Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-32767
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 up to and including 9.5.27, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level de...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-32669
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly en...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-32667
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded,...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-32668
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the compo...
Typo3 Typo3
4
CVSSv2
CVE-2021-31777
The dce (aka Dynamic Content Element) extension 2.2.0 up to and including 2.6.x prior to 2.6.2, and 2.7.x prior to 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
Dynamic Content Elements Project Dynamic Content Elements
5.5
CVSSv2
CVE-2021-31779
The yoast_seo (aka Yoast SEO) extension prior to 7.2.1 for TYPO3 allows SSRF via a backend user account.
3.5
CVSSv2
CVE-2021-31778
The media2click (aka 2 Clicks for External Media) extension 1.x prior to 1.3.3 for TYPO3 allows XSS by a backend user account.
3.5
CVSSv2
CVE-2021-21365
Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected tem...
5
CVSSv2
CVE-2021-21339
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be e...
Typo3 Typo3
7.5
CVSSv2
CVE-2021-21355
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, d...
Typo3 Typo3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »