Typo3 Cms-Core vulnerabilities
98 known vulnerabilities affecting typo3/cms-core.
Total CVEs
98
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH26MEDIUM64LOW8
Vulnerabilities
Page 3 of 5
CVE-2025-59015P3MEDIUM≥ 12.0.0, < 12.4.37≥ 13.0.0, < 13.4.182025-09-09
CVE-2025-59015 [MEDIUM] CWE-331 TYPO3 CMS uses insufficient entropy when generating passwords
TYPO3 CMS uses insufficient entropy when generating passwords
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.
ghsaosv
CVE-2026-47351P4MEDIUM≥ 0, < 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-12
CVE-2026-47351 [MEDIUM] CWE-200 TYPO3 CMS: Broken Access Control in Media Module
TYPO3 CMS: Broken Access Control in Media Module
### Problem
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view.
### Solution
Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem descr
ghsa
CVE-2018-14041P4MEDIUMCVSS 6.1≥ 8.0.0, < 8.7.23≥ 9.0.0, < 9.5.42018-09-13
CVE-2018-14041 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability
Bootstrap Cross-site Scripting vulnerability
In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.
ghsaosv
CVE-2013-7080P4MEDIUM≥ 4.5.0, < 4.5.31≥ 4.6.0, < 4.7.16+1 more2022-05-17
CVE-2013-7080 [MEDIUM] TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
ghsaosv
CVE-2021-21338P4MEDIUM≥ 6.2.0, < 6.2.57≥ 7.0.0, < 7.6.51+4 more2021-03-23
CVE-2021-21338 [MEDIUM] CWE-601 Open Redirection in Login Handling
Open Redirection in Login Handling
### Problem
It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.
### Solution
Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.
### Credits
Thanks to Alexa
ghsaosv
CVE-2024-34358P4MEDIUM≥ 9.0.0, < 9.5.48≥ 10.0.0, < 10.4.45+3 more2024-05-14
CVE-2024-34358 [MEDIUM] CWE-200 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
### Problem
The `ShowImageController` (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`).
This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on t
ghsaosv
CVE-2025-47939P4MEDIUM≥ 9.0.0, < 9.5.51≥ 10.0.0, < 10.4.50+3 more2025-05-20
CVE-2025-47939 [MEDIUM] CWE-351 TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
### Problem
By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as execu
ghsaosv
CVE-2023-47127P4MEDIUM≥ 8.0.0, < 8.7.55≥ 9.0.0, < 9.5.44+3 more2023-11-14
CVE-2023-47127 [MEDIUM] CWE-287 TYPO3 vulnerable to Weak Authentication in Session Handling
TYPO3 vulnerable to Weak Authentication in Session Handling
> ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:X/RL:O/RC:C` (4.0)
### Problem
Given that there are at least two different sites in the same TYPO3 installation - for instance _first.example.org_ and _second.example.com_ - then a session cookie generated for the first site can be reused on the second site without requiring additional
ghsaosv
CVE-2026-47347P4MEDIUM≥ 0, < 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-12
CVE-2026-47347 [MEDIUM] CWE-601 TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities
TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities
### Problem
Applications that use `GeneralUtility::sanitizeLocalUrl` to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks.
### Solution
Update to TYPO3 ver
ghsa
CVE-2025-47937P4LOW≥ 9.0.0, < 9.5.51≥ 10.0.0, < 10.4.50+3 more2025-05-20
CVE-2025-47937 [LOW] CWE-863 TYPO3 Allows Information Disclosure via DBAL Restriction Handling
TYPO3 Allows Information Disclosure via DBAL Restriction Handling
### Problem
When performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the last table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users.
###
ghsaosv
CVE-2026-47350P4MEDIUM≥ 13.0.0, < 13.4.31≥ 14.0.0, < 14.3.32026-06-12
CVE-2026-47350 [MEDIUM] CWE-862 TYPO3 CMS has Broken Access Control in its DataHandler
TYPO3 CMS has Broken Access Control in its DataHandler
### Problem
Backend users were able to move records to a different page without having edit permissions on the source page.
### Solution
Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described.
### Credits
TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team member Torben Hansen for fixing it.
### Reso
ghsa
CVE-2025-59013P4MEDIUM≥ 9.0.0, < 12.4.37≥ 10.0.0, < 12.4.37+3 more2025-09-09
CVE-2025-59013 [MEDIUM] CWE-601 TYPO3 CMS has an open‑redirect vulnerability
TYPO3 CMS has an open‑redirect vulnerability
An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.
ghsaosv
CVE-2021-41114P4MEDIUMCVSS 5.0≥ 11.0.0, < 11.5.02021-10-05
CVE-2021-41114 [MEDIUM] CWE-20 HTTP Host Header Injection
HTTP Host Header Injection
### Meta
* CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C` (3.5)
### Problem
It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP _Host_ header. TYPO3 uses the HTTP _Host_ header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any
ghsaosv
CVE-2022-36106P4MEDIUM≥ 10.4.0, < 10.4.32≥ 11.0.0, < 11.5.162022-09-16
CVE-2022-36106 [MEDIUM] CWE-287 TYPO3 CMS missing check for expiration time of password reset token for backend users
TYPO3 CMS missing check for expiration time of password reset token for backend users
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)
### Problem
It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password
ghsaosv
CVE-2022-23502P4MEDIUM≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.20+1 more2022-12-13
CVE-2022-23502 [MEDIUM] CWE-613 TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
### Problem
When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions.
### Solution
Update to TYPO3 versions 10.4.33, 11.5.20, 12.1.1 that fix
ghsaosv
CVE-2022-36105P4MEDIUM≥ 7.0.0, < 7.6.58≥ 8.0.0, < 8.7.48+3 more2022-09-16
CVE-2022-36105 [MEDIUM] CWE-203 TYPO3 CMS vulnerable to User Enumeration via Response Timing
TYPO3 CMS vulnerable to User Enumeration via Response Timing
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9)
### Problem
It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts.
Extension authors of 3rd party TYPO3 extensions providing a custo
ghsaosv
CVE-2023-38499P4LOW≥ 9.4.0, < 9.5.42≥ 10.0.0, < 10.4.39+2 more2023-07-25
CVE-2023-38499 [LOW] CWE-200 Information Disclosure due to Out-of-scope Site Resolution
Information Disclosure due to Out-of-scope Site Resolution
> ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (3.5)
### Problem
In multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameter
ghsaosv
CVE-2021-32768P4MEDIUM≥ 7.0.0, < 7.6.53≥ 8.0.0, < 8.7.42+3 more2021-08-19
CVE-2021-32768 [MEDIUM] CWE-79 Cross-Site Scripting via Rich-Text Content
Cross-Site Scripting via Rich-Text Content
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.7)
### Problem
Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality _[HTMLparser](https://docs.typo3.org/m/typo3/ref
ghsaosv
CVE-2024-34355P4LOW≥ 13.0.0, < 13.1.12024-05-14
CVE-2024-34355 [LOW] CWE-116 TYPO3 vulnerable to an HTML Injection in the History Module
TYPO3 vulnerable to an HTML Injection in the History Module
### Problem
The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account.
### Solution
Update to TYPO3 version 13.1.1 that fixes the problem descri
ghsaosv
CVE-2024-34356P4MEDIUM≥ 9.0.0, < 9.5.48≥ 10.0.0, < 10.4.45+3 more2024-05-14
CVE-2024-34356 [MEDIUM] CWE-79 TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
### Problem
The form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module.
### Solution
Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described.
### Credits
Thank
ghsaosv