Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30451
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][base...
Typo3 Typo3 11.5.24
NA
CVE-2023-28604
The fluid_components (aka Fluid Components) extension prior to 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases.
Sitegeist Fluid Components
NA
CVE-2022-44543
The femanager extension prior to 5.5.2, 6.x prior to 6.3.3, and 7.x prior to 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandle...
In2code Femanager 7.0.0
In2code Femanager
NA
CVE-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been ad...
Typo3 Typo3
Typo3 Html Sanitizer
NA
CVE-2023-47126
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-b...
Typo3 Typo3
NA
CVE-2023-47127
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can b...
Typo3 Typo3
NA
CVE-2023-41100
An issue exists in the hcaptcha (aka hCaptcha for EXT:form) extension prior to 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.
Hcaptcha For Ext Form Project Hcaptcha For Ext
NA
CVE-2023-38500
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization la...
Typo3 Html Sanitizer
NA
CVE-2023-38499
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered con...
Typo3 Typo3
3 Github repositories
NA
CVE-2023-35782
The ipandlanguageredirect extension prior to 5.1.2 for TYPO3 allows SQL Injection.
Ipandlanguageredirect Project Ipandlanguageredirect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »