Typo3 Cms-Core vulnerabilities
98 known vulnerabilities affecting typo3/cms-core.
Total CVEs
98
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH26MEDIUM64LOW8
Vulnerabilities
Page 5 of 5
CVE-2021-32667P4MEDIUM≥ 9.0.0, < 9.5.28≥ 10.0.0, < 10.4.18+1 more2021-07-22
CVE-2021-32667 [MEDIUM] CWE-79 Cross-Site Scripting in Page Preview
Cross-Site Scripting in Page Preview
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.0)
### Problem
Failing to properly encode _Page TSconfig_ settings, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 9.5.28, 10.4.18, 11.3.1 that fix the
ghsaosv
CVE-2022-23504P4MEDIUM≥ 9.0.0, < 9.5.38≥ 10.0.0, < 10.4.33+2 more2022-12-13
CVE-2022-23504 [MEDIUM] CWE-200 TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
> ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3)
### Problem
Due to the lack of handling user-submitted [YAML placeholder expressions](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Configuration/Yam
ghsaosv
CVE-2013-1843P4MEDIUM≥ 4.5.0, < 4.5.24≥ 4.6.0, < 4.6.17+2 more2022-05-17
CVE-2013-1843 [MEDIUM] CWE-601 TYPO3 Open redirect vulnerability in the Access tracking mechanism
TYPO3 Open redirect vulnerability in the Access tracking mechanism
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
ghsaosv
CVE-2020-11064P4MEDIUM≥ 9.0.0, < 9.5.17≥ 10.0.0, < 10.4.22020-05-13
CVE-2020-11064 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3 CMS Form Engine
Cross-Site Scripting in TYPO3 CMS Form Engine
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML `placeholder` attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
Update to TYPO3 versions 9.5.17 or 10.4.2
ghsaosv
CVE-2019-12748P4MEDIUM≥ 8.0.0, < 8.7.27≥ 9.0.0, < 9.5.82022-05-24
CVE-2019-12748 [MEDIUM] CWE-79 Typo3 Cross-Site Scripting in Link Handling
Typo3 Cross-Site Scripting in Link Handling
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.
ghsaosv
CVE-2024-25120P4MEDIUM≥ 8.0.0, < 8.7.57≥ 9.0.0, < 9.5.46+4 more2024-02-13
CVE-2024-25120 [MEDIUM] CWE-200 TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
### Problem
The TYPO3-specific [`t3://` URI scheme](https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references) could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (alth
ghsaosv
CVE-2020-11065P4MEDIUM≥ 10.0.0, < 10.4.2≥ 9.0.0, < 9.5.172020-05-13
CVE-2020-11065 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3 CMS Link Handling
Cross-Site Scripting in TYPO3 CMS Link Handling
It has been discovered that link tags generated by `typolink` functionality are vulnerable to cross-site scripting - properties being assigned as HTML attributes have not been parsed correctly.
Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described.
### References
* https://typo3.org/security/advisory/typo3-core-sa-2020-003
ghsaosv
CVE-2022-31046P4MEDIUM≥ 7.0.0, < 7.6.57≥ 8.0.0, < 8.7.47+3 more2022-06-17
CVE-2022-31046 [MEDIUM] CWE-200 Information Disclosure via Export Module
Information Disclosure via Export Module
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.0)
### Problem
The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have access.
### Solution
Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS,
ghsaosv
CVE-2025-59016P4MEDIUM≥ 9.0.0, < 12.4.37≥ 10.0.0, < 12.4.37+3 more2025-09-09
CVE-2025-59016 [MEDIUM] CWE-209 TYPO3 CMS exposes sensitive information in an error message
TYPO3 CMS exposes sensitive information in an error message
Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations.
ghsaosv
CVE-2010-5104P4MEDIUM≥ 4.2.0, < 4.2.16≥ 4.3.0, < 4.3.9+1 more2022-05-17
CVE-2010-5104 [MEDIUM] CWE-200 TYPO3 Sensitive Information Disclosure via escapeStrForLike method
TYPO3 Sensitive Information Disclosure via escapeStrForLike method
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
ghsaosv
CVE-2021-32668P4MEDIUM≥ 8.0.0, < 8.7.41≥ 9.0.0, < 9.5.28+2 more2021-07-22
CVE-2021-32668 [MEDIUM] CWE-79 Cross-Site Scripting in Query Generator & Query View
Cross-Site Scripting in Query Generator & Query View
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.5)
### Problem
Failing to properly encode error messages, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability
ghsaosv
CVE-2013-7077P4MEDIUM≥ 6.0, < 6.0.12≥ 6.1, < 6.1.72022-05-17
CVE-2013-7077 [MEDIUM] CWE-79 TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
ghsaosv
CVE-2009-3633P4MEDIUM≥ 0, ≤ 4.0.13≥ 4.1.0, < 4.1.13+2 more2022-05-02
CVE-2009-3633 [MEDIUM] CWE-352 TYPO3 API function vulnerable to Cross-site Scripting
TYPO3 API function vulnerable to Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the `t3lib_div::quoteJSvalue` API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.
ghsaosv
CVE-2025-47938P4LOW≥ 9.0.0, < 9.5.51≥ 10.0.0, < 10.4.50+3 more2025-05-20
CVE-2025-47938 [LOW] CWE-620 TYPO3 Unverified Password Change for Backend Users
TYPO3 Unverified Password Change for Backend Users
### Problem
The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification.
This behavior may lower the protection against unauthorized access in scenarios where an adm
ghsaosv
CVE-2026-49738P4LOW≥ 0, < 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-12
CVE-2026-49738 [LOW] CWE-22 TYPO3 CMS has Broken Access Control in its File Abstraction Layer
TYPO3 CMS has Broken Access Control in its File Abstraction Layer
### Problem
The path allowance check in `GeneralUtility::isAllowedAbsPath()` performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like `/var/www/html-other/secret.yaml` to be incorrectly accepted as valid when the project root was `/var/www/html`. Administrator users with access to t
ghsa
CVE-2020-11063P4LOW≥ 10.0.0, < 10.4.22020-05-13
CVE-2020-11063 [LOW] CWE-203 Information Disclosure in Password Reset
Information Disclosure in Password Reset
In TYPO3 CMS 10.4.0 through 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts.
This has been fixed in 10.4.2.
### References
* https://typo3.org/security/advisory/typo3-core-sa-2020-001
ghsaosv
CVE-2020-26229P4LOW≥ 10.0.0, < 10.4.102020-11-23
CVE-2020-26229 [LOW] CWE-611 XML External Entity in Dashboard Widget
XML External Entity in Dashboard Widget
### Problem
It has been discovered that RSS widgets are susceptible to XML external entity processing.
This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions.
At least with _libxml2_ version 2.9, the processing of XML external entities is disabled per de
ghsaosv
CVE-2013-7078P4LOW≥ 4.5.0, < 4.5.31≥ 4.7.0, < 4.7.16+2 more2022-05-17
CVE-2013-7078 [LOW] CWE-79 TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script
ghsaosv
← Previous5 / 5