Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-21339
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be e...
Typo3 Typo3
7.5
CVSSv2
CVE-2021-21355
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, d...
Typo3 Typo3
6.5
CVSSv2
CVE-2021-21357
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form ...
Typo3 Typo3
5
CVSSv2
CVE-2021-21359
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-21370
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page modu...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-21358
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-28380
The aimeos (aka Aimeos shop and e-commerce framework) extension prior to 19.10.12 and 20.x prior to 20.10.5 for TYPO3 allows XSS via a backend user account.
Aimeos Project Aimeos
7.5
CVSSv2
CVE-2021-28381
The vhs (aka VHS: Fluid ViewHelpers) extension prior to 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
Vhs Project Vhs
3.6
CVSSv2
CVE-2020-26229
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reprodu...
Typo3 Typo3
4.3
CVSSv2
CVE-2020-26227
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYP...
Typo3 Typo3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »