Home/Product/typo3
Product

typo3

238 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-6553
all versions
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settin
7.5HIGH
 CVE-2026-0859
>= 10.0.0 and < 10.4.55
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file th
7.8HIGH
 CVE-2025-59022
>= 10.0.0 and < 10.4.55
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regar
8.1HIGH
 CVE-2025-59021
>= 10.0.0 and < 10.4.55
Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and mo
6.4MEDIUM
 CVE-2025-59020
>= 10.0.0 and < 10.4.55
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backen
6.5MEDIUM
 CVE-2025-59019
>= 11.0.0 and < 11.5.48
Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13
4.3MEDIUM
 CVE-2025-59018
>= 9.0.0 and < 9.5.55
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.
6.5MEDIUM
 CVE-2025-59017
>= 9.0.0 and < 9.5.55
Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0
8.8HIGH
 CVE-2025-59016
>= 9.0.0 and < 9.5.55
Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53,
4.3MEDIUM
 CVE-2025-59015
>= 12.0.0 and < 12.4.37
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0-12.4.36 and 13.0.0-13.4
6.5MEDIUM
 CVE-2025-59014
>= 11.0.0 and < 11.5.48
An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 lets admini
2.7LOW
 CVE-2025-59013
>= 9.0.0 and < 9.5.55
An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12
6.1MEDIUM
 CVE-2025-7900
<= 6.4.1
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This
6.5MEDIUM
 CVE-2025-47941
>= 12.0.0 and < 12.4.31
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x
7.2HIGH
 CVE-2025-47940
>= 10.4.0 and < 10.4.50
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 1
7.2HIGH
 CVE-2025-47939
>= 9.0.0 and < 9.5.51
TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user
5.4MEDIUM
 CVE-2025-47938
>= 9.0.0 and < 9.5.51
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.
3.8LOW
 CVE-2025-47937
>= 9.0.0 and < 9.5.51
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.
3.7LOW
 CVE-2025-47936
>= 12.0.0 and < 12.4.31
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x
3.3LOW
 CVE-2024-55945
>= 11.0.0 and < 11.5.42
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface fu
4.3MEDIUM
 CVE-2024-55924
>= 11.0.0 and < 11.5.42
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface fu
8.0HIGH
 CVE-2024-55923
>= 10.0.0 and < 10.4.48
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface fu
4.3MEDIUM
 CVE-2024-55922
>= 10.0.0 and < 10.4.48
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface fu
5.4MEDIUM
 CVE-2024-55921
>= 10.0.0 and < 10.4.48
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface fu
7.5HIGH
 CVE-2024-55920
>= 10.0.0 and < 10.4.48
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface fu
4.3MEDIUM
 CVE-2024-55894
>= 10.0.0 and < 10.4.48
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface fu
4.3MEDIUM
 CVE-2024-55893
>= 10.0.0 and < 10.4.48
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface fu
4.3MEDIUM
 CVE-2024-55892
>= 9.0.0 and < 9.5.49
TYPO3 is a free and open source Content Management Framework. Applications that use TYPO3\CMS\Core\Http\Uri to parse externally
4.8MEDIUM
 CVE-2024-55891
all versions
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logge
3.1LOW
 CVE-2024-34537
>= 10.0.0 and < 10.4.46
TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administra
4.9MEDIUM
 CVE-2024-47780
>= 10.0.0 and < 10.4.46
TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without havin
3.1LOW
 CVE-2024-34358
>= 9.0.0 and < 9.5.48
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.
5.3MEDIUM
 CVE-2024-34357
>= 9.0.0 and < 9.5.48
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.
5.4MEDIUM
 CVE-2024-34356
>= 9.0.0 and < 9.5.48
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.
5.4MEDIUM
 CVE-2024-34355
>= 13.0.0 and < 13.1.1
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend modu
3.5LOW
 CVE-2024-22188
>= 8.0.0 and < 8.7.57
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (wi
7.2HIGH
 CVE-2024-25121
>= 8.0.0 and < 8.7.57
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities
7.1HIGH
 CVE-2024-25120
>= 8.0.0 and < 8.7.57
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific t3:// URI scheme
4.3MEDIUM
 CVE-2024-25119
>= 8.0.0 and < 8.7.57
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS'
4.9MEDIUM
 CVE-2024-25118
>= 8.0.0 and < 8.7.57
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected i
4.3MEDIUM
 CVE-2023-30451
all versions
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via
4.9MEDIUM
 CVE-2023-47127
>= 11.0.0 and < 11.5.33
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are alway
4.2MEDIUM
 CVE-2023-47126
>= 12.2.0 and < 12.4.8
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen
3.7LOW
 CVE-2023-47125
>= 11.3.2 and < 11.5.33
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing in
4.7MEDIUM
 CVE-2023-38500
>= 1.0.0 and < 1.5.1
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly
4.7MEDIUM
 CVE-2023-38499
>= 9.4.0 and < 9.5.42
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4
3.7LOW
 CVE-2023-24814
>= 8.7.0 and < 9.7.51
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions t
8.8HIGH
 CVE-2022-23504
>= 9.0.0 and < 9.5.38
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subjec
5.7MEDIUM
 CVE-2022-23503
>= 8.0.0 and < 8.7.49
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 ar
7.5HIGH
 CVE-2022-23502
>= 10.0.0 and < 10.4.33
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users res
5.4MEDIUM
 CVE-2022-23501
< 8.7.49
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1
5.9MEDIUM
 CVE-2022-23500
>= 9.0.0 and < 9.5.38
TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, reques
5.9MEDIUM
 CVE-2022-23499
>= 1.0.0 and <= 1.0.7
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In ve
6.1MEDIUM
 CVE-2022-36108
>= 10.0.0 and <= 10.4.31
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:ass
6.5MEDIUM
 CVE-2022-36107
>= 7.0.0 and <= 7.6.57
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileD
6.5MEDIUM
 CVE-2022-36106
>= 10.0.0 and <= 10.4.31
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expira
5.4MEDIUM
 CVE-2022-36105
>= 7.0.0 and <= 7.6.57
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing
5.3MEDIUM
 CVE-2022-36104
>= 11.4.0 and <= 11.5.15
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invali
5.9MEDIUM
 CVE-2022-36020
>= 1.0.0 and < 1.0.7
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allow
6.1MEDIUM
 CVE-2022-31050
>= 10.0.0 and < 10.4.29
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions in
6.0MEDIUM
 CVE-2022-31049
>= 10.0.0 and < 10.4.29
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content
5.4MEDIUM
 CVE-2022-31048
>= 10.0.0 and < 10.4.29
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form
5.4MEDIUM
 CVE-2022-31047
>= 10.0.0 and < 10.4.29
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.
5.3MEDIUM
 CVE-2022-31046
>= 10.0.0 and < 10.4.29
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.
4.3MEDIUM
 CVE-2021-41114
>= 11.0.0 and < 11.5.0
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS
4.8MEDIUM
 CVE-2021-41113
>= 11.2.0 and < 11.5.0
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TY
8.8HIGH
 CVE-2021-32768
>= 9.0.0 and <= 9.5.28
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to proper
6.1MEDIUM
 CVE-2021-32767
>= 7.0.0 and <= 7.6.51
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.
5.3MEDIUM
 CVE-2021-32669
>= 8.0.0 and <= 8.7.40
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0
6.4MEDIUM
 CVE-2021-32668
>= 8.0.0 and <= 8.7.40
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0
6.4MEDIUM
 CVE-2021-32667
>= 9.0.0 and <= 9.5.287
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0
6.4MEDIUM
 CVE-2021-21365
< 7.1.2
Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cro
5.4MEDIUM
 CVE-2021-21370
>= 7.0.0 and < 7.6.51
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1
5.4MEDIUM
 CVE-2021-21359
>= 9.0.0 and < 9.5.25
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting inval
5.9MEDIUM
 CVE-2021-21358
>= 10.2.0 and < 10.4.14
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered t
5.4MEDIUM
 CVE-2021-21357
>= 8.0.0 and < 8.7.40
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to i
8.3HIGH
 CVE-2021-21355
>= 8.0.0 and < 8.7.40
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to
8.6HIGH
 CVE-2021-21340
>= 10.0.0 and < 10.4.14
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered t
5.4MEDIUM
 CVE-2021-21339
>= 6.2.0 and < 6.2.57
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14,
5.9MEDIUM
 CVE-2021-21338
>= 6.2.0 and < 6.2.57
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14,
4.7MEDIUM
 CVE-2020-26229
>= 10.0.0 and < 10.4.10
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS wid
3.7LOW
 CVE-2020-26228
>= 9.0.0 and < 9.5.23
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifi
8.1HIGH
 CVE-2020-26227
>= 6.2.0 and < 6.2.54
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension
6.1MEDIUM
 CVE-2020-15241
all versions
TYPO3 Fluid Engine (package typo3fluid/fluid) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to
4.7MEDIUM
 CVE-2020-15099
>= 9.0.0 and < 9.5.20
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a c
8.1HIGH
 CVE-2020-15098
>= 9.0.0 and < 9.5.20
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has
8.8HIGH
 CVE-2020-11069
>= 9.0.0 and <= 9.5.16
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install to
8.0HIGH
 CVE-2020-11067
>= 9.0.0 and <= 9.5.16
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER-uc) ar
8.8HIGH
 CVE-2020-11066
>= 9.0.0 and < 9.5.17
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling
8.7HIGH
 CVE-2020-11065
>= 9.5.12 and < 9.5.17
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it ha
5.4MEDIUM
 CVE-2020-11064
>= 9.0.0 and < 9.5.17
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has
5.4MEDIUM
 CVE-2020-11063
all versions
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functi
3.7LOW
 CVE-2020-8091
>= 7.0.0 and <= 7.1.0
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site s
6.1MEDIUM
 CVE-2019-19850
>= 8.0.0 and < 8.7.30
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted cont
7.2HIGH
 CVE-2019-19849
< 8.7.30
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes
8.8HIGH
 CVE-2019-19848
< 8.7.30
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extract
7.2HIGH
 CVE-2011-3583
>= 4.5.0 and <= 4.5.5
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replac
9.8CRITICAL
 CVE-2011-4904
>= 4.4.0 and < 4.4.9
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to
6.5MEDIUM
 CVE-2011-4903
>= 4.3.0 and < 4.3.12
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject ar
6.1MEDIUM
 CVE-2011-4902
>= 4.3.0 and < 4.3.12
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver
6.5MEDIUM
 CVE-2011-4901
>= 4.3.0 and < 4.3.12
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the
6.5MEDIUM
 CVE-2011-4900
>= 4.5.0 and < 4.5.4
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
6.5MEDIUM
 CVE-2011-4632
>= 4.3.0 and < 4.3.12
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject ar
5.4MEDIUM
 CVE-2011-4631
>= 4.3.0 and < 4.3.12
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject ar
5.4MEDIUM
 CVE-2011-4630
>= 4.3.0 and < 4.3.12
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject ar
5.4MEDIUM
 CVE-2011-4629
>= 4.3.0 and < 4.3.12
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject ar
5.4MEDIUM
 CVE-2011-4628
>= 4.3.0 and < 4.3.12
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the
9.8CRITICAL
 CVE-2011-4627
>= 4.3.0 and < 4.3.12
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
6.5MEDIUM
 CVE-2011-4626
>= 4.3.0 and < 4.3.12
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject ar
6.1MEDIUM
 CVE-2010-3674
< 4.4.1
TYPO3 before 4.4.1 allows XSS in the frontend search box.
6.1MEDIUM
 CVE-2010-3673
>= 4.2.0 and < 4.2.13
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailin
5.3MEDIUM
 CVE-2010-3672
< 4.3.4
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
6.1MEDIUM
 CVE-2010-3671
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which all
6.5MEDIUM
 CVE-2010-3670
< 4.3.4
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" func
4.8MEDIUM
 CVE-2010-3669
>= 4.2.0 and < 4.2.13
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
5.4MEDIUM
 CVE-2010-3668
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download
7.5HIGH
 CVE-2010-3667
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content e
5.3MEDIUM
 CVE-2010-3666
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid fun
5.3MEDIUM
 CVE-2010-3665
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
5.4MEDIUM
 CVE-2010-3664
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
6.5MEDIUM
 CVE-2010-3663
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the vari
8.8HIGH
 CVE-2010-3662
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
8.8HIGH
 CVE-2010-3661
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.
6.1MEDIUM
 CVE-2010-3660
< 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
5.4MEDIUM
 CVE-2019-12748
>= 8.3.0 and <= 8.7.26
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.
6.1MEDIUM
 CVE-2019-12747
>= 8.3.0 and <= 8.7.26
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
8.8HIGH
 CVE-2019-11832
>= 8.0.0 and < 8.7.25
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications
7.5HIGH
 CVE-2018-6905
< 8.7.11
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by
4.8MEDIUM
 CVE-2010-3659
all versions
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and
5.4MEDIUM
 CVE-2017-14251
all versions
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.
8.8HIGH
 CVE-2017-6370
all versions
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers
5.3MEDIUM
 CVE-2016-5091
<= 6.2.23
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possi
8.1HIGH
 CVE-2016-4056
all versions
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject a
6.1MEDIUM
 CVE-2015-8760
all versions
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspe
6.1MEDIUM
 CVE-2015-8759
all versions
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote
5.4MEDIUM
 CVE-2015-8758
all versions
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before
5.4MEDIUM
 CVE-2015-8757
all versions
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote
6.1MEDIUM
 CVE-2015-8756
all versions
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x
5.4MEDIUM
 CVE-2015-8755
all versions
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before
5.4MEDIUM
 CVE-2015-5956
<= 4.5.40
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users
 CVE-2015-2047
all versions
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when co
 CVE-2014-9509
all versions
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config
 CVE-2014-9508
all versions
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config
 CVE-2014-3946
all versions
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group pe
 CVE-2014-3945
<= 6.1.9
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the
 CVE-2014-3944
all versions
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote
 CVE-2014-3943
all versions
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4
 CVE-2014-3942
all versions
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 a
 CVE-2014-3941
all versions
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote atta
 CVE-2013-4321
all versions
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute
 CVE-2013-4320
all versions
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which all
 CVE-2013-4250
all versions
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not prope
 CVE-2012-6146
all versions
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict ac
 CVE-2013-7078
all versions
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in
 CVE-2013-7081
all versions
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 thro
 CVE-2013-7080
all versions
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4
 CVE-2013-7079
all versions
Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and
 CVE-2013-7075
all versions
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through
 CVE-2013-7073
all versions
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through
 CVE-2013-7077
all versions
Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6
 CVE-2013-7076
all versions
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote a
 CVE-2013-7074
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17,
 CVE-2012-6148
all versions
Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x bef
 CVE-2012-6147
all versions
Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x
 CVE-2012-6145
all versions
Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.
 CVE-2012-6144
all versions
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.
 CVE-2013-1843
all versions
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9
 CVE-2013-1842
all versions
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.
 CVE-2012-3531
all versions
Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.
 CVE-2012-3530
all versions
Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 a
 CVE-2012-3529
all versions
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote aut
 CVE-2012-3528
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x bef
 CVE-2012-3527
>= 4.5.0 and < 4.5.19
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote au
 CVE-2012-1608
all versions
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows
 CVE-2012-1607
all versions
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 all
 CVE-2012-1606
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13,
 CVE-2012-1605
all versions
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to uns
 CVE-2012-2112
all versions
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before
 CVE-2010-5099
all versions
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4
 CVE-2010-5104
all versions
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape inpu
 CVE-2010-5103
all versions
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows rem
 CVE-2010-5102
all versions
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x befo
 CVE-2010-5101
all versions
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5
 CVE-2010-5100
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.
 CVE-2010-5098
all versions
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x be
 CVE-2010-5097
all versions
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 whe
 CVE-2011-4614
all versions
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4
 CVE-2012-1085
all versions
Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensiti
 CVE-2012-1084
all versions
Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to
 CVE-2010-4068
all versions
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows
 CVE-2010-3717
all versions
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly rest
 CVE-2010-3716
all versions
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges
 CVE-2010-3715
all versions
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow
 CVE-2010-3714
all versions
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and
 CVE-2009-4855
all versions
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid pa
 CVE-2010-1153
all versions
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary
 CVE-2010-0286
all versions
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authent
 CVE-2009-3636
<= 4.0.12
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x
 CVE-2009-3635
<= 4.0.12
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 all
 CVE-2009-3634
all versions
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows
 CVE-2009-3633
<= 4.0.12
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1
 CVE-2009-3632
<= 4.0.13
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and e
 CVE-2009-3631
<= 4.0.12
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when th
 CVE-2009-3630
<= 4.0.12
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows r
 CVE-2009-3629
<= 4.0.13
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13,
 CVE-2009-3628
<= 4.0.12
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows r
 CVE-2008-6699
all versions
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote atta
 CVE-2009-0816
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12,
 CVE-2009-0815
all versions
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6,
 CVE-2008-6145
<= 1.7.0
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow re
 CVE-2008-6144
<= 1.7.0
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for T
 CVE-2009-0258
all versions
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4
 CVE-2009-0257
all versions
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 all
 CVE-2009-0256
all versions
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through
 CVE-2009-0255
>= 4.0 and < 4.0.10
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryptio
7.5HIGH
 CVE-2008-5656
all versions
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 a
 CVE-2008-5644
all versions
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web
 CVE-2008-3050
<= 0.5.0
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to cause
 CVE-2008-3049
<= 0.5.0
The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via un
 CVE-2008-3048
<= 0.5.0
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 has unknown impact and att
 CVE-2008-3043
<= 1.6.2
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to e
 CVE-2008-3042
<= 0.1.0
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack v
 CVE-2008-3041
<= 0.1.0
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack v
 CVE-2008-3040
<= 0.1.0
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obta
 CVE-2008-3039
<= 0.1.0
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to ex
 CVE-2008-3038
<= 0.2.10
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers
 CVE-2008-3037
<= 0.2.10
Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows rem
 CVE-2008-3029
<= 1.6.2
Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows
 CVE-2008-2718
all versions
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.
 CVE-2008-2717
all versions
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern f
 CVE-2008-2345
<= 0.6.0
Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrar
 CVE-2008-2344
all versions
Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to i
 CVE-2007-6381
all versions
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows r
 CVE-2007-1081
<= 4.0.4
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary ema
 CVE-2006-6690
all versions
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 bet
 CVE-2006-5069
<= 4.0.1
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.
 CVE-2006-0327
all versions
TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3
 CVE-2005-4875
<= 3.8.0
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invo
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin