Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-24979
An issue exists in the Varnishcache extension prior to 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object re...
Mittwald Varnishcache
5
CVSSv2
CVE-2022-24980
An issue exists in the Kitodo.Presentation (aka dif) extension prior to 2.3.2, 3.x prior to 3.2.3, and 3.3.x prior to 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing...
Kitodo Kitodo.presentation
6.5
CVSSv2
CVE-2021-43563
An issue exists in the pixxio (aka pixx.io integration or DAM) extension prior to 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated malicious user to perform requests to the pixx.io API for the configured API user. This al...
Pixxio Pixx.io
5
CVSSv2
CVE-2021-43564
An issue exists in the jobfair (aka Job Fair) extension prior to 1.0.13 and 2.x prior to 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filena...
Job Fair Project Job Fair
3.5
CVSSv2
CVE-2021-43561
An XSS issue exists in the google_for_jobs (aka Google for Jobs) extension prior to 1.5.1 and 2.x prior to 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.
Pega-sus Google For Jobs
6.5
CVSSv2
CVE-2021-43562
An issue exists in the pixxio (aka pixx.io integration or DAM) extension prior to 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location...
Pixxio Pixx.io
6.8
CVSSv2
CVE-2021-41113
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact...
Typo3 Typo3
5
CVSSv2
CVE-2021-41114
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-36785
The miniorange_saml (aka Miniorange Saml) extension prior to 1.4.3 for TYPO3 allows XSS.
Miniorange Saml
5
CVSSv2
CVE-2021-36786
The miniorange_saml (aka Miniorange Saml) extension prior to 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
Miniorange Saml
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »