typo3/cms Security Advisories for v12.0.0 (6)
-
[HIGH] TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering
PKSA-2dds-jbmg-2pyg CVE-2023-24814 GHSA-r4f8-f93x-5qh3
Affected version: >=10.0.0,<10.4.35|>=11.0.0,<11.5.23|>=12.0.0,<12.2.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-017: By-passing Cross-Site Scripting Protection in HTML Sanitizer
PKSA-836z-82j1-zt6j CVE-2022-23499 GHSA-hvwx-qh2h-xcfj
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
PKSA-72zd-w89p-dd55 CVE-2022-23504 GHSA-8w3p-qh3x-6gjr
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework
PKSA-hnp1-st4h-rkt2 CVE-2022-23503 GHSA-c5wx-6c2c-f7rm
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset
PKSA-cm5x-bvw7-z1ks CVE-2022-23502 GHSA-mgj2-q8wp-29rr
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login
PKSA-sy8t-czj6-2rjr CVE-2022-23501 GHSA-jfp7-79g7-89rf
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories