Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-32669
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly en...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-32767
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 up to and including 9.5.27, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level de...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-32668
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the compo...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-32667
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded,...
Typo3 Typo3
4
CVSSv2
CVE-2021-31777
The dce (aka Dynamic Content Element) extension 2.2.0 up to and including 2.6.x prior to 2.6.2, and 2.7.x prior to 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
Dynamic Content Elements Project Dynamic Content Elements
3.5
CVSSv2
CVE-2021-31778
The media2click (aka 2 Clicks for External Media) extension 1.x prior to 1.3.3 for TYPO3 allows XSS by a backend user account.
Media2click Project Media2click
5.5
CVSSv2
CVE-2021-31779
The yoast_seo (aka Yoast SEO) extension prior to 7.2.1 for TYPO3 allows SSRF via a backend user account.
Yoast Yoast Seo
3.5
CVSSv2
CVE-2021-21365
Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected tem...
Typo3 Typo3
3.5
CVSSv2
CVE-2021-21340
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is nee...
Typo3 Typo3
7.5
CVSSv2
CVE-2021-21355
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, d...
Typo3 Typo3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »