typo3/cms Security Advisories for 6.2.5 (45)
-
[MEDIUM] Typo3 Cross-Site Scripting in Flash component (ELTS)
PKSA-76yg-j1z3-zysm CVE-2020-8091 GHSA-qvhv-pwww-53jj
Affected version: >=7.0.0,<=7.1.0|>=6.2.0,<=6.2.38
Reported by:
GitHub -
[HIGH] Typo3 Vulnerable to Cache Poisoning
PKSA-76w6-8mt2-dy89 CVE-2014-9509 GHSA-5479-gqqr-f9gj
Affected version: >=6.1.0,<=6.1.12|>=6.0.0,<=6.0.14|>=4.7.0,<=4.7.20|>=4.6.0,<=4.6.18|>=7.0.0,<7.0.2|>=6.2.0,<6.2.9|>=4.5.0,<4.5.39
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-5qtp-bmj9-5zqr CVE-2015-8755 GHSA-56f9-5563-m2h7
Affected version: >=7.0,<7.6.1|>=6.2,<6.2.16
Reported by:
GitHub -
[MEDIUM] TYPO3 Backend component Cross-site scripting (XSS) vulnerability
PKSA-mw31-s5jc-c3ww CVE-2016-4056 GHSA-ffcm-vhcw-p32r
Affected version: >=6.2.0,<6.2.19
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75
Affected version: <9.2.0
Reported by:
GitHub -
[MEDIUM] Remote Code Execution in third party library swiftmailer
PKSA-y99p-vnsv-h8zb GHSA-85ch-44w7-rf32
Affected version: >=6.2.0,<6.2.30|>=7.6.0,<7.6.15|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Insecure Unserialize in TYPO3 Backend
PKSA-p9pn-ckkr-j9gj GHSA-vgm8-r9gm-fw59
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Path Traversal in TYPO3 Core
PKSA-ycv6-vk58-crph GHSA-g7hw-jh4p-75wr
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cache Flooding in TYPO3 Frontend
PKSA-5nxh-6dvz-pwx2 GHSA-8h28-f46f-m87h
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 Backend
PKSA-p1xw-bm9t-9mgz GHSA-pw2q-qwvj-gh43
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cross-Site Scripting vulnerability in typolinks
PKSA-qkq5-q75r-wn3g GHSA-7qwg-fcpw-xg5g
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure in TYPO3 Backend
PKSA-q6zv-zcsh-21h8 GHSA-6f9m-v7mp-7jjq
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 Backend
PKSA-h9f8-fcdd-y5cz GHSA-g9rv-6g56-65h8
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Insecure Unserialize in TYPO3 Import/Export
PKSA-8qyh-77q4-9nh2 GHSA-8h4m-r4wm-xj7r
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SQL Injection in TYPO3 Frontend Login
PKSA-b4tx-8wsn-x1b1 GHSA-6487-3qvg-8px9
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Missing Access Check in TYPO3 CMS
PKSA-6w93-8p38-vgt5 GHSA-f624-8hfq-5fh3
Affected version: >=6.2.0,<6.2.25|>=7.6.0,<7.6.8|>=8.0.0,<8.1.1|>=8.1.0,<8.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Arbitrary File Disclosure in Form Component
PKSA-5x8h-hf12-tbch GHSA-wp8j-c736-c5r3
Affected version: >=6.2.0,<6.2.20
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Privilege Escalation in TYPO3 CMS
PKSA-3s1d-fjtc-fcqw GHSA-5cxf-xx9j-54jc
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Authentication Bypass in TYPO3 CMS
PKSA-prb5-15dp-gbwb GHSA-6xh8-8pfv-53vx
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cross-Site Scripting in TYPO3 Backend
PKSA-yr4d-8qdk-2g3v GHSA-c5mj-39cf-3pp5
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] XML External Entity (XXE) Processing in TYPO3 Core
PKSA-smvw-xwn8-cj9h GHSA-mxjf-hc9v-xgv2
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Denial of Service attack possibility in TYPO3 component Indexed Search
PKSA-g4rd-ftcg-mjm7 GHSA-wh8q-72cp-p5wf
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 component CSS styled content
PKSA-ry96-ymk5-v9rd GHSA-wrpf-2x8h-82gr
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 component Backend
PKSA-spfc-tbhw-kh61 GHSA-5wx6-xwxf-q8qj
Affected version: >=6.2.0,<6.2.19
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SQL Injection in dbal
PKSA-yv19-9tq2-fz1m GHSA-pqfv-97hj-g97g
Affected version: >=6.2.0,<6.2.18
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in legacy form component
PKSA-8b88-yvbs-1t53 GHSA-8j9v-4hhh-x43c
Affected version: >=6.2.0,<6.2.18
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in link validator component
PKSA-xpn2-bkrt-rhyf GHSA-hq37-rfjc-mr8h
Affected version: >=6.2.0,<6.2.18|>=7.6.0,<7.6.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in form component
PKSA-dt28-xcfy-z6q8 GHSA-vpr3-rc99-2wpr
Affected version: >=6.2.0,<6.2.18
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting vulnerability in typolinks
PKSA-m77p-d7vq-9f8t GHSA-r287-hc8j-w56h
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cross-Site Scripting in TYPO3 component Indexed Search
PKSA-p8d2-7vg9-dtcf GHSA-4r76-xr68-w7m7
Affected version: >=6.2.0,<6.2.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
PKSA-ndcf-67nc-gxt9 GHSA-gwfx-p7mr-f92v
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Multiple Cross-Site Scripting vulnerabilities in frontend
PKSA-p5kg-j47t-6hk4 GHSA-p5c5-gmj4-g48f
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3 is susceptible to Cross-Site Flashing
PKSA-yxxk-7kcz-vv2r GHSA-hww5-6x85-mc24
Affected version: >=6.2.0,<6.2.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Backend: Non-Persistent Cross-Site Scripting
PKSA-gh78-xr39-8wwk CVE-2015-5956 GHSA-989h-wv8x-933p
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Frontend: Unauthenticated Path Disclosure
PKSA-z28m-xm9h-qp6g GHSA-xvcp-33rc-j8gq
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in 3rd party library Flowplayer
PKSA-42qs-kcsv-zvxq CVE-2013-7341 GHSA-j6c3-3c4w-qv8p
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure possibility exploitable by Editors
PKSA-9p1y-wbjp-2yn7 GHSA-pmxp-7224-h794
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting exploitable by Editors
PKSA-83dv-xmw9-2793 GHSA-j86x-pjmr-9m6w
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Access bypass when editing file metadata
PKSA-v937-s8pv-pxfv GHSA-qmwf-j7g7-f5jw
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Brute Force Protection Bypass in backend login
PKSA-bmjh-mrv6-6mhj GHSA-v4qr-8h2v-qpjx
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Frontend login Session Fixation
PKSA-hpcb-f6d4-dg4y GHSA-4h5c-5g25-v7fh
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible link spoofing on the homepage when anchors are used
PKSA-dt94-3y8h-bht1 CVE-2014-9508 GHSA-v6xv-rmqc-wcc8
Affected version: >=6.2.0,<6.2.9|>=7.0.0,<7.0.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible cache poisining on the homepage when anchors are used
PKSA-9v5z-9wvw-43v7 GHSA-gj48-w74w-8gvm
Affected version: >=6.2.0,<6.2.9|>=7.0.0,<7.0.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Denial of Service in OpenID System Extension
PKSA-gzmh-3pyp-63pp CVE-2013-4701 GHSA-5qp6-78pr-gv8c
Affected version: >=6.2.0,<6.2.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Arbitrary Shell Execution in Swiftmailer library
PKSA-ft16-nmqc-tb4y GHSA-g4pf-3jvq-2gcw
Affected version: >=6.2.0,<6.2.6
Reported by:
GitHub, FriendsOfPHP/security-advisories