Typo3 Cms-Core vulnerabilities
98 known vulnerabilities affecting typo3/cms-core.
Total CVEs
98
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH26MEDIUM64LOW8
Vulnerabilities
Page 4 of 5
CVE-2024-34357P4MEDIUM≥ 9.0.0, < 9.5.48≥ 10.0.0, < 10.4.45+3 more2024-05-14
CVE-2024-34357 [MEDIUM] CWE-79 TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
### Problem
Failing to properly encode user-controlled values in file entities, the `ShowImageController` (_eID tx_cms_showpic_) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities.
### Solution
Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS,
ghsaosv
CVE-2026-47348P4MEDIUM≥ 13.0.0, < 13.4.31≥ 14.0.0, < 14.3.32026-06-12
CVE-2026-47348 [MEDIUM] CWE-79 TYPO3 CMS has Cross-Site Scripting in Indexed Search
TYPO3 CMS has Cross-Site Scripting in Indexed Search
### Problem
Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding, resulting in a Cross-Site Scripting vulnerability.
### So
ghsa
CVE-2023-24814P4HIGH≥ 12.0.0, < 12.2.0≥ 11.0.0, < 11.5.23+3 more2023-02-08
CVE-2023-24814 [HIGH] CWE-79 TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
> ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C` (8.2)
### Problem
TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content.
In combination with the TypoScript setting [`config.absRefPrefix=auto`](https:
ghsaosv
CVE-2024-25119P4MEDIUM≥ 8.0.0, < 8.7.57≥ 9.0.0, < 9.5.46+4 more2024-02-13
CVE-2024-25119 [MEDIUM] CWE-200 TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
### Problem
The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability r
ghsaosv
CVE-2018-17960P4MEDIUM≥ 8.0.0, < 8.7.21≥ 9.0.0, < 9.5.22018-11-21
CVE-2018-17960 [MEDIUM] CWE-79 Ckeditor XSS Vulnerability
Ckeditor XSS Vulnerability
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. It was possible to execute XSS inside the CKEditor source area after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode. Although this is an unlikely scenario, it is recom
ghsaosv
CVE-2013-7081P4MEDIUM≥ 4.5.0, < 4.5.31≥ 4.7.0, < 4.7.16+2 more2022-05-17
CVE-2013-7081 [MEDIUM] CWE-284 TYPO3 Improper Access Control vulnerability
TYPO3 Improper Access Control vulnerability
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.
ghsaosv
CVE-2013-4320P4MEDIUM≥ 6.0, < 6.0.9≥ 6.1, < 6.1.42022-05-17
CVE-2013-4320 [MEDIUM] CWE-284 TYPO3 Improper Access Management in the File Abstraction Layer
TYPO3 Improper Access Management in the File Abstraction Layer
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
ghsaosv
CVE-2020-15241P4MEDIUM≥ 8.0.0, < 8.7.25≥ 9.0.0, < 9.5.62020-10-08
CVE-2020-15241 [MEDIUM] CWE-601 Cross-Site Scripting in ternary conditional operator
Cross-Site Scripting in ternary conditional operator
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C`(5.0)
> * CWE-79
---
:information_source: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020
---
### Problem
It has been discovered that the Fluid Engine (package `typo3fluid/fluid`) is vulnerable to cross-site scripting wh
ghsaosv
CVE-2021-21370P4MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21370 [MEDIUM] CWE-79 Cross-Site Scripting in Content Preview (CType menu)
Cross-Site Scripting in Content Preview (CType menu)
### Problem
It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.
### Cre
ghsaosv
CVE-2021-21358P4MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.12021-03-23
CVE-2021-21358 [MEDIUM] CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
### Problem
It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability.
### Solution
Update to TYP
ghsaosv
CVE-2021-21340P4MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.12021-03-23
CVE-2021-21340 [MEDIUM] CWE-79 Cross-Site Scripting in Content Preview
Cross-Site Scripting in Content Preview
### Problem
It has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 10.4.14, 11.1.1 that fix the problem described.
### Credits
Thanks to Richie Lee who reported this is
ghsaosv
CVE-2022-36107P4MEDIUM≥ 7.0.0, < 7.6.58≥ 8.0.0, < 8.7.48+3 more2022-09-16
CVE-2022-36107 [MEDIUM] CWE-79 TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)
### Problem
It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerabili
ghsaosv
CVE-2020-26227P4MEDIUM≥ 9.0.0, < 9.5.23≥ 10.0.0, < 10.4.10+1 more2020-12-21
CVE-2020-26227 [MEDIUM] CWE-79 Cross-Site Scripting in Fluid view helpers
Cross-Site Scripting in Fluid view helpers
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)
> * CWE-79
### Problem
It has been discovered that system extension Fluid (`typo3/cms-fluid`) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers.
```
```
### Solution
Update to TYPO3 versions 9.5.23 or 10.4.10 that fix th
ghsaosv
CVE-2022-31048P4MEDIUM≥ 8.0.0, < 8.7.47≥ 9.0.0, < 9.5.35+2 more2022-06-17
CVE-2022-31048 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3's Form Framework
Cross-Site Scripting in TYPO3's Form Framework
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9)
### Problem
It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 8.7.47 ELTS
ghsaosv
CVE-2022-31049P4MEDIUM≥ 9.0.0, < 9.5.35≥ 10.0.0, < 10.4.29+1 more2022-06-17
CVE-2022-31049 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3's Frontend Login Mailer
Cross-Site Scripting in TYPO3's Frontend Login Mailer
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9)
### Problem
User submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages.
### Solution
Update to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the prob
ghsaosv
CVE-2024-55892P4MEDIUM≥ 9.0.0, < 9.5.49≥ 10.0.0, < 10.4.48+3 more2025-01-14
CVE-2024-55892 [MEDIUM] CWE-601 TYPO3 Potential Open Redirect via Parsing Differences
TYPO3 Potential Open Redirect via Parsing Differences
### Problem
Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks.
### Solution
Update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 ELTS, 12.4.25
ghsaosv
CVE-2010-3673P4MEDIUM≥ 0, < 4.2.13≥ 4.3, < 4.3.4+1 more2022-04-21
CVE-2010-3673 [MEDIUM] CWE-200 TYPO3 is vulnerable to Information Disclosure in the HTML mailing API
TYPO3 is vulnerable to Information Disclosure in the HTML mailing API
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
ghsaosv
CVE-2022-36108P4MEDIUM≥ 10.3.0, < 10.4.32≥ 11.0.0, < 11.5.162022-09-16
CVE-2022-36108 [MEDIUM] CWE-79 TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
TYPO3 CMS vulnerable to Cross-Site Scripting in view helper
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.1)
### Problem
It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS.
### Solution
Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem describe
ghsaosv
CVE-2022-36020P4MEDIUM≥ 10.0.0, < 10.4.32≥ 11.0.0, < 11.5.162022-09-16
CVE-2022-36020 [MEDIUM] CWE-79 TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)
### Problem
Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cro
ghsaosv
CVE-2021-32669P4MEDIUM≥ 8.0.0, < 8.7.41≥ 9.0.0, < 9.5.28+2 more2021-07-22
CVE-2021-32669 [MEDIUM] CWE-79 Cross-Site Scripting in Backend Grid View
Cross-Site Scripting in Backend Grid View
### Problem
Failing to properly encode settings for _backend layouts_, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described.
### Credits
Thanks to TYPO3 core merger Oliver Bartsch w
ghsaosv