Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been ad...
Typo3 Typo3
Typo3 Html Sanitizer
NA
CVE-2023-47126
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-b...
Typo3 Typo3
NA
CVE-2023-41100
An issue exists in the hcaptcha (aka hCaptcha for EXT:form) extension prior to 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.
Hcaptcha For Ext\\ Form Project Hcaptcha For Ext\\
NA
CVE-2023-38499
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered con...
Typo3 Typo3
3 Github repositories
NA
CVE-2023-38500
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization la...
Typo3 Html Sanitizer
NA
CVE-2023-35782
The ipandlanguageredirect extension prior to 5.1.2 for TYPO3 allows SQL Injection.
Ipandlanguageredirect Project Ipandlanguageredirect
NA
CVE-2023-35783
The ke_search (aka Faceted Search) extension prior to 4.0.3, 4.1.x up to and including 4.6.x prior to 4.6.6, and 5.x prior to 5.0.2 for TYPO3 allows XSS via indexed data.
Faceted Search Project Faceted Search
NA
CVE-2016-15032
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR']...
Mh Httpbl Project Mh Httpbl
NA
CVE-2015-10106
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initi...
Mh Httpbl Project Mh Httpbl
NA
CVE-2023-26091
The frp_form_answers (aka Forms Export) extension prior to 3.1.2, and 4.x prior to 4.0.2, for TYPO3 allows XSS via saved emails.
Frappant Forms Export
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »