Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-24979
An issue exists in the Varnishcache extension prior to 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object re...
Mittwald Varnishcache
7.5
CVSSv3
CVE-2022-24980
An issue exists in the Kitodo.Presentation (aka dif) extension prior to 2.3.2, 3.x prior to 3.2.3, and 3.3.x prior to 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing...
Kitodo Kitodo.presentation
8.8
CVSSv3
CVE-2021-43563
An issue exists in the pixxio (aka pixx.io integration or DAM) extension prior to 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated malicious user to perform requests to the pixx.io API for the configured API user. This al...
Pixxio Pixx.io
7.5
CVSSv3
CVE-2021-43564
An issue exists in the jobfair (aka Job Fair) extension prior to 1.0.13 and 2.x prior to 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filena...
Job Fair Project Job Fair
5.4
CVSSv3
CVE-2021-43561
An XSS issue exists in the google_for_jobs (aka Google for Jobs) extension prior to 1.5.1 and 2.x prior to 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.
Pega-sus Google For Jobs
8.8
CVSSv3
CVE-2021-43562
An issue exists in the pixxio (aka pixx.io integration or DAM) extension prior to 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location...
Pixxio Pixx.io
5.3
CVSSv3
CVE-2021-41114
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute...
Typo3 Typo3
8.8
CVSSv3
CVE-2021-41113
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact...
Typo3 Typo3
7.5
CVSSv3
CVE-2021-38623
The deferred_image_processing (aka Deferred image processing) extension prior to 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.
Deferred Image Processing Project Deferred Image Processing
9.8
CVSSv3
CVE-2021-38302
The Newsletter extension up to and including 4.0.0 for TYPO3 allows SQL Injection.
Newsletter Project Newsletter
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »