Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-21359
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This...
Typo3 Typo3
516
VMScore
CVE-2021-21338
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting...
Typo3 Typo3
312
VMScore
CVE-2021-21340
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is nee...
Typo3 Typo3
578
VMScore
CVE-2021-21357
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form ...
Typo3 Typo3
312
VMScore
CVE-2021-21358
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module...
Typo3 Typo3
312
VMScore
CVE-2021-21370
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page modu...
Typo3 Typo3
668
VMScore
CVE-2021-28381
The vhs (aka VHS: Fluid ViewHelpers) extension prior to 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
Vhs Project Vhs
312
VMScore
CVE-2021-28380
The aimeos (aka Aimeos shop and e-commerce framework) extension prior to 19.10.12 and 20.x prior to 20.10.5 for TYPO3 allows XSS via a backend user account.
Aimeos Project Aimeos
320
VMScore
CVE-2020-26229
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reprodu...
Typo3 Typo3
383
VMScore
CVE-2020-26227
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYP...
Typo3 Typo3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »