Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist typo3/cms-core Security Advisories

Loading...
High
GSA_kwCzR0hTQS01aDV2LW01OTYtcjZyZs4AA8kJ
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS02eHdmLTdyZm0tNGd3Y84AA8kI
TYPO3 Cross-Site Scripting in Filelist Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS00cHByLWp3NDctOXFtNc4AA8kG
TYPO3 Cross-Site Scripting in Link Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS05NXFtLTN4cDctdmZqNc4AA8kF
TYPO3 Cross-Site Scripting in Form Framework validation handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 23 days ago
High
GSA_kwCzR0hTQS14NDI4LTU2NWYtOHhqMs4AA8kE
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1nNzc2LTc1OXItcGY2eM4AA8kD
TYPO3 Broken Access Control in Import Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 23 days ago
High
GSA_kwCzR0hTQS04MnZwLWpyMzktNGoyas4AA8kC
TYPO3 Security Misconfiguration in Frontend Session Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1ydjhyLThtaDUtNTM3Ns4AA8kB
TYPO3 Information Disclosure in Backend User Interface
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS13ajg1LXJnNWctdjhqbc4AA8kA
TYPO3 Information Disclosure in User Authentication
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1wMmg0LTdmcDMtY21oOM4AA8j_
TYPO3 Disclosure of Information about Installed Extensions
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS13dnZwLWp3ZjUtcWNwY84AA8j-
TYPO3 Information Disclosure in Page Tree
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS14bWdyLWpmZjMtZmNmds4AA8j9
TYPO3 Security Misconfiguration in User Session Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS00NDU5LXFyY2MtdmZjZs4AA8j8
TYPO3 Cross-Site Scripting in Form Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS03NnIzLW02MzUtcDN2Y84AA8j7
TYPO3 Cross-Site Scripting in Language Pack Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 23 days ago
High
GSA_kwCzR0hTQS1mOWhyLTdjZnEtbWpnMs4AA8j6
TYPO3 Arbitrary Code Execution via File List Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS05cng5LTdmbWgtZ2ozZ84AA8j5
TYPO3 Broken Access Control in Localization Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS0yMnE3LWNnNHItcDlteM4AA8j4
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 23 days ago
High
GSA_kwCzR0hTQS1yeGM5LWYyeDYtcWg0d84AA8j3
TYPO3 Security Misconfiguration for Backend User Accounts
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 23 days ago
High
GSA_kwCzR0hTQS1oang1LXY5eGctN2gyNc4AA8j2
TYPO3 Denial of Service in Frontend Record Registration
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS0yOW00LW14ODktM21qZ84AA8j1
TYPO3 Denial of Service in Online Media Asset Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS02NmMyLTdnNHAtd3g0cM4AA8j0
TYPO3 Information Disclosure in Install Tool
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 23 days ago
High
GSA_kwCzR0hTQS1wcHZnLWh3NjItNnBoOc4AA8jz
TYPO3 Security Misconfiguration in Install Tool Cookie
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS04YzI1LXZqMnctcDcyas4AA8jy
TYPO3 Cross-Site Scripting in Frontend User Login
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1nNGM5LXFmdnctZm1yNM4AA8jx
TYPO3 Cross-Site Scripting in Backend Modal Component
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 23 days ago
High
GSA_kwCzR0hTQS05NmpnLXBtYzQtY3gzOc4AA8jw
TYPO3 CMS Insecure Deserialization
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS13ZzhoLWd4ZjQtZzRnaM4AA8jv
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 23 days ago
High
GSA_kwCzR0hTQS00NXdqLWp2MmgtandyZs4AA8ju
TYPO3 CMS Privilege Escalation and SQL Injection
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 23 days ago
Critical
GSA_kwCzR0hTQS1jYzk3LWc5Mnctam02Nc4AA8jt
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: 23 days ago
High
GSA_kwCzR0hTQS14NHJqLWY3bTYtNDJjM84AA8js
TYPO3 CMS Authentication Bypass vulnerability
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS0zNmc4LTYycXYtNTk1N84AA8EK
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1odzZjLTZnd3EtM20zbc4AA8EJ
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12Nm13LWg3dzYtNTl3M84AA8EI
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14and4LTc4eDctcTZqY84AA8EH
TYPO3 vulnerable to an HTML Injection in the History Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS01dzJoLTU5ajMtOHg1d84AA5RL
TYPO3 Install Tool vulnerable to Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13NngyLWpnOGgtcDZtcM4AA5RJ
Path Traversal in TYPO3 File Abstraction Layer Storages
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1yajN4LXd2YzYtNWo2Ns4AA5P4
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13Zjg1LThoeDktZ2o3Y84AA5P3
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oNDdtLTNmNzgtcXA5Z84AA5P2
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zOHIyLTU2OTUtMzM0d84AA5P0
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zdm1tLTdoNGotNjlybc4AA3GT
TYPO3 vulnerable to Weak Authentication in Session Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 7 months ago
Low
GSA_kwCzR0hTQS1qcTZnLTR2NW0td205cs4AA04k
Information Disclosure due to Out-of-scope Site Resolution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1yNGY4LWY5M3gtNXFoM84AAxfl
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04dzNwLXFoM3gtNmdqcs4AAwSa
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jNXd4LTZjMmMtZjdybc4AAwSZ
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tZ2oyLXE4d3AtMjlycs4AAwSY
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qZnA3LTc5ZzctODlyZs4AAwSX
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04YzI4LTVtcDctdjI0aM4AAwSW
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00N202LTQ2bWotcDIzNc4AAu1r
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mZmZyLTd4NHgtZjk4cc4AAu1V
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tMzkyLTIzNWotOXI3cs4AAu1U
TYPO3 CMS vulnerable to User Enumeration via Response Timing
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01OTU5LTR4NTgtcjhjMs4AAu1T
TYPO3 CMS missing check for expiration time of password reset token for backend users
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05YzZ3LTU1Y3AtNXcyNc4AAu1S
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mdjJtLTkyNDktcXg4Nc4AAu1R
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ncXFmLWc1cjctODR2Zs4AAuzy
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13d2p3LXIzZ2otMzlmcc4AArtR
Insufficient Session Expiration in TYPO3's Admin Tool
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNG14LXh2OTYtMmpnbc4AArtQ
Cross-Site Scripting in TYPO3's Frontend Login Mailer
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zcjk1LTIzanAtbWh2Z84AArtP
Cross-Site Scripting in TYPO3's Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1maDk5LTRwZ3ItOGo5Oc4AArtO
Insertion of Sensitive Information into Log File in typo3/cms-core
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04Z212LTlod2ctdzg5Z84AArtN
Information Disclosure via Export Module
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS04NmhwLXhyaGotZmhwcc4AAq1y
Typo3 Vulnerable to Insecure Deserialization
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNmZ2LTU2Z3AtajNyNM4AAq1k
Typo3 Cross-Site Scripting in Link Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zdzRoLXIyN2gtNHIyd84AAqx4
TYPO3 Image Processing susceptible to Code Execution
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OXBqLTdtamgtNDQ2Nc4AAi_a
TYPO3 SQL Injection in low-level Query Generator
Ecosystems: packagist
Packages: typo3/cms-core, typo3/cms
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03N3A0LXdmcjgtOTc3d84AAi_T
TYPO3 Directory Traversal on ZIP extraction
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yY2djLTR4ZmMtNTY0ds4AAi_c
TYPO3 Insecure Deserialization in Query Generator & Query View
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tNjRqLWoyNTItanhtcs4AAfKx
TYPO3 SQL injection vulnerability in the Extbase Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03Z3hxLTVxcWMtdjNmY84AAfKp
TYPO3 Open redirect vulnerability in the Access tracking mechanism
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNjc0LW1jOXAtaHZ3Nc4AAe0A
TYPO3 Improper Access Control vulnerability
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01Zmo4LXdoM2ctcXZxMs4AAez-
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wOWpnLTl3ODctNnJnNM4AAeik
TYPO3 Improper Access Management in the File Abstraction Layer
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14Z2MyLXE5MjgtMjd3ds4AAaYS
TYPO3 Sensitive Information Disclosure via escapeStrForLike method
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xajY5LWNoanAtZzRmNc4AAZvc
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01Y21jLXIyM20taHZycs4AAZvX
TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tN3JnLTg1ZzgtMjhtOc3Mxw
TYPO3 API function vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mMzVwLWhjd2YtOWY5Zs24bw
TYPO3 Unrestricted File Upload vulnerability
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01ZjJmLWhyMjMtajU5as0-Mg
TYPO3 is vulnerable to Information Disclosure in the HTML mailing API
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02NTdtLXY1dm0tZjZyd80WJw
Cross-Site-Request-Forgery in Backend
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tMmpoLWZ4dzQtZ3Bobc0WJg
HTTP Host Header Injection
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1YzktOGM2bS03Mjd2
Cross-Site Scripting via Rich-Text Content
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0ZnItZmhxci03MjM1
Information Disclosure in User Authentication
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnY2ctMjh4bS04bW13
Cross-Site Scripting in Backend Grid View
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtaDMtajVyNS0yMzc5
Cross-Site Scripting in Query Generator & Query View
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtcTktZnF2OC01OXdm
Cross-Site Scripting in Page Preview
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3aGMteDdmbS1mN3Fo
Cross-Site Scripting in Content Preview (CType menu)
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwOWctcWd4OS0zOTdw
Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3OWotd2dxdi1nOGgy
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2Zzctanc5bS1wYzNm
Broken Access Control in Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNmotODYyYy1tMnYy
Unrestricted File Upload in Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqaDMtZzhncS05cTky
Cross-Site Scripting in Content Preview
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4M3ctNDg2NC05NGNo
Cleartext storage of session identifier
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqaHctMnA2ai01d21w
Open Redirection in Login Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxcXgtanc2cC1xM3Jm
Cross-Site Scripting in Fluid view helpers
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5Y3AtbWM5Ni1tNHcy
XML External Entity in Dashboard Widget
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1NGotZjI3ci1jajUy
Cleartext storage of session identifier
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3MzMtaGp2Ni00aDQ3
Cross-Site Scripting in ternary conditional operator
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3fluid/fluid
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OTQtZnY1aC01cTJj
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01dnItM203NC1qd3hw
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxZzgtY3J4OS1nOG00
Backend Same-Site Request Forgery in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3ajktNDM0eC05aHZw
Insecure Deserialization in Backend User Settings in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyeGgtaDZoOS1xcnFj
Class destructors causing side-effects when being unserialized in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: about 4 years ago
Statistics
Advisories: 19,336
Packages: 8,539
Repositories: 9
Ecosystems: 12
Filter by Package
moodle/moodle 342 magento/community-edition 204 typo3/cms 174 pimcore/pimcore 117 dolibarr/dolibarr 111 typo3/cms-core 106 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 silverstripe/framework 83 drupal/drupal 76 thorsten/phpmyfaq 70 symfony/symfony 64 librenms/librenms 54 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 39 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 zendframework/zendframework1 34 snipe/snipe-it 33 shopware/shopware 31 mautic/core 30 getgrav/grav 29 centreon/centreon 27 prestashop/prestashop 26 mediawiki/core 24 magento/core 24 grumpydictator/firefly-iii 23 simplesamlphp/simplesamlphp 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 zendframework/zendframework 23 getkirby/cms 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 francoisjacquet/rosariosis 17 symfony/security 17 genix/cms 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 topthink/framework 17 yetiforce/yetiforce-crm 16 ec-cube/ec-cube 15 smarty/smarty 15 openmage/magento-lts 15 phpmailer/phpmailer 14 typo3/cms-backend 14 silverstripe/cms 14 symfony/security-http 14 lavalite/cms 13 october/system 13 elefant/cms 13 bolt/bolt 13 impresscms/impresscms 13 codeigniter4/framework 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 symfony/http-foundation 11 tinymce 11 TinyMCE 11 tinymce/tinymce 11 ezsystems/ezplatform-kernel 11 feehi/feehicms 11 feehi/cms 11 wwbn/avideo 11 pimcore/admin-ui-classic-bundle 11 sylius/sylius 11 yiisoft/yii2 10 ezsystems/ezpublish-legacy 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 admidio/admidio 10 opencart/opencart 10 october/october 9 funadmin/funadmin 9 concrete5/core 9 ssddanbrown/bookstack 9 kevinpapst/kimai2 9 contao/core 9 alextselegidis/easyappointments 9 pimcore/customer-management-framework-bundle 8 gilacms/gila 8 statamic/cms 8 sulu/sulu 8 facturascripts/facturascripts 8 october/cms 8 composer/composer 8 silverstripe/graphql 8 croogo/croogo 8 silverstripe/admin 8 codiad/codiad 8 ezsystems/ezplatform-admin-ui 7 pterodactyl/panel 7 passbolt/passbolt_api 7 mantisbt/mantisbt 7 flarum/core 7 symfony/http-kernel 7 wpglobus/wpglobus 7 october/backend 7 guzzlehttp/guzzle 6 in2code/femanager 6 backdrop/backdrop 6 yourls/yourls 6 oro/platform 6 nystudio107/craft-seomatic 6 gleez/cms 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 vrana/adminer 6 bagisto/bagisto 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/security-core 5 neos/neos 5 neos/flow 5 elgg/elgg 5 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 illuminate/database 5 automad/automad 5 woocommerce/woocommerce 5 silverstripe/assets 5 simplesamlphp/saml2 5 typo3/cms-install 5 phpservermon/phpservermon 5 bottelet/flarepoint 5 pear/archive_tar 5 typo3/flow 5 codeigniter/framework 5 cachethq/cachet 5 anchorcms/anchor-cms 5 billz/raspap-webgui 5 gugoan/economizzer 5 thinkcmf/thinkcmf 5 twig/twig 5 ibexa/core 5 wp-premium/gravityforms 4 notrinos/notrinos-erp 4 magento/product-community-edition 4 appwrite/server-ce 4 evolutioncms/evolution 4 sylius/resource-bundle 4 adodb/adodb-php 4 oro/commerce 4 idno/known 4 symfony/security-bundle 4 wintercms/winter 4 bytefury/crater 4 bref/bref 4 shopware/storefront 4 ezsystems/ezplatform 4 kimai/kimai 4 zendframework/zendopenid 4 typo3/cms-frontend 4 codeigniter4/shield 4 typo3/html-sanitizer 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 modx/revolution 4 spatie/browsershot 4 phpoffice/phpspreadsheet 3 enshrined/svg-sanitize 3 phenx/php-svg-lib 3 tecnickcom/tcpdf 3 zendframework/zend-diactoros 3 joomla/framework 3 symfony/form 3 reportico-web/reportico 3 enhavo/enhavo-app 3 shopxo/shopxo 3 prestashop/productcomments 3 zendframework/zend-http 3 facade/ignition 3 pixelfed/pixelfed 3 limesurvey/limesurvey 3 artesaos/seotools 3 ckeditor4 3 bbpress/bbpress 3 typo3/cms-form 3 quickapps/cms 3 doctrine/orm 3 buddypress/buddypress 3 zencart/zencart 3 verot/class.upload.php 3 illuminate/auth 3 zendframework/zendservice-nirvanix 3 symfony/framework-bundle 3 zendframework/zendservice-audioscrobbler 3