Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-21357
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form ...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-21358
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-21370
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page modu...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-21340
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is nee...
Typo3 Typo3
5
CVSSv2
CVE-2021-21359
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This...
Typo3 Typo3
5
CVSSv2
CVE-2021-21339
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be e...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-28380
The aimeos (aka Aimeos shop and e-commerce framework) extension prior to 19.10.12 and 20.x prior to 20.10.5 for TYPO3 allows XSS via a backend user account.
Aimeos Project Aimeos
7.5
CVSSv2
CVE-2021-28381
The vhs (aka VHS: Fluid ViewHelpers) extension prior to 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
Vhs Project Vhs
3.6
CVSSv2
CVE-2020-26229
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reprodu...
Typo3 Typo3
5
CVSSv2
CVE-2020-26228
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occur...
Typo3 Typo3
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »