typo3/cms Security Advisories for 7.2.0 (22)
-
[MEDIUM] Typo3 XSS Vulnerability
PKSA-5qtp-bmj9-5zqr CVE-2015-8755 GHSA-56f9-5563-m2h7
Affected version: >=7.0,<7.6.1|>=6.2,<6.2.16
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75
Affected version: <9.2.0
Reported by:
GitHub -
[MEDIUM] Information Disclosure in Install Tool
PKSA-t1pf-cbfj-xyc5 GHSA-75mx-chcf-2q32
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Denial of Service in Online Media Asset Handling
PKSA-41jf-hqcz-2mxn GHSA-9895-53fc-98v2
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Online Media Asset Rendering
PKSA-94ws-swjq-dm6m GHSA-3jxq-5xhh-9jr3
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Backend Modal Component
PKSA-qzm7-ztqf-vx98 GHSA-86r8-4g3w-7xjp
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Denial of Service in Frontend Record Registration
PKSA-6wyc-z3gy-thx1 GHSA-g46h-v2cc-6c94
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Security Misconfiguration in Install Tool Cookie
PKSA-99fq-1t5c-yckv GHSA-ppgf-8745-8pgx
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Frontend User Login
PKSA-j1v4-rzqw-fkx7 GHSA-772m-43f3-hmf8
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
PKSA-z3s2-rzbm-sz8q GHSA-f5rr-9r84-wwqf
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Authentication Bypass in TYPO3 CMS
PKSA-b9qm-1gk1-gg53 GHSA-f777-f784-36gm
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting vulnerability in typolinks
PKSA-m77p-d7vq-9f8t GHSA-r287-hc8j-w56h
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
PKSA-ndcf-67nc-gxt9 GHSA-gwfx-p7mr-f92v
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Multiple Cross-Site Scripting vulnerabilities in frontend
PKSA-p5kg-j47t-6hk4 GHSA-p5c5-gmj4-g48f
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Backend: Non-Persistent Cross-Site Scripting
PKSA-gh78-xr39-8wwk CVE-2015-5956 GHSA-989h-wv8x-933p
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Frontend: Unauthenticated Path Disclosure
PKSA-z28m-xm9h-qp6g GHSA-xvcp-33rc-j8gq
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in 3rd party library Flowplayer
PKSA-42qs-kcsv-zvxq CVE-2013-7341 GHSA-j6c3-3c4w-qv8p
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure possibility exploitable by Editors
PKSA-9p1y-wbjp-2yn7 GHSA-pmxp-7224-h794
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting exploitable by Editors
PKSA-83dv-xmw9-2793 GHSA-j86x-pjmr-9m6w
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Access bypass when editing file metadata
PKSA-v937-s8pv-pxfv GHSA-qmwf-j7g7-f5jw
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Brute Force Protection Bypass in backend login
PKSA-bmjh-mrv6-6mhj GHSA-v4qr-8h2v-qpjx
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Frontend login Session Fixation
PKSA-hpcb-f6d4-dg4y GHSA-4h5c-5g25-v7fh
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories