cbcvebase.

Typo3 Cms-Core vulnerabilities

98 known vulnerabilities affecting typo3/cms-core.

Total CVEs
98
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH26MEDIUM64LOW8

Vulnerabilities

Page 3 of 5
CVE-2025-59015P3MEDIUM≥ 12.0.0, < 12.4.37≥ 13.0.0, < 13.4.182025-09-09
CVE-2025-59015 [MEDIUM] CWE-331 TYPO3 CMS uses insufficient entropy when generating passwords TYPO3 CMS uses insufficient entropy when generating passwords A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.
ghsaosv
CVE-2026-47351P4MEDIUM≥ 0, < 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-12
CVE-2026-47351 [MEDIUM] CWE-200 TYPO3 CMS: Broken Access Control in Media Module TYPO3 CMS: Broken Access Control in Media Module ### Problem Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. ### Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem descr
ghsa
CVE-2018-14041P4MEDIUMCVSS 6.1≥ 8.0.0, < 8.7.23≥ 9.0.0, < 9.5.42018-09-13
CVE-2018-14041 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.
ghsaosv
CVE-2013-7080P4MEDIUM≥ 4.5.0, < 4.5.31≥ 4.6.0, < 4.7.16+1 more2022-05-17
CVE-2013-7080 [MEDIUM] TYPO3 is vulnerable to Mass Assignment in the Extension table administration library TYPO3 is vulnerable to Mass Assignment in the Extension table administration library The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
ghsaosv
CVE-2021-21338P4MEDIUM≥ 6.2.0, < 6.2.57≥ 7.0.0, < 7.6.51+4 more2021-03-23
CVE-2021-21338 [MEDIUM] CWE-601 Open Redirection in Login Handling Open Redirection in Login Handling ### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Alexa
ghsaosv
CVE-2024-34358P4MEDIUM≥ 9.0.0, < 9.5.48≥ 10.0.0, < 10.4.45+3 more2024-05-14
CVE-2024-34358 [MEDIUM] CWE-200 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController ### Problem The `ShowImageController` (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on t
ghsaosv
CVE-2025-47939P4MEDIUM≥ 9.0.0, < 9.5.51≥ 10.0.0, < 10.4.50+3 more2025-05-20
CVE-2025-47939 [MEDIUM] CWE-351 TYPO3 Allows Unrestricted File Upload in File Abstraction Layer TYPO3 Allows Unrestricted File Upload in File Abstraction Layer ### Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as execu
ghsaosv
CVE-2023-47127P4MEDIUM≥ 8.0.0, < 8.7.55≥ 9.0.0, < 9.5.44+3 more2023-11-14
CVE-2023-47127 [MEDIUM] CWE-287 TYPO3 vulnerable to Weak Authentication in Session Handling TYPO3 vulnerable to Weak Authentication in Session Handling > ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:X/RL:O/RC:C` (4.0) ### Problem Given that there are at least two different sites in the same TYPO3 installation - for instance _first.example.org_ and _second.example.com_ - then a session cookie generated for the first site can be reused on the second site without requiring additional
ghsaosv
CVE-2026-47347P4MEDIUM≥ 0, < 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-12
CVE-2026-47347 [MEDIUM] CWE-601 TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities ### Problem Applications that use `GeneralUtility::sanitizeLocalUrl` to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. ### Solution Update to TYPO3 ver
ghsa
CVE-2025-47937P4LOW≥ 9.0.0, < 9.5.51≥ 10.0.0, < 10.4.50+3 more2025-05-20
CVE-2025-47937 [LOW] CWE-863 TYPO3 Allows Information Disclosure via DBAL Restriction Handling TYPO3 Allows Information Disclosure via DBAL Restriction Handling ### Problem When performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the last table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. ###
ghsaosv
CVE-2026-47350P4MEDIUM≥ 13.0.0, < 13.4.31≥ 14.0.0, < 14.3.32026-06-12
CVE-2026-47350 [MEDIUM] CWE-862 TYPO3 CMS has Broken Access Control in its DataHandler TYPO3 CMS has Broken Access Control in its DataHandler ### Problem Backend users were able to move records to a different page without having edit permissions on the source page. ### Solution Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described. ### Credits TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team member Torben Hansen for fixing it. ### Reso
ghsa
CVE-2025-59013P4MEDIUM≥ 9.0.0, < 12.4.37≥ 10.0.0, < 12.4.37+3 more2025-09-09
CVE-2025-59013 [MEDIUM] CWE-601 TYPO3 CMS has an open‑redirect vulnerability TYPO3 CMS has an open‑redirect vulnerability An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.
ghsaosv
CVE-2021-41114P4MEDIUMCVSS 5.0≥ 11.0.0, < 11.5.02021-10-05
CVE-2021-41114 [MEDIUM] CWE-20 HTTP Host Header Injection HTTP Host Header Injection ### Meta * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C` (3.5) ### Problem It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP _Host_ header. TYPO3 uses the HTTP _Host_ header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any
ghsaosv
CVE-2022-36106P4MEDIUM≥ 10.4.0, < 10.4.32≥ 11.0.0, < 11.5.162022-09-16
CVE-2022-36106 [MEDIUM] CWE-287 TYPO3 CMS missing check for expiration time of password reset token for backend users TYPO3 CMS missing check for expiration time of password reset token for backend users > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0) ### Problem It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password
ghsaosv
CVE-2022-23502P4MEDIUM≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.20+1 more2022-12-13
CVE-2022-23502 [MEDIUM] CWE-613 TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset ### Problem When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. ### Solution Update to TYPO3 versions 10.4.33, 11.5.20, 12.1.1 that fix
ghsaosv
CVE-2022-36105P4MEDIUM≥ 7.0.0, < 7.6.58≥ 8.0.0, < 8.7.48+3 more2022-09-16
CVE-2022-36105 [MEDIUM] CWE-203 TYPO3 CMS vulnerable to User Enumeration via Response Timing TYPO3 CMS vulnerable to User Enumeration via Response Timing > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custo
ghsaosv
CVE-2023-38499P4LOW≥ 9.4.0, < 9.5.42≥ 10.0.0, < 10.4.39+2 more2023-07-25
CVE-2023-38499 [LOW] CWE-200 Information Disclosure due to Out-of-scope Site Resolution Information Disclosure due to Out-of-scope Site Resolution > ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (3.5) ### Problem In multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameter
ghsaosv
CVE-2021-32768P4MEDIUM≥ 7.0.0, < 7.6.53≥ 8.0.0, < 8.7.42+3 more2021-08-19
CVE-2021-32768 [MEDIUM] CWE-79 Cross-Site Scripting via Rich-Text Content Cross-Site Scripting via Rich-Text Content > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.7) ### Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality _[HTMLparser](https://docs.typo3.org/m/typo3/ref
ghsaosv
CVE-2024-34355P4LOW≥ 13.0.0, < 13.1.12024-05-14
CVE-2024-34355 [LOW] CWE-116 TYPO3 vulnerable to an HTML Injection in the History Module TYPO3 vulnerable to an HTML Injection in the History Module ### Problem The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. ### Solution Update to TYPO3 version 13.1.1 that fixes the problem descri
ghsaosv
CVE-2024-34356P4MEDIUM≥ 9.0.0, < 9.5.48≥ 10.0.0, < 10.4.45+3 more2024-05-14
CVE-2024-34356 [MEDIUM] CWE-79 TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module ### Problem The form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. ### Solution Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described. ### Credits Thank
ghsaosv
Typo3 Cms-Core vulnerabilities | cvebase