00
TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context.…
- CVE-2025-47938May 20, 2025risk 0.00cvss —epss 0.00
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current…
- CVE-2025-47937May 20, 2025risk 0.00cvss —epss 0.00
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction…
- CVE-2025-47936May 20, 2025risk 0.00cvss —epss 0.00
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery (CSRF), which can be exploited by adversaries to target…
- CVE-2024-55892Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is…
- CVE-2024-55893Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing…
- CVE-2024-55894Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing…
- CVE-2024-55920Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing…
- CVE-2024-55921Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing…
- CVE-2024-55922Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing…
- CVE-2024-55923Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing…
- CVE-2024-55924Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing…
- CVE-2024-55945Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing…
- CVE-2024-55891Jan 14, 2025risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS…
- CVE-2024-34537Oct 28, 2024risk 0.00cvss —epss 0.01
TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS,…
- CVE-2024-47780Oct 8, 2024risk 0.00cvss —epss 0.00
TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody."…
Page 3 of 11