Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-47411
An issue exists in the fp_newsletter (aka Newsletter subscriber management) extension prior to 1.1.1, 1.2.0, 2.x prior to 2.1.2, 2.2.1 up to and including 2.4.0, and 3.x prior to 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.
Fp Newsletter Project Fp Newsletter
Fp Newsletter Project Fp Newsletter 1.2.0
NA
CVE-2022-23500
TYPO3 is an open source PHP based web content management system. In versions before 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from...
Typo3 Typo3
NA
CVE-2022-23501
TYPO3 is an open source PHP based web content management system. In versions before 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can ...
Typo3 Typo3
NA
CVE-2022-23502
TYPO3 is an open source PHP based web content management system. In versions before 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This app...
Typo3 Typo3
NA
CVE-2022-23503
TYPO3 is an open source PHP based web content management system. Versions before 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, i...
Typo3 Typo3
NA
CVE-2022-23504
TYPO3 is an open source PHP based web content management system. Versions before 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module,...
Typo3 Typo3
NA
CVE-2022-23499
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions before 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing i...
Typo3 Html Sanitizer
NA
CVE-2022-36104
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another p...
Typo3 Typo3
NA
CVE-2022-36105
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension ...
Typo3 Typo3
NA
CVE-2022-36106
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a pas...
Typo3 Typo3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »