Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36107
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid b...
Typo3 Typo3
NA
CVE-2022-36108
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.1...
Typo3 Typo3
NA
CVE-2022-36020
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special H...
Typo3 Html Sanitizer
3.5
CVSSv2
CVE-2022-29602
The gridelements (aka Grid Elements) extension up to and including 7.6.1, 8.x up to and including 8.7.0, 9.x up to and including 9.7.0, and 10.x up to and including 10.2.0 extension for TYPO3 allows XSS.
Grid Elements Project Grid Elements
4.3
CVSSv2
CVE-2022-33156
The matomo_integration (aka Matomo Integration) extension prior to 1.3.2 for TYPO3 allows XSS.
Matomo Integration
4.3
CVSSv2
CVE-2022-33157
The libconnect extension prior to 7.0.8 and 8.x prior to 8.1.0 for TYPO3 allows XSS.
Libconnect Project Libconnect
7.5
CVSSv2
CVE-2022-35628
A SQL injection issue exists in the lux extension prior to 17.6.1, and 18.x up to and including 24.x prior to 24.0.2, for TYPO3.
In2code Living User Experience
7.5
CVSSv2
CVE-2022-29600
The oelib (aka One is Enough Library) extension up to and including 4.1.5 for TYPO3 allows SQL Injection.
Oliverklee Oelib
7.5
CVSSv2
CVE-2022-29601
The seminars (aka Seminar Manager) extension up to and including 4.1.3 for TYPO3 allows SQL Injection.
Oliverklee Seminars
3.5
CVSSv2
CVE-2022-33154
The schema (aka Embedding schema.org vocabulary) extension prior to 1.13.1 and 2.x prior to 2.5.1 for TYPO3 allows XSS.
Schema Project Schema
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »