VYPR
Vendor

TYPO3

TYPO3 is a web content management system (CMS) written in the programming language PHP. It is free and open-source software released under the GNU General Public License version 2.

Founded 1998
Products
358
CVEs
539
Across products
300
Status
Private

Products

358
View all 358 products →

Recent CVEs

539
View all 539 CVEs →
  • CVE-2015-1401CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.03

    Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3.

  • CVE-2017-14251HigSep 11, 2017
    risk 0.57cvss 8.8epss 0.02

    Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

  • CVE-2016-5091HigJan 23, 2017
    risk 0.53cvss 8.1epss 0.03

    Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

  • CVE-2009-0255HigJan 22, 2009
    risk 0.53cvss 7.5epss 0.09

    The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

  • CVE-2026-49741HigJun 9, 2026
    risk 0.50cvss epss 0.00

    Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form…

  • CVE-2026-8727HigMay 19, 2026
    risk 0.46cvss epss 0.00

    The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation…

  • CVE-2026-8726HigMay 19, 2026
    risk 0.46cvss epss 0.00

    The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news…

  • CVE-2026-47346HigJun 9, 2026
    risk 0.42cvss epss 0.00

    Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements,…

  • CVE-2026-11607HigJun 9, 2026
    risk 0.42cvss epss 0.00

    Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements,…

  • CVE-2026-6553HigApr 21, 2026
    risk 0.42cvss 7.5epss 0.00

    Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.

  • CVE-2026-47343HigJun 9, 2026
    risk 0.40cvss epss 0.00

    Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0…

  • CVE-2017-5963MedFeb 12, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An…

  • CVE-2017-5962MedFeb 12, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "force_ua" HTTP GET parameter passed to the "/contexts_wurfl/Library/wurfl-dbapi-1.4.4.0/check_wurfl.php" URL. An attacker…

  • CVE-2016-4056MedJan 23, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.

  • CVE-2015-8757MedJan 8, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.

  • CVE-2026-49742HigJun 9, 2026
    risk 0.39cvss epss 0.00

    Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such…

  • CVE-2026-46722MedMay 19, 2026
    risk 0.38cvss epss 0.00

    The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search…

  • CVE-2010-3659MedOct 20, 2017
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension…

  • CVE-2017-6370MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.01

    TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

  • CVE-2015-8758MedJan 8, 2016
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.