typo3/cms Security Advisories for v8.7.19 (33)
-
[MEDIUM] Typo3 XSS Vulnerability
PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75
Affected version: <9.2.0
Reported by:
GitHub -
[HIGH] TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
PKSA-tb1c-8bnf-mvmf CVE-2020-26228 GHSA-954j-f27r-cj52
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
PKSA-7sv8-gd3z-zptc CVE-2020-26227 GHSA-vqqx-jw6p-q3rf
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Insecure Deserialization in Query Generator & Query View
PKSA-fyxc-qkr6-f3ry CVE-2019-19849 GHSA-rcgc-4xfc-564v
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SQL Injection in low-level Query Generator
PKSA-8qsb-zpqf-kwq2 CVE-2019-19850 GHSA-59pj-7mjh-4465
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Directory Traversal on ZIP extraction
PKSA-187n-yk48-q1fv CVE-2019-19848 GHSA-77p4-wfr8-977w
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Form Framework validation handling
PKSA-mk73-2ss9-7t3h GHSA-v5jp-4h2p-j2p4
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Link Handling
PKSA-mgq1-q3nx-4qhb GHSA-5gr6-97fv-52cc
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible Insecure Deserialization in Extbase Request Handling
PKSA-7wb5-3v3w-d2zd GHSA-qr5f-6fcv-w69q
Affected version: >=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Filelist Module
PKSA-jfwm-f2y6-dfw3 GHSA-2rcw-9hrm-8q7q
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Insecure Deserialization in TYPO3 CMS
PKSA-bz6f-yjw4-93sv CVE-2019-12747 GHSA-86hp-xrhj-fhpq
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Link Handling
PKSA-shfj-qhnv-r9fs CVE-2019-12748 GHSA-r6fv-56gp-j3r4
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Security Misconfiguration in Frontend Session Handling
PKSA-s18m-y85n-1v87 GHSA-r9vc-jfmh-6j48
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Arbitrary Code Execution and Cross-Site Scripting in Backend API
PKSA-5tf7-6x9k-c3q3 GHSA-mh3r-6cp5-hc2j
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure in Backend User Interface
PKSA-vnc3-kwhr-kmwj GHSA-8m6j-p5jv-v69w
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Possible Arbitrary Code Execution in Image Processing
PKSA-k6fx-zsn9-8q9f CVE-2019-11832 GHSA-3w4h-r27h-4r2w
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Fluid Engine
PKSA-dmbp-4kzv-9s4r CVE-2020-15241 GHSA-7733-hjv6-4h47
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Security Misconfiguration in User Session Handling
PKSA-r81x-w89x-1vq9 GHSA-g585-crjf-vhwq
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Bootstrap CSS toolkit
PKSA-ww37-6vs7-z8br CVE-2018-14041 GHSA-pj7m-g53m-7638
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Arbitrary Code Execution via File List Module
PKSA-5bn3-rb6y-yskr GHSA-jqr8-q455-xx45
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Security Misconfiguration for Backend User Accounts
PKSA-vzzk-7qkd-5r89 GHSA-67wg-6j7r-mqh8
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Broken Access Control in Localization Handling
PKSA-1g5v-h1gj-cdpx GHSA-m96r-7vqm-j95g
Affected version: >=8.0.0,<8.7.23
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure of Installed Extensions
PKSA-5v3b-yhjz-2p8k GHSA-xgmx-j3hv-jh9x
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Form Framework
PKSA-1gbs-82ww-81jy GHSA-7q33-hxwj-7p8v
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Fluid ViewHelpers
PKSA-x7y9-5n9c-2k2x GHSA-f3wf-q4fj-3gxf
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in CKEditor
PKSA-qmq7-q129-2wts CVE-2018-17960 GHSA-g68x-vvqq-pvw3
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure in Install Tool
PKSA-t1pf-cbfj-xyc5 GHSA-75mx-chcf-2q32
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Denial of Service in Online Media Asset Handling
PKSA-41jf-hqcz-2mxn GHSA-9895-53fc-98v2
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Online Media Asset Rendering
PKSA-94ws-swjq-dm6m GHSA-3jxq-5xhh-9jr3
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Backend Modal Component
PKSA-qzm7-ztqf-vx98 GHSA-86r8-4g3w-7xjp
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Denial of Service in Frontend Record Registration
PKSA-6wyc-z3gy-thx1 GHSA-g46h-v2cc-6c94
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Security Misconfiguration in Install Tool Cookie
PKSA-99fq-1t5c-yckv GHSA-ppgf-8745-8pgx
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Frontend User Login
PKSA-j1v4-rzqw-fkx7 GHSA-772m-43f3-hmf8
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories