typo3/cms Security Advisories for 7.6.2 (34)
-
[HIGH] TYPO3 Arbitrary Code Execution
PKSA-pt33-g1gs-b8wt CVE-2017-14251 GHSA-fh4q-hxrw-cjqq
Affected version: >=8.0.0,<8.7.5|>=7.6.0,<7.6.22
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75
Affected version: <9.2.0
Reported by:
GitHub -
[MEDIUM] Information Disclosure in Install Tool
PKSA-t1pf-cbfj-xyc5 GHSA-75mx-chcf-2q32
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Denial of Service in Online Media Asset Handling
PKSA-41jf-hqcz-2mxn GHSA-9895-53fc-98v2
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Online Media Asset Rendering
PKSA-94ws-swjq-dm6m GHSA-3jxq-5xhh-9jr3
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Backend Modal Component
PKSA-qzm7-ztqf-vx98 GHSA-86r8-4g3w-7xjp
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Denial of Service in Frontend Record Registration
PKSA-6wyc-z3gy-thx1 GHSA-g46h-v2cc-6c94
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Security Misconfiguration in Install Tool Cookie
PKSA-99fq-1t5c-yckv GHSA-ppgf-8745-8pgx
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Frontend User Login
PKSA-j1v4-rzqw-fkx7 GHSA-772m-43f3-hmf8
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
PKSA-z3s2-rzbm-sz8q GHSA-f5rr-9r84-wwqf
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Authentication Bypass in TYPO3 CMS
PKSA-b9qm-1gk1-gg53 GHSA-f777-f784-36gm
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Information Disclosure in TYPO3 CMS
PKSA-mnvr-nmxv-xndp GHSA-qffc-gwpp-m2xr
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Information Disclosure in TYPO3 CMS
PKSA-k469-q3x3-m5wx GHSA-c7p6-3c9c-f88q
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Arbitrary Code Execution in TYPO3 CMS
PKSA-ycd2-g5rr-5v84 GHSA-h934-f4m4-wc8x
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 CMS
PKSA-v896-gj2z-rpdn GHSA-q9c4-9v5m-597p
Affected version: >=7.6.0,<7.6.16|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Remote Code Execution in third party library swiftmailer
PKSA-y99p-vnsv-h8zb GHSA-85ch-44w7-rf32
Affected version: >=6.2.0,<6.2.30|>=7.6.0,<7.6.15|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Insecure Unserialize in TYPO3 Backend
PKSA-p9pn-ckkr-j9gj GHSA-vgm8-r9gm-fw59
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Path Traversal in TYPO3 Core
PKSA-ycv6-vk58-crph GHSA-g7hw-jh4p-75wr
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cache Flooding in TYPO3 Frontend
PKSA-5nxh-6dvz-pwx2 GHSA-8h28-f46f-m87h
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 Backend
PKSA-p1xw-bm9t-9mgz GHSA-pw2q-qwvj-gh43
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cross-Site Scripting vulnerability in typolinks
PKSA-qkq5-q75r-wn3g GHSA-7qwg-fcpw-xg5g
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure in TYPO3 Backend
PKSA-q6zv-zcsh-21h8 GHSA-6f9m-v7mp-7jjq
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 Backend
PKSA-h9f8-fcdd-y5cz GHSA-g9rv-6g56-65h8
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in third party library mso/idna-convert
PKSA-7xg5-dg5x-pjsz GHSA-259v-xm34-p7fr
Affected version: >=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Insecure Unserialize in TYPO3 Import/Export
PKSA-8qyh-77q4-9nh2 GHSA-8h4m-r4wm-xj7r
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SQL Injection in TYPO3 Frontend Login
PKSA-b4tx-8wsn-x1b1 GHSA-6487-3qvg-8px9
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Missing Access Check in TYPO3 CMS
PKSA-6w93-8p38-vgt5 GHSA-f624-8hfq-5fh3
Affected version: >=6.2.0,<6.2.25|>=7.6.0,<7.6.8|>=8.0.0,<8.1.1|>=8.1.0,<8.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Privilege Escalation in TYPO3 CMS
PKSA-3s1d-fjtc-fcqw GHSA-5cxf-xx9j-54jc
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Authentication Bypass in TYPO3 CMS
PKSA-prb5-15dp-gbwb GHSA-6xh8-8pfv-53vx
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cross-Site Scripting in TYPO3 Backend
PKSA-yr4d-8qdk-2g3v GHSA-c5mj-39cf-3pp5
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] XML External Entity (XXE) Processing in TYPO3 Core
PKSA-smvw-xwn8-cj9h GHSA-mxjf-hc9v-xgv2
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Denial of Service attack possibility in TYPO3 component Indexed Search
PKSA-g4rd-ftcg-mjm7 GHSA-wh8q-72cp-p5wf
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 component CSS styled content
PKSA-ry96-ymk5-v9rd GHSA-wrpf-2x8h-82gr
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in link validator component
PKSA-xpn2-bkrt-rhyf GHSA-hq37-rfjc-mr8h
Affected version: >=6.2.0,<6.2.18|>=7.6.0,<7.6.3
Reported by:
GitHub, FriendsOfPHP/security-advisories