Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-32669
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly en...
Typo3 Typo3
6.5
CVSSv3
CVE-2021-32767
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 up to and including 9.5.27, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level de...
Typo3 Typo3
5.4
CVSSv3
CVE-2021-32667
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded,...
Typo3 Typo3
4.8
CVSSv3
CVE-2021-32668
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the compo...
Typo3 Typo3
4.9
CVSSv3
CVE-2021-31777
The dce (aka Dynamic Content Element) extension 2.2.0 up to and including 2.6.x prior to 2.6.2, and 2.7.x prior to 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
Dynamic Content Elements Project Dynamic Content Elements
5.4
CVSSv3
CVE-2021-31778
The media2click (aka 2 Clicks for External Media) extension 1.x prior to 1.3.3 for TYPO3 allows XSS by a backend user account.
6.4
CVSSv3
CVE-2021-31779
The yoast_seo (aka Yoast SEO) extension prior to 7.2.1 for TYPO3 allows SSRF via a backend user account.
5.4
CVSSv3
CVE-2021-21365
Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected tem...
6.1
CVSSv3
CVE-2021-21338
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting...
Typo3 Typo3
7.5
CVSSv3
CVE-2021-21339
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be e...
Typo3 Typo3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »