Typo3 Cms vulnerabilities

CVE-2023-24814 [HIGH] CWE-79 TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering > ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C` (8.2) ### Problem TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting [`config.absRefPrefix=auto`](https:

CVE-2022-47406 [CRITICAL] CWE-613 TYPO3 vulnerable to Insufficient Session Expiration TYPO3 vulnerable to Insufficient Session Expiration An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

CVE-2022-23500 [HIGH] CWE-405 TYPO3 CMS vulnerable to Denial of Service in Page Error Handling TYPO3 CMS vulnerable to Denial of Service in Page Error Handling ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web

CVE-2022-23503 [HIGH] CWE-94 TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework ### Problem Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it was possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item (known as [`formDefini

CVE-2022-23501 [MEDIUM] CWE-287 TYPO3 CMS vulnerable to Weak Authentication in Frontend Login TYPO3 CMS vulnerable to Weak Authentication in Frontend Login ### Problem Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. ### Solution Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS,

CVE-2022-23499 [MEDIUM] CWE-79 TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting ### Problem Due to a parsing issue in the upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3

CVE-2022-23504 [MEDIUM] CWE-200 TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration > ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3) ### Problem Due to the lack of handling user-submitted [YAML placeholder expressions](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Configuration/Yam

CVE-2022-23502 [MEDIUM] CWE-613 TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset ### Problem When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. ### Solution Update to TYPO3 versions 10.4.33, 11.5.20, 12.1.1 that fix

CVE-2022-36104 [HIGH] CWE-770 TYPO3 CMS vulnerable to Denial of Service in Page Error Handling TYPO3 CMS vulnerable to Denial of Service in Page Error Handling > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C` (5.5) ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itsel

CVE-2022-36108 [MEDIUM] CWE-79 TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper TYPO3 CMS vulnerable to Cross-Site Scripting in view helper > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.1) ### Problem It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. ### Solution Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem describe

CVE-2022-36105 [MEDIUM] CWE-203 TYPO3 CMS vulnerable to User Enumeration via Response Timing TYPO3 CMS vulnerable to User Enumeration via Response Timing > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custo

CVE-2022-36106 [MEDIUM] CWE-287 TYPO3 CMS missing check for expiration time of password reset token for backend users TYPO3 CMS missing check for expiration time of password reset token for backend users > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0) ### Problem It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password

CVE-2022-36107 [MEDIUM] CWE-79 TYPO3 CMS Stored Cross-Site Scripting via FileDumpController TYPO3 CMS Stored Cross-Site Scripting via FileDumpController > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0) ### Problem It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerabili

CVE-2022-36020 [MEDIUM] CWE-79 TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) ### Problem Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cro

CVE-2022-31050 [MEDIUM] CWE-613 Insufficient Session Expiration in TYPO3's Admin Tool Insufficient Session Expiration in TYPO3's Admin Tool > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.6) ### Problem Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolo

CVE-2022-31048 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3's Form Framework Cross-Site Scripting in TYPO3's Form Framework > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 8.7.47 ELTS

CVE-2022-31047 [MEDIUM] CWE-209 Insertion of Sensitive Information into Log File in typo3/cms-core Insertion of Sensitive Information into Log File in typo3/cms-core > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace. ### Solution Update to TYPO3 versions

CVE-2022-31046 [MEDIUM] CWE-200 Information Disclosure via Export Module Information Disclosure via Export Module > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.0) ### Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have access. ### Solution Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS,

CVE-2022-31049 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3's Frontend Login Mailer Cross-Site Scripting in TYPO3's Frontend Login Mailer > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9) ### Problem User submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. ### Solution Update to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the prob

CVE-2019-12747 [HIGH] CWE-502 TYPO3 Vulnerable to Insecure Deserialization TYPO3 Vulnerable to Insecure Deserialization TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.