pkg:Packagist/typo3/cms

共 116 筆 CVECRITICAL3HIGH16MEDIUM55LOW3

✅ 檢查你的版本

所有已知漏洞

CRITICAL9.8CVE-2022-47406TYPO3 vulnerable to Insufficient Session Expiration
from 0, < 2.0.5
CRITICAL9.8CVE-2011-3583Typo3 SQL injection due to faulty prepared statements
>= 4.5.0, <= 4.5.5
CRITICAL9.8CVE-2011-4628Typo3 Authentication Bypass
from 0, < 4.3.12
HIGH8.8CVE-2023-24814TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
>= 10.0.0, < 10.4.35
HIGH8.8CVE-2019-12747TYPO3 Vulnerable to Insecure Deserialization
>= 8.0.0, < 8.7.27
HIGH8.8CVE-2019-19849TYPO3 Insecure Deserialization in Query Generator & Query View
>= 10.0.0, < 10.2.1
HIGH8.8CVE-2017-14251TYPO3 Arbitrary Code Execution
>= 7.6.0, < 7.6.22
HIGH8.8CVE-2021-41113Cross-Site-Request-Forgery in Backend
>= 11.2.0, < 11.5.0
HIGH8.8CVE-2020-15098Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
>= 10.0.0, < 10.4.6
HIGH8.8CVE-2020-11067Insecure Deserialization in Backend User Settings in TYPO3 CMS
>= 10.0.0, < 10.4.2
HIGH8.7CVE-2020-11066Class destructors causing side-effects when being unserialized in TYPO3 CMS
>= 10.0.0, < 10.4.2
HIGH8.6CVE-2021-21355Unrestricted File Upload in Form Framework
>= 10.0.0, < 10.4.14
HIGH8.3CVE-2021-21357Broken Access Control in Form Framework
>= 10.0.0, < 10.4.14
HIGH8.1CVE-2020-26228Cleartext storage of session identifier
>= 10.0.0, < 10.4.10
HIGH8.1CVE-2020-15099Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
>= 10.0.0, < 10.4.6
HIGH8.0CVE-2020-11069Backend Same-Site Request Forgery in TYPO3 CMS
>= 10.0.0, < 10.4.2
HIGH7.5CVE-2022-23503TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
>= 10.0.0, < 10.4.33
HIGH7.5CVE-2019-11832TYPO3 Image Processing susceptible to Code Execution
>= 8.0.0, < 8.7.25
HIGH7.1CVE-2019-10912Deserialization of untrusted data in Symfony
>= 9.0.0, < 9.5.8
MEDIUM6.8CVE-2019-19848TYPO3 Directory Traversal on ZIP extraction
>= 10.0.0, < 10.2.2
MEDIUM6.5CVE-2013-7073typo3-src - several
>= 4.5.0, < 4.5.32
MEDIUM6.5CVE-2011-4904Typo3 Improper Access Control
from 0, < 4.4.9
MEDIUM6.5CVE-2011-4900Typo3 Information Disclosure
from 0, < 4.5.4
MEDIUM6.5CVE-2011-4901Typo3 Arbitrary Information Disclosure
from 0, < 4.3.12
MEDIUM6.5CVE-2011-4902Typo3 Arbitrary File Delete
from 0, < 4.3.12
MEDIUM6.5CVE-2011-4627Typo3 Information Disclosure
from 0, < 4.3.12
MEDIUM6.4CVE-2021-32669Cross-Site Scripting in Backend Grid View
>= 10.0.0, < 10.4.18
MEDIUM6.4CVE-2021-32668Cross-Site Scripting in Query Generator & Query View
>= 10.0.0, < 10.4.18
MEDIUM6.4CVE-2021-32667Cross-Site Scripting in Page Preview
>= 10.0.0, < 10.4.18
MEDIUM6.3CVE-2013-7075TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
>= 4.5.0, < 4.5.32
MEDIUM6.1CVE-2022-23499TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
>= 10.0.0, < 10.4.33
MEDIUM6.1CVE-2022-36020TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
>= 10.0.0, < 10.4.32
MEDIUM6.1CVE-2019-12748Typo3 Cross-Site Scripting in Link Handling
>= 8.0.0, < 8.7.27
MEDIUM6.1CVE-2020-8091Typo3 Cross-Site Scripting in Flash component (ELTS)
>= 7.0.0, < 7.2.0
MEDIUM6.1CVE-2015-8760TYPO3 allows remote attackers to embed Flash videos from external domain
>= 6.2.0, < 6.2.16
MEDIUM6.1CVE-2016-4056TYPO3 Backend component Cross-site scripting (XSS) vulnerability
>= 6.2.0, < 6.2.19
MEDIUM6.1CVE-2011-4903Typo3 XSS in RemoveXSS function
from 0, < 4.3.12
MEDIUM6.1CVE-2021-32768Cross-Site Scripting via Rich-Text Content
>= 10.0.0, < 10.4.19
MEDIUM6.1CVE-2021-21338Open Redirection in Login Handling
>= 10.0.0, < 10.4.14
MEDIUM6.1CVE-2020-26227Cross-Site Scripting in Fluid view helpers
>= 10.0.0, < 10.4.10
MEDIUM6.1CVE-2018-17960Ckeditor XSS Vulnerability
>= 8.0.0, < 8.7.21
MEDIUM6.1CVE-2018-14041Bootstrap Cross-site Scripting vulnerability
>= 8.0.0, < 8.7.23
MEDIUM6.0CVE-2022-31050Insufficient Session Expiration in TYPO3's Admin Tool
>= 10.0.0, < 10.4.29
MEDIUM5.9CVE-2022-23501TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
>= 10.0.0, < 10.4.33
MEDIUM5.9CVE-2022-23500TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
>= 10.0.0, < 10.4.33
MEDIUM5.9CVE-2022-36104TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
>= 11.4.0, < 11.5.16
MEDIUM5.9CVE-2021-21359Denial of Service in Page Error Handling
>= 10.0.0, < 10.4.14
MEDIUM5.9CVE-2021-21339Cleartext storage of session identifier
>= 10.0.0, < 10.4.14
MEDIUM5.7CVE-2022-23504TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
>= 10.0.0, < 10.4.33
MEDIUM5.5CVE-2019-19850TYPO3 SQL Injection in low-level Query Generator
>= 8.0, < 8.7.30
MEDIUM5.4CVE-2022-23502TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
>= 10.0.0, < 10.4.33
MEDIUM5.4CVE-2022-36106TYPO3 CMS missing check for expiration time of password reset token for backend users
>= 10.4.0, < 10.4.32
MEDIUM5.4CVE-2022-36107TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
>= 10.0.0, < 10.4.32
MEDIUM5.4CVE-2022-36108TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
>= 10.3.0, < 10.4.32
MEDIUM5.4CVE-2022-31049Cross-Site Scripting in TYPO3's Frontend Login Mailer
>= 10.0.0, < 10.4.29
MEDIUM5.4CVE-2022-31048Cross-Site Scripting in TYPO3's Form Framework
>= 10.0.0, < 10.4.29
MEDIUM5.4CVE-2015-8756TYPO3 CMS indexed search Cross-site Scripting vulnerability
>= 6.2.0, < 6.2.16
MEDIUM5.4CVE-2015-8759TYPO3 Cross-site Scripting vulnerability
>= 6.2.0, < 6.2.16
MEDIUM5.4CVE-2015-8755Typo3 XSS Vulnerability
>= 6.2, < 6.2.16
MEDIUM5.4CVE-2011-4630Typo3 XSS Vulnerability
>= 4.5.0, < 4.5.4
MEDIUM5.4CVE-2011-4632Typo3 XSS Vulnerabilities
from 0, < 4.3.12
MEDIUM5.4CVE-2021-21370Cross-Site Scripting in Content Preview (CType menu)
>= 10.0.0, < 10.4.14
MEDIUM5.4CVE-2021-21358Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
>= 10.0.0, < 10.4.14
MEDIUM5.4CVE-2021-21340Cross-Site Scripting in Content Preview
>= 10.0.0, < 10.4.14
MEDIUM5.4CVE-2020-11065Cross-Site Scripting in TYPO3 CMS Link Handling
>= 10.0.0, < 10.4.2
MEDIUM5.4CVE-2020-11064Cross-Site Scripting in TYPO3 CMS Form Engine
>= 10.0.0, < 10.4.2
MEDIUM5.3CVE-2022-36105TYPO3 CMS vulnerable to User Enumeration via Response Timing
>= 10.0.0, < 10.4.32
MEDIUM5.3CVE-2022-31047Insertion of Sensitive Information into Log File in typo3/cms-core
>= 10.0.0, < 10.4.29
MEDIUM5.3CVE-2017-6370TYPO3 Information Disclosure Vulnerability
MEDIUM5.3CVE-2021-32767Information Disclosure in User Authentication
>= 10.0.0, < 10.4.18
MEDIUM4.8CVE-2018-6905Typo3 XSS Vulnerability
from 0, < 9.2.0
MEDIUM4.8CVE-2021-41114HTTP Host Header Injection
>= 11.0.0, < 11.5.0
MEDIUM4.7CVE-2020-15241Cross-Site Scripting in ternary conditional operator
>= 8.0.0, < 8.7.25
MEDIUM4.3CVE-2022-31046Information Disclosure via Export Module
>= 10.0.0, < 10.4.29
LOW3.7CVE-2020-26229XML External Entity in Dashboard Widget
>= 10.0.0, < 10.4.10
LOW3.7CVE-2020-11063Information Disclosure in Password Reset
>= 10.0.0, < 10.4.2
LOW3.0CVE-2013-7074TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
>= 4.5.0, < 4.5.32
—CVE-2010-3714typo3-src - several vulnerabilities
>= 4.2.0, < 4.2.15
—CVE-2012-1607TYPO3 allows remote attackers to obtain the database name via a direct request
>= 4.4.0, <= 4.4.13
—CVE-2012-1606typo3-src - several
>= 4.4.0, < 4.4.14
—CVE-2012-1608Typo3 API XSS Vulnerabilities
>= 4.4.0, < 4.4.14
—CVE-2012-1605Typo3 Extbase Framework Unsafe Deserialization
>= 4.6, < 4.6.7
—CVE-2012-6146Typo3 Backend History Module Vulnerable to XSS
>= 4.5, < 4.5.21
—CVE-2013-4321TYPO3 vulnerable to remote authenticated arbitrary code execution
>= 6.0.0, < 6.0.9
—CVE-2013-4250TYPO3 doesn't properly check file extensions
>= 6.0.0, < 6.0.8
—CVE-2014-3944TYPO3 Improper Session Invalidation
>= 6.2.0, < 6.2.3
—CVE-2014-3946Typo3 Information Disclosure
>= 6.2.0, < 6.2.3
—CVE-2014-3945TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash
from 0, < 6.2.0
—CVE-2014-9509Typo3 Vulnerable to Cache Poisoning
>= 4.5.0, < 4.5.39
—CVE-2013-4701PHP OpenID Library Denial of Service vulnerability
>= 6.2.0, < 6.2.6
—CVE-2014-9508Typo3 Open Redirect In Frontend Rendering
>= 4.5.0, < 4.5.39
—CVE-2010-5101TYPO3 Directory Traversal vulnerability
>= 4.2.0, < 4.2.16
—CVE-2010-5099TYPO3 Path Traversal vulnerability
>= 4.2.0, < 4.2.16
—CVE-2010-5103TYPO3 SQL Injection vulnerability
>= 4.2.0, < 4.2.16
—CVE-2012-2112typo3-src - cross site scripting
>= 4.4, < 4.4.15
—CVE-2012-3527typo3-src - several
>= 4.5.0, < 4.5.19
—CVE-2012-3528Typo3 Backend XSS Vulnerability
>= 4.5, < 4.5.19
—CVE-2012-3529Typo3 Backend Configuration XSS Vulnerability
>= 4.5, < 4.5.19
—CVE-2012-3530Typo3 API XSS Vulnerability
>= 4.5, < 4.5.19
—CVE-2012-3531Typo3 Install Tool XSS Vulnerability
>= 4.5, < 4.5.19
—CVE-2012-6148Typo3 Function Menu API XSS Vulnerability
>= 4.5.0, < 4.5.21
—CVE-2012-6147Typo3 Backend API XSS Vulnerability
>= 4.5.0, < 4.5.21
—CVE-2012-6144typo3-src - several
>= 4.5.0, < 4.5.21
—CVE-2012-6145Typo3 Backend History Module Vulnerable to XSS
>= 4.5.0, < 4.5.21
—CVE-2014-3941typo3-src - security update
>= 4.5.0, < 4.5.34
—CVE-2014-3942TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
>= 4.5.0, < 4.5.34
—CVE-2014-3943Typo3 XSS Vulnerabilities
>= 4.5.0, < 4.5.34
—CVE-2015-5956TYPO3 cross-site scripting (XSS)
>= 6.0, < 6.2.15
—CVE-2013-7341Moodle cross-site scripting (XSS) vulnerabilities
>= 6.2.0, < 6.2.14
—CVE-2010-1153TYPO3 PHP remote file inclusion vulnerability
>= 4.3.0, < 4.3.3
—CVE-2009-3635TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential
from 0, <= 4.0.13
—CVE-2009-0816Typo3 Backend XSS Vulnerability
>= 3.3.0
—CVE-2009-0815typo3 - several vulnerabilities
>= 3.3, < 4.0.12
—CVE-2009-0258Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection
>= 4.0.0, < 4.0.10
—CVE-2009-0256Authentication library in TYPO3 vulnerable to session fixation
>= 4.0.0, < 4.0.10
—CVE-2005-4875TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/`
from 0, < 3.8.1