VYPR

Typo3

by TYPO3

Source repositories

CVEs (206)

  • CVE-2024-34358May 14, 2024
    risk 0.00cvss epss 0.00

    TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query…

  • CVE-2024-34357May 14, 2024
    risk 0.00cvss epss 0.01

    TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController` (`_eID…

  • CVE-2024-34356May 14, 2024
    risk 0.00cvss epss 0.01

    TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a…

  • CVE-2024-34355May 14, 2024
    risk 0.00cvss epss 0.01

    TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject…

  • CVE-2024-25118Feb 13, 2024
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques.…

  • CVE-2024-25119Feb 13, 2024
    risk 0.00cvss epss 0.00

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to…

  • CVE-2024-25120Feb 13, 2024
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a…

  • CVE-2024-25121Feb 13, 2024
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage…

  • CVE-2023-47126Nov 14, 2023
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to…

  • CVE-2023-47127Nov 14, 2023
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can…

  • CVE-2023-38499Jul 25, 2023
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered…

  • CVE-2023-24814Feb 7, 2023
    risk 0.00cvss epss 0.01

    TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject…

  • CVE-2022-23504Dec 14, 2022
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend…

  • CVE-2022-23503Dec 14, 2022
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend…

  • CVE-2022-23502Dec 14, 2022
    risk 0.00cvss epss 0.00

    TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This…

  • CVE-2022-23501Dec 14, 2022
    risk 0.00cvss epss 0.00

    TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions),…

  • CVE-2022-23500Dec 14, 2022
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message…

  • CVE-2022-36105Sep 13, 2022
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension…

  • CVE-2022-36106Sep 13, 2022
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a…

  • CVE-2022-36107Sep 13, 2022
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid…

Page 4 of 11