Typo3 Cms vulnerabilities
115 known vulnerabilities affecting typo3/cms.
Total CVEs
115
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH28MEDIUM72LOW11
Vulnerabilities
Page 3 of 6
CVE-2014-3944P3MEDIUM≥ 6.2.0, < 6.2.32022-05-17
CVE-2014-3944 [MEDIUM] CWE-287 TYPO3 Improper Session Invalidation
TYPO3 Improper Session Invalidation
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
ghsaosv
CVE-2022-31047P3MEDIUM≥ 10.0.0, < 10.4.29≥ 11.0.0, < 11.5.112022-06-17
CVE-2022-31047 [MEDIUM] CWE-209 Insertion of Sensitive Information into Log File in typo3/cms-core
Insertion of Sensitive Information into Log File in typo3/cms-core
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9)
### Problem
It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace.
### Solution
Update to TYPO3 versions
ghsaosv
CVE-2010-5103P3MEDIUM≥ 4.2.0, < 4.2.16≥ 4.3.0, < 4.3.9+1 more2022-05-17
CVE-2010-5103 [MEDIUM] CWE-89 TYPO3 SQL Injection vulnerability
TYPO3 SQL Injection vulnerability
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
ghsaosv
CVE-2010-1153P3HIGH≥ 4.3.0, < 4.3.32022-05-02
CVE-2010-1153 [HIGH] CWE-94 TYPO3 PHP remote file inclusion vulnerability
TYPO3 PHP remote file inclusion vulnerability
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.
ghsaosv
CVE-2013-4250P4HIGH≥ 6.0.0, < 6.0.8≥ 6.1.0, < 6.1.32022-05-17
CVE-2013-4250 [HIGH] CWE-20 TYPO3 doesn't properly check file extensions
TYPO3 doesn't properly check file extensions
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
ghsaosv
CVE-2013-7075P4MEDIUM≥ 4.5.0, < 4.5.32≥ 4.7.0, < 4.7.17+2 more2022-05-17
CVE-2013-7075 [MEDIUM] CWE-502 TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parame
ghsaosv
CVE-2013-4321P4MEDIUMCVSS 6.5≥ 6.0.0, < 6.0.9≥ 6.1.0, < 6.1.42022-05-17
CVE-2013-4321 [MEDIUM] CWE-94 TYPO3 vulnerable to remote authenticated arbitrary code execution
TYPO3 vulnerable to remote authenticated arbitrary code execution
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.
ghsaosv
CVE-2011-4627P4MEDIUM≥ 0, < 4.3.12≥ 4.4.0, < 4.4.9+1 more2022-04-22
CVE-2011-4627 [MEDIUM] CWE-200 Typo3 Information Disclosure
Typo3 Information Disclosure
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
ghsaosv
CVE-2020-8091P4MEDIUM≥ 7.0.0, < 7.2.0≥ 6.2.0, < 6.2.392022-05-24
CVE-2020-8091 [MEDIUM] CWE-79 Typo3 Cross-Site Scripting in Flash component (ELTS)
Typo3 Cross-Site Scripting in Flash component (ELTS)
TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
ghsaosv
CVE-2014-3945P4CRITICAL≥ 0, < 6.2.02022-05-17
CVE-2014-3945 [CRITICAL] CWE-287 TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash
TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a pa
ghsaosv
CVE-2018-14041P4MEDIUMCVSS 6.1≥ 8.0.0, < 8.7.23≥ 9.0.0, < 9.5.42018-09-13
CVE-2018-14041 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability
Bootstrap Cross-site Scripting vulnerability
In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.
ghsaosv
CVE-2021-21338P4MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21338 [MEDIUM] CWE-601 Open Redirection in Login Handling
Open Redirection in Login Handling
### Problem
It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.
### Solution
Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.
### Credits
Thanks to Alexa
ghsaosv
CVE-2011-4900P4MEDIUM≥ 0, < 4.5.42022-04-22
CVE-2011-4900 [MEDIUM] CWE-200 Typo3 Information Disclosure
Typo3 Information Disclosure
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
ghsaosv
CVE-2012-1605P4MEDIUM≥ 4.6, < 4.6.7≥ 4.4.0, < 4.4.14+1 more2022-05-17
CVE-2012-1605 [MEDIUM] CWE-502 Typo3 Extbase Framework Unsafe Deserialization
Typo3 Extbase Framework Unsafe Deserialization
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
ghsaosv
CVE-2012-3527P4MEDIUM≥ 4.5.0, < 4.5.19≥ 4.6.0, < 4.6.12+1 more2022-05-17
CVE-2012-3527 [MEDIUM] CWE-502 TYPO3 allows remote authenticated backend users to unserialize arbitrary objects
TYPO3 allows remote authenticated backend users to unserialize arbitrary objects
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."
ghsaosv
CVE-2021-41114P4MEDIUMCVSS 5.0≥ 11.0.0, < 11.5.02021-10-05
CVE-2021-41114 [MEDIUM] CWE-20 HTTP Host Header Injection
HTTP Host Header Injection
### Meta
* CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C` (3.5)
### Problem
It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP _Host_ header. TYPO3 uses the HTTP _Host_ header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any
ghsaosv
CVE-2022-36106P4MEDIUM≥ 10.4.0, < 10.4.32≥ 11.0.0, < 11.5.162022-09-16
CVE-2022-36106 [MEDIUM] CWE-287 TYPO3 CMS missing check for expiration time of password reset token for backend users
TYPO3 CMS missing check for expiration time of password reset token for backend users
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)
### Problem
It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password
ghsaosv
CVE-2022-23502P4MEDIUM≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.20+1 more2022-12-13
CVE-2022-23502 [MEDIUM] CWE-613 TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
### Problem
When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions.
### Solution
Update to TYPO3 versions 10.4.33, 11.5.20, 12.1.1 that fix
ghsaosv
CVE-2022-36105P4MEDIUM≥ 10.0.0, < 10.4.32≥ 11.0.0, < 11.5.162022-09-16
CVE-2022-36105 [MEDIUM] CWE-203 TYPO3 CMS vulnerable to User Enumeration via Response Timing
TYPO3 CMS vulnerable to User Enumeration via Response Timing
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9)
### Problem
It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts.
Extension authors of 3rd party TYPO3 extensions providing a custo
ghsaosv
CVE-2021-32768P4MEDIUM≥ 10.0.0, < 10.4.19≥ 11.0.0, < 11.3.2+3 more2021-08-19
CVE-2021-32768 [MEDIUM] CWE-79 Cross-Site Scripting via Rich-Text Content
Cross-Site Scripting via Rich-Text Content
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.7)
### Problem
Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality _[HTMLparser](https://docs.typo3.org/m/typo3/ref
ghsaosv