cbcvebase.

Typo3 Cms-Core vulnerabilities

98 known vulnerabilities affecting typo3/cms-core.

Total CVEs
98
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH26MEDIUM64LOW8

Vulnerabilities

Page 5 of 5
CVE-2021-32667P4MEDIUM≥ 9.0.0, < 9.5.28≥ 10.0.0, < 10.4.18+1 more2021-07-22
CVE-2021-32667 [MEDIUM] CWE-79 Cross-Site Scripting in Page Preview Cross-Site Scripting in Page Preview > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.0) ### Problem Failing to properly encode _Page TSconfig_ settings, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 9.5.28, 10.4.18, 11.3.1 that fix the
ghsaosv
CVE-2022-23504P4MEDIUM≥ 9.0.0, < 9.5.38≥ 10.0.0, < 10.4.33+2 more2022-12-13
CVE-2022-23504 [MEDIUM] CWE-200 TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration > ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3) ### Problem Due to the lack of handling user-submitted [YAML placeholder expressions](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Configuration/Yam
ghsaosv
CVE-2013-1843P4MEDIUM≥ 4.5.0, < 4.5.24≥ 4.6.0, < 4.6.17+2 more2022-05-17
CVE-2013-1843 [MEDIUM] CWE-601 TYPO3 Open redirect vulnerability in the Access tracking mechanism TYPO3 Open redirect vulnerability in the Access tracking mechanism Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
ghsaosv
CVE-2020-11064P4MEDIUM≥ 9.0.0, < 9.5.17≥ 10.0.0, < 10.4.22020-05-13
CVE-2020-11064 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3 CMS Form Engine Cross-Site Scripting in TYPO3 CMS Form Engine In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML `placeholder` attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 versions 9.5.17 or 10.4.2
ghsaosv
CVE-2019-12748P4MEDIUM≥ 8.0.0, < 8.7.27≥ 9.0.0, < 9.5.82022-05-24
CVE-2019-12748 [MEDIUM] CWE-79 Typo3 Cross-Site Scripting in Link Handling Typo3 Cross-Site Scripting in Link Handling TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.
ghsaosv
CVE-2024-25120P4MEDIUM≥ 8.0.0, < 8.7.57≥ 9.0.0, < 9.5.46+4 more2024-02-13
CVE-2024-25120 [MEDIUM] CWE-200 TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme ### Problem The TYPO3-specific [`t3://` URI scheme](https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references) could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (alth
ghsaosv
CVE-2020-11065P4MEDIUM≥ 10.0.0, < 10.4.2≥ 9.0.0, < 9.5.172020-05-13
CVE-2020-11065 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3 CMS Link Handling Cross-Site Scripting in TYPO3 CMS Link Handling It has been discovered that link tags generated by `typolink` functionality are vulnerable to cross-site scripting - properties being assigned as HTML attributes have not been parsed correctly. Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described. ### References * https://typo3.org/security/advisory/typo3-core-sa-2020-003
ghsaosv
CVE-2022-31046P4MEDIUM≥ 7.0.0, < 7.6.57≥ 8.0.0, < 8.7.47+3 more2022-06-17
CVE-2022-31046 [MEDIUM] CWE-200 Information Disclosure via Export Module Information Disclosure via Export Module > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.0) ### Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have access. ### Solution Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS,
ghsaosv
CVE-2025-59016P4MEDIUM≥ 9.0.0, < 12.4.37≥ 10.0.0, < 12.4.37+3 more2025-09-09
CVE-2025-59016 [MEDIUM] CWE-209 TYPO3 CMS exposes sensitive information in an error message TYPO3 CMS exposes sensitive information in an error message Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations.
ghsaosv
CVE-2010-5104P4MEDIUM≥ 4.2.0, < 4.2.16≥ 4.3.0, < 4.3.9+1 more2022-05-17
CVE-2010-5104 [MEDIUM] CWE-200 TYPO3 Sensitive Information Disclosure via escapeStrForLike method TYPO3 Sensitive Information Disclosure via escapeStrForLike method The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
ghsaosv
CVE-2021-32668P4MEDIUM≥ 8.0.0, < 8.7.41≥ 9.0.0, < 9.5.28+2 more2021-07-22
CVE-2021-32668 [MEDIUM] CWE-79 Cross-Site Scripting in Query Generator & Query View Cross-Site Scripting in Query Generator & Query View > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.5) ### Problem Failing to properly encode error messages, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability
ghsaosv
CVE-2013-7077P4MEDIUM≥ 6.0, < 6.0.12≥ 6.1, < 6.1.72022-05-17
CVE-2013-7077 [MEDIUM] CWE-79 TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
ghsaosv
CVE-2009-3633P4MEDIUM≥ 0, ≤ 4.0.13≥ 4.1.0, < 4.1.13+2 more2022-05-02
CVE-2009-3633 [MEDIUM] CWE-352 TYPO3 API function vulnerable to Cross-site Scripting TYPO3 API function vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the `t3lib_div::quoteJSvalue` API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.
ghsaosv
CVE-2025-47938P4LOW≥ 9.0.0, < 9.5.51≥ 10.0.0, < 10.4.50+3 more2025-05-20
CVE-2025-47938 [LOW] CWE-620 TYPO3 Unverified Password Change for Backend Users TYPO3 Unverified Password Change for Backend Users ### Problem The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower the protection against unauthorized access in scenarios where an adm
ghsaosv
CVE-2026-49738P4LOW≥ 0, < 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-12
CVE-2026-49738 [LOW] CWE-22 TYPO3 CMS has Broken Access Control in its File Abstraction Layer TYPO3 CMS has Broken Access Control in its File Abstraction Layer ### Problem The path allowance check in `GeneralUtility::isAllowedAbsPath()` performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like `/var/www/html-other/secret.yaml` to be incorrectly accepted as valid when the project root was `/var/www/html`. Administrator users with access to t
ghsa
CVE-2020-11063P4LOW≥ 10.0.0, < 10.4.22020-05-13
CVE-2020-11063 [LOW] CWE-203 Information Disclosure in Password Reset Information Disclosure in Password Reset In TYPO3 CMS 10.4.0 through 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2. ### References * https://typo3.org/security/advisory/typo3-core-sa-2020-001
ghsaosv
CVE-2020-26229P4LOW≥ 10.0.0, < 10.4.102020-11-23
CVE-2020-26229 [LOW] CWE-611 XML External Entity in Dashboard Widget XML External Entity in Dashboard Widget ### Problem It has been discovered that RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with _libxml2_ version 2.9, the processing of XML external entities is disabled per de
ghsaosv
CVE-2013-7078P4LOW≥ 4.5.0, < 4.5.31≥ 4.7.0, < 4.7.16+2 more2022-05-17
CVE-2013-7078 [LOW] CWE-79 TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script
ghsaosv
Typo3 Cms-Core vulnerabilities | cvebase