typo3/cms-core Security Advisories for v9.5.19 (26)
-
[MEDIUM] TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
PKSA-tm11-834c-1wbq CVE-2024-34358 GHSA-36g8-62qv-5957
Affected version: >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47
Reported by:
GitHub -
[MEDIUM] TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
PKSA-443h-dk5w-qm2g CVE-2024-34357 GHSA-hw6c-6gwq-3m3m
Affected version: >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47
Reported by:
GitHub -
[MEDIUM] TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
PKSA-8vkj-4d3h-x586 CVE-2024-34356 GHSA-v6mw-h7w6-59w3
Affected version: >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47
Reported by:
GitHub -
[HIGH] TYPO3 Install Tool vulnerable to Code Execution
PKSA-prgj-sgzn-q6cs CVE-2024-22188 GHSA-5w2h-59j3-8x5w
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] Path Traversal in TYPO3 File Abstraction Layer Storages
PKSA-zz7z-6zsy-d2hc CVE-2023-30451 GHSA-w6x2-jg8h-p6mp
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[HIGH] TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
PKSA-99mg-htb6-c272 CVE-2024-25121 GHSA-rj3x-wvc6-5j66
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
PKSA-h5xk-8nxx-znp4 CVE-2024-25120 GHSA-wf85-8hx9-gj7c
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
PKSA-d551-hdqh-5mmf CVE-2024-25119 GHSA-h47m-3f78-qp9g
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
PKSA-jbhx-knzt-5y6m CVE-2024-25118 GHSA-38r2-5695-334w
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling
PKSA-jp7z-h3vv-yr4s CVE-2023-47127 GHSA-3vmm-7h4j-69rm
Affected version: >=8.0.0,<8.7.55|>=9.0.0,<9.5.44|>=10.0.0,<10.4.41|>=11.0.0,<11.5.33|>=12.0.0,<12.4.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Information Disclosure due to Out-of-scope Site Resolution
PKSA-83hy-ynvj-7pfq CVE-2023-38499 GHSA-jq6g-4v5m-wm9r
Affected version: >=12.0.0,<12.4.4|>=11.0.0,<11.5.30|>=10.0.0,<10.4.39|>=9.4.0,<9.5.42
Reported by:
GitHub -
[MEDIUM] TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content
PKSA-gbv9-2d3q-gcts CVE-2021-32768 GHSA-c5c9-8c6m-727v
Affected version: >=10.0.0,<10.4.19|>=11.0.0,<11.3.2|>=9.0.0,<9.5.29
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication
PKSA-rmrp-g3x4-sq5j CVE-2021-32767 GHSA-34fr-fhqr-7235
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View
PKSA-1c5b-sjdg-7rc3 CVE-2021-32669 GHSA-rgcg-28xm-8mmw
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View
PKSA-txkp-tzqy-rz72 CVE-2021-32668 GHSA-6mh3-j5r5-2379
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview
PKSA-tpdb-shwd-489h CVE-2021-32667 GHSA-8mq9-fqv8-59wf
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview
PKSA-wqbp-c8pr-qp5w CVE-2021-21370 GHSA-x7hc-x7fm-f7qh
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier
PKSA-k7qq-jvk9-4s56 CVE-2021-21339 GHSA-qx3w-4864-94ch
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling
PKSA-8svt-p3nh-mpwn CVE-2021-21359 GHSA-4p9g-qgx9-397p
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework
PKSA-xg1n-zvqv-pswm CVE-2021-21357 GHSA-3vg7-jw9m-pc3f
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework
PKSA-nxc9-3rpx-fj8p CVE-2021-21355 GHSA-2r6j-862c-m2v2
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling
PKSA-bmvt-8jd1-qp5w CVE-2021-21338 GHSA-4jhw-2p6j-5wmp
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
PKSA-cqmn-5jhg-hqxx CVE-2020-26228 GHSA-954j-f27r-cj52
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
PKSA-2ynr-pyxr-sckk CVE-2020-26227 GHSA-vqqx-jw6p-q3rf
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure
PKSA-d1gc-jvn6-g46m CVE-2020-15098 GHSA-m5vr-3m74-jwxp
Affected version: >=10.0.0,<10.4.6|>=9.0.0,<9.5.20
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-007: Potential Privilege Escalation
PKSA-kzft-dxcq-xwfm CVE-2020-15099 GHSA-3x94-fv5h-5q2c
Affected version: >=10.0.0,<10.4.6|>=9.0.0,<9.5.20
Reported by:
GitHub, FriendsOfPHP/security-advisories