pkg:Bitnami/typo3

All known vulnerabilities

• HIGH8.8CVE-2023-24814TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
  >= 8.7.0, < 9.7.51, >= 9.0.0, < 9.5.40, >= 10.0.0, < 10.4.36, >= 11.0.0, < 11.5.23, >= 12.0.0, < 12.2.0
• HIGH8.8CVE-2021-41113Cross-Site-Request-Forgery in Backend
  >= 11.2.0, < 11.5.0
• HIGH8.8CVE-2020-15098Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
  >= 9.0.0, < 9.5.20, >= 10.0.0, < 10.4.6
• HIGH8.8CVE-2020-11067Insecure Deserialization in Backend User Settings in TYPO3 CMS
  >= 9.0.0, < 9.5.16, >= 10.0.0, < 10.4.1
• HIGH8.7CVE-2020-11066Class destructors causing side-effects when being unserialized in TYPO3 CMS
  >= 9.0.0, < 9.5.17, >= 10.0.0, < 10.4.2
• HIGH8.6CVE-2021-21355Unrestricted File Upload in Form Framework
  >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• HIGH8.3CVE-2021-21357Broken Access Control in Form Framework
  >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• HIGH8.1CVE-2020-26228Cleartext storage of session identifier
  >= 9.0.0, < 9.5.23, >= 10.0.0, < 10.4.10
• HIGH8.1CVE-2020-15099Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
  >= 9.0.0, < 9.5.20, >= 10.0.0, < 10.4.6
• HIGH8.0CVE-2020-11069Backend Same-Site Request Forgery in TYPO3 CMS
  >= 9.0.0, < 9.5.16, >= 10.0.0, < 10.4.1
• HIGH7.5CVE-2022-23503TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
  >= 8.0.0, < 8.7.49, >= 9.0.0, < 9.5.38, >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20, >= 12.0.0, < 12.1.1
• MEDIUM6.4CVE-2021-32669Cross-Site Scripting in Backend Grid View
  >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.28, >= 10.0.0, < 10.4.17, >= 11.0.0, < 11.3.0
• MEDIUM6.4CVE-2021-32668Cross-Site Scripting in Query Generator & Query View
  >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.28, >= 10.0.0, < 10.4.17, >= 11.0.0, < 11.3.0
• MEDIUM6.4CVE-2021-32667Cross-Site Scripting in Page Preview
  >= 9.0.0, < 9.5.287, >= 10.0.0, < 10.4.17, >= 11.0.0, < 11.3.0
• MEDIUM6.1CVE-2020-8091Typo3 Cross-Site Scripting in Flash component (ELTS)
  >= 6.2.0, < 6.2.39, >= 7.0.0, < 7.1.0
• MEDIUM6.1CVE-2021-32768Cross-Site Scripting via Rich-Text Content
  >= 7.0.0, < 7.6.52, >= 8.0.0, < 8.7.41, >= 9.0.0, < 9.5.28, >= 10.0.0, < 10.4.18, >= 11.0.0, < 11.3.1
• MEDIUM6.1CVE-2021-21338Open Redirection in Login Handling
  >= 6.2.0, < 6.2.57, >= 7.0.0, < 7.6.51, >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM6.1CVE-2020-26227Cross-Site Scripting in Fluid view helpers
  >= 6.2.0, < 6.2.54, >= 7.6.0, < 7.6.48, >= 8.7.0, < 8.7.38, >= 9.0.0, < 9.5.23, >= 10.0.0, < 10.4.10
• MEDIUM6.0CVE-2022-31050Insufficient Session Expiration in TYPO3's Admin Tool
  >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM5.9CVE-2022-23501TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
  from 0, < 8.7.49, >= 9.0.0, < 9.5.38, >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20, >= 12.0.0, < 12.1.1
• MEDIUM5.9CVE-2022-23500TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
  >= 9.0.0, < 9.5.38, >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20
• MEDIUM5.9CVE-2022-36104TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
  >= 11.4.0, < 11.5.15
• MEDIUM5.9CVE-2021-21359Denial of Service in Page Error Handling
  >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.9CVE-2021-21339Cleartext storage of session identifier
  >= 6.2.0, < 6.2.57, >= 7.0.0, < 7.6.51, >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.7CVE-2022-23504TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
  >= 9.0.0, < 9.5.38, >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20, >= 12.0.0, < 12.1.1
• MEDIUM5.5CVE-2023-30451Path Traversal in TYPO3 File Abstraction Layer Storages
  >= 11.5.24, <= 11.5.24
• MEDIUM5.4CVE-2022-23502TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
  >= 10.0.0, < 10.4.33, >= 11.0.0, < 11.5.20, >= 12.0.0, < 12.1.1
• MEDIUM5.4CVE-2022-36106TYPO3 CMS missing check for expiration time of password reset token for backend users
  >= 10.0.0, < 10.4.31, >= 11.0.0, < 11.5.15
• MEDIUM5.4CVE-2022-36107TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
  >= 7.0.0, < 7.6.57, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.36, >= 10.0.0, < 10.4.31, >= 11.0.0, < 11.5.15
• MEDIUM5.4CVE-2022-36108TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
  >= 10.0.0, < 10.4.31, >= 11.0.0, < 11.5.15
• MEDIUM5.4CVE-2022-31049Cross-Site Scripting in TYPO3's Frontend Login Mailer
  >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM5.4CVE-2022-31048Cross-Site Scripting in TYPO3's Form Framework
  >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM5.4CVE-2021-21365Cross-Site Scripting in Bootstrap Package
  from 0, < 7.1.2, >= 8.0.0, < 8.0.8, >= 9.0.0, < 9.0.4, >= 9.1.0, < 9.1.3, >= 10.0.0, < 10.0.10, >= 11.0.0, < 11.0.3
• MEDIUM5.4CVE-2021-21370Cross-Site Scripting in Content Preview (CType menu)
  >= 7.0.0, < 7.6.51, >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.25, >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.4CVE-2021-21358Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
  >= 10.2.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.4CVE-2021-21340Cross-Site Scripting in Content Preview
  >= 10.0.0, < 10.4.14, >= 11.0.0, < 11.1.1
• MEDIUM5.4CVE-2020-11065Cross-Site Scripting in TYPO3 CMS Link Handling
  >= 9.5.12, < 9.5.17, >= 10.2.0, < 10.4.2
• MEDIUM5.4CVE-2020-11064Cross-Site Scripting in TYPO3 CMS Form Engine
  >= 9.0.0, < 9.5.17, >= 10.0.0, < 10.4.2
• MEDIUM5.3CVE-2022-36105TYPO3 CMS vulnerable to User Enumeration via Response Timing
  >= 7.0.0, < 7.6.57, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.36, >= 10.0.0, < 10.4.31, >= 11.0.0, < 11.5.15
• MEDIUM5.3CVE-2022-31047Insertion of Sensitive Information into Log File in typo3/cms-core
  >= 7.0.0, < 7.6.57, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM5.3CVE-2021-32767Information Disclosure in User Authentication
  >= 7.0.0, < 7.6.51, >= 8.0.0, < 8.7.40, >= 9.0.0, < 9.5.27, >= 10.0.0, < 10.4.17, >= 11.0.0, < 11.3.0
• MEDIUM4.8CVE-2021-41114HTTP Host Header Injection
  >= 11.0.0, < 11.5.0
• MEDIUM4.7CVE-2023-47125Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
  >= 8.7.42, < 8.7.55, >= 9.5.29, < 9.5.44, >= 10.4.19, < 10.4.41, >= 11.3.2, < 11.5.33, >= 12.0.0, < 12.4.8
• MEDIUM4.7CVE-2020-15241Cross-Site Scripting in ternary conditional operator
  >= 8.7.25, <= 8.7.25, >= 9.5.6, <= 9.5.6
• MEDIUM4.3CVE-2022-31046Information Disclosure via Export Module
  >= 7.0.0, < 7.6.57, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
• MEDIUM4.2CVE-2023-47127TYPO3 vulnerable to Weak Authentication in Session Handling
  >= 8.0.0, < 8.7.55, >= 9.0.0, < 9.5.44, >= 10.0.0, < 10.4.41, >= 11.0.0, < 11.5.33, >= 12.0.0, < 12.4.8
• LOW3.7CVE-2023-47126Information Disclosure in typo3/cms-install tool
  >= 12.2.0, < 12.4.8
• LOW3.7CVE-2023-38499Information Disclosure due to Out-of-scope Site Resolution
  >= 9.4.0, < 9.5.42, >= 10.0.0, < 10.4.39, >= 11.0.0, < 11.5.30, >= 12.0.0, < 12.4.4
• LOW3.7CVE-2020-26229XML External Entity in Dashboard Widget
  >= 10.0.0, < 10.4.10
• LOW3.7CVE-2020-11063Information Disclosure in Password Reset
  >= 10.4.0, <= 10.4.0, >= 10.4.1, <= 10.4.1