Typo3 Cms vulnerabilities
32 known vulnerabilities affecting typo3/typo3_cms.
Total CVEs
32
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH12MEDIUM16LOW3
Vulnerabilities
Page 2 of 2
CVE-2026-47351P4MEDIUMCVSS 5.3≥ 10.4.0, < 13.4.31≥ 14.0.0, < 14.3.32026-06-09
CVE-2026-47351 [MEDIUM] CWE-200 CVE-2026-47351: Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without prope
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.
nvd
CVE-2025-59013P4MEDIUMCVSS 6.1≥ 9.0.0, < 9.5.55≥ 10.0.0, < 10.4.54+3 more2025-09-09
CVE-2025-59013 [MEDIUM] CWE-601 CVE-2025-59013: An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0
An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL.
nvd
CVE-2026-47347P4MEDIUMCVSS 5.3fixed in 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-09
CVE-2026-47347 [MEDIUM] CWE-601 CVE-2026-47347: Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to op
Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.
nvd
CVE-2026-47350P4MEDIUMCVSS 5.3≥ 13.0.0, < 13.4.31≥ 14.0.0, < 14.3.32026-06-09
CVE-2026-47350 [MEDIUM] CWE-862 CVE-2026-47350: Backend users were able to move records to a different page without having edit permissions on the s
Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.
nvd
CVE-2026-47348P4MEDIUMCVSS 5.1≥ 13.0.0, < 13.4.31≥ 14.0.0, < 14.3.32026-06-09
CVE-2026-47348 [MEDIUM] CWE-79 CVE-2026-47348: Editors with access to create or modify page content were able to include HTML markup in page titles
Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding, resulting in a Cross-Site Scripting vulnerability. This issu
nvd
CVE-2025-59019P4MEDIUMCVSS 4.3≥ 12.0.0, < 12.4.37≥ 13.0.0, < 13.4.18+1 more2025-09-09
CVE-2025-59019 [MEDIUM] CWE-200 CVE-2025-59019: Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.
Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.
nvd
CVE-2020-11064P4MEDIUMCVSS 5.4v>= 9.0.0, < 9.5.17v>= 10.0.0, < 10.4.22020-05-13
CVE-2020-11064 [MEDIUM] CWE-79 CVE-2020-11064: In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed i
nvd
CVE-2020-11065P4MEDIUMCVSS 5.4v>= 9.5.12, < 9.5.17v>= 10.2.0, < 10.4.22020-05-13
CVE-2020-11065 [MEDIUM] CWE-79 CVE-2020-11065: In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10
nvd
CVE-2025-59016P4MEDIUMCVSS 4.3≥ 9.0.0, < 9.5.55≥ 10.0.0, < 10.4.54+3 more2025-09-09
CVE-2025-59016 [MEDIUM] CWE-209 CVE-2025-59016: Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions
Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations.
nvd
CVE-2026-49738P4LOWCVSS 2.1fixed in 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-09
CVE-2026-49738 [LOW] CWE-22 CVE-2026-49738: The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix compa
The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator users with access to the File Abstraction Layer were abl
nvd
CVE-2020-11063P4LOWCVSS 3.7v>= 10.4.0, <= 10.4.12020-05-13
CVE-2020-11063 [LOW] CWE-204 CVE-2020-11063: In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.
nvd
CVE-2025-59014P4LOWCVSS 2.7≥ 11.0.0, < 11.5.48≥ 12.0.0, < 12.4.37+1 more2025-09-09
CVE-2025-59014 [LOW] CWE-248 CVE-2025-59014: An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36,
An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar.
nvd
← Previous2 / 2