Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-23499
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions before 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing i...
Typo3 Html Sanitizer
NA
CVE-2022-36104
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another p...
Typo3 Typo3
NA
CVE-2022-36108
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.1...
Typo3 Typo3
NA
CVE-2022-36105
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension ...
Typo3 Typo3
NA
CVE-2022-36107
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid b...
Typo3 Typo3
NA
CVE-2022-36106
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a pas...
Typo3 Typo3
NA
CVE-2022-36020
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special H...
Typo3 Html Sanitizer
7.5
CVSSv2
CVE-2022-35628
A SQL injection issue exists in the lux extension prior to 17.6.1, and 18.x up to and including 24.x prior to 24.0.2, for TYPO3.
In2code Living User Experience
3.5
CVSSv2
CVE-2022-29602
The gridelements (aka Grid Elements) extension up to and including 7.6.1, 8.x up to and including 8.7.0, 9.x up to and including 9.7.0, and 10.x up to and including 10.2.0 extension for TYPO3 allows XSS.
Grid Elements Project Grid Elements
4.3
CVSSv2
CVE-2022-33157
The libconnect extension prior to 7.0.8 and 8.x prior to 8.1.0 for TYPO3 allows XSS.
Libconnect Project Libconnect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »