Typo3 Cms vulnerabilities
115 known vulnerabilities affecting typo3/cms.
Total CVEs
115
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH28MEDIUM72LOW11
Vulnerabilities
Page 4 of 6
CVE-2012-1607P4MEDIUM≥ 4.4.0, ≤ 4.4.13≥ 4.5.0, ≤ 4.5.13+1 more2022-05-17
CVE-2012-1607 [MEDIUM] CWE-200 TYPO3 allows remote attackers to obtain the database name via a direct request
TYPO3 allows remote attackers to obtain the database name via a direct request
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
ghsaosv
CVE-2014-3941P4MEDIUM≥ 4.5.0, < 4.5.34≥ 4.7.0, < 4.7.19+3 more2022-05-14
CVE-2014-3941 [MEDIUM] CWE-20 Typo3 Host Header Spoofing Vulnerability
Typo3 Host Header Spoofing Vulnerability
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
ghsaosv
CVE-2023-24814P4HIGH≥ 10.0.0, < 10.4.35≥ 11.0.0, < 11.5.23+1 more2023-02-08
CVE-2023-24814 [HIGH] CWE-79 TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
> ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C` (8.2)
### Problem
TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content.
In combination with the TypoScript setting [`config.absRefPrefix=auto`](https:
ghsaosv
CVE-2018-17960P4MEDIUM≥ 8.0.0, < 8.7.21≥ 9.0.0, < 9.5.22018-11-21
CVE-2018-17960 [MEDIUM] CWE-79 Ckeditor XSS Vulnerability
Ckeditor XSS Vulnerability
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. It was possible to execute XSS inside the CKEditor source area after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode. Although this is an unlikely scenario, it is recom
ghsaosv
CVE-2020-15241P4MEDIUM≥ 8.0.0, < 8.7.25≥ 9.0.0, < 9.5.62020-10-08
CVE-2020-15241 [MEDIUM] CWE-601 Cross-Site Scripting in ternary conditional operator
Cross-Site Scripting in ternary conditional operator
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C`(5.0)
> * CWE-79
---
:information_source: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020
---
### Problem
It has been discovered that the Fluid Engine (package `typo3fluid/fluid`) is vulnerable to cross-site scripting wh
ghsaosv
CVE-2021-21370P4MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21370 [MEDIUM] CWE-79 Cross-Site Scripting in Content Preview (CType menu)
Cross-Site Scripting in Content Preview (CType menu)
### Problem
It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.
### Cre
ghsaosv
CVE-2021-21358P4MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.12021-03-23
CVE-2021-21358 [MEDIUM] CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
### Problem
It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability.
### Solution
Update to TYP
ghsaosv
CVE-2021-21340P4MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.12021-03-23
CVE-2021-21340 [MEDIUM] CWE-79 Cross-Site Scripting in Content Preview
Cross-Site Scripting in Content Preview
### Problem
It has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 10.4.14, 11.1.1 that fix the problem described.
### Credits
Thanks to Richie Lee who reported this is
ghsaosv
CVE-2022-36107P4MEDIUM≥ 10.0.0, < 10.4.32≥ 11.0.0, < 11.5.162022-09-16
CVE-2022-36107 [MEDIUM] CWE-79 TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)
### Problem
It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerabili
ghsaosv
CVE-2020-26227P4MEDIUM≥ 10.0.0, < 10.4.10≥ 9.0.0, < 9.5.23+1 more2020-12-21
CVE-2020-26227 [MEDIUM] CWE-79 Cross-Site Scripting in Fluid view helpers
Cross-Site Scripting in Fluid view helpers
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)
> * CWE-79
### Problem
It has been discovered that system extension Fluid (`typo3/cms-fluid`) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers.
```
```
### Solution
Update to TYPO3 versions 9.5.23 or 10.4.10 that fix th
ghsaosv
CVE-2022-31048P4MEDIUM≥ 10.0.0, < 10.4.29≥ 11.0.0, < 11.5.112022-06-17
CVE-2022-31048 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3's Form Framework
Cross-Site Scripting in TYPO3's Form Framework
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9)
### Problem
It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 8.7.47 ELTS
ghsaosv
CVE-2022-31049P4MEDIUM≥ 10.0.0, < 10.4.29≥ 11.0.0, < 11.5.112022-06-17
CVE-2022-31049 [MEDIUM] CWE-79 Cross-Site Scripting in TYPO3's Frontend Login Mailer
Cross-Site Scripting in TYPO3's Frontend Login Mailer
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9)
### Problem
User submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages.
### Solution
Update to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the prob
ghsaosv
CVE-2010-5101P4MEDIUM≥ 4.2.0, < 4.2.16≥ 4.3.0, < 4.3.9+1 more2022-05-17
CVE-2010-5101 [MEDIUM] CWE-22 TYPO3 Directory Traversal vulnerability
TYPO3 Directory Traversal vulnerability
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."
ghsaosv
CVE-2014-9508P4MEDIUM≥ 4.5.0, < 4.5.39≥ 4.6.0, < 6.2.9+1 more2022-05-17
CVE-2014-9508 [MEDIUM] CWE-59 Typo3 Open Redirect In Frontend Rendering
Typo3 Open Redirect In Frontend Rendering
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, allows remote attackers to change URLs to arbitrary domains.
An attacker could forge a request which modifies anchor only links on the homepage of a TYPO3 installation such that they point to arbitrary domains, if the configuration option `config.prefixLocalAnchors
ghsaosv
CVE-2015-8760P4MEDIUM≥ 6.2.0, < 6.2.162022-05-17
CVE-2015-8760 [MEDIUM] CWE-20 TYPO3 allows remote attackers to embed Flash videos from external domain
TYPO3 allows remote attackers to embed Flash videos from external domain
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
ghsaosv
CVE-2022-36108P4MEDIUM≥ 10.3.0, < 10.4.32≥ 11.0.0, < 11.5.162022-09-16
CVE-2022-36108 [MEDIUM] CWE-79 TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
TYPO3 CMS vulnerable to Cross-Site Scripting in view helper
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.1)
### Problem
It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS.
### Solution
Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem describe
ghsaosv
CVE-2022-36020P4MEDIUM≥ 10.0.0, < 10.4.32≥ 11.0.0, < 11.5.162022-09-16
CVE-2022-36020 [MEDIUM] CWE-79 TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)
### Problem
Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cro
ghsaosv
CVE-2021-32669P4MEDIUM≥ 10.0.0, < 10.4.18≥ 11.0.0, < 11.3.1+1 more2021-07-22
CVE-2021-32669 [MEDIUM] CWE-79 Cross-Site Scripting in Backend Grid View
Cross-Site Scripting in Backend Grid View
### Problem
Failing to properly encode settings for _backend layouts_, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described.
### Credits
Thanks to TYPO3 core merger Oliver Bartsch w
ghsaosv
CVE-2021-32667P4MEDIUM≥ 10.0.0, < 10.4.18≥ 11.0.0, < 11.3.1+1 more2021-07-22
CVE-2021-32667 [MEDIUM] CWE-79 Cross-Site Scripting in Page Preview
Cross-Site Scripting in Page Preview
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.0)
### Problem
Failing to properly encode _Page TSconfig_ settings, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 9.5.28, 10.4.18, 11.3.1 that fix the
ghsaosv
CVE-2022-23504P4MEDIUM≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.20+1 more2022-12-13
CVE-2022-23504 [MEDIUM] CWE-200 TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
> ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3)
### Problem
Due to the lack of handling user-submitted [YAML placeholder expressions](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Configuration/Yam
ghsaosv