VIR Vulnerability Intelligence Relay

Package impact

php Packagist / typo3/cms-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2013-1842 high 7.5 13y ago TYPO3 SQL injection vulnerability in the Extbase Framework
CVE-2013-1843 medium 6.4 13y ago TYPO3 Open redirect vulnerability in the Access tracking mechanism
CVE-2013-7080 medium 5.8 13y ago TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
CVE-2013-4320 medium 5.5 12y ago TYPO3 Improper Access Management in the File Abstraction Layer
CVE-2013-7081 medium 4.9 13y ago TYPO3 Improper Access Control vulnerability
CVE-2013-7077 medium 4.3 13y ago TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
CVE-2010-5104 medium 4.3 14y ago TYPO3 Sensitive Information Disclosure via escapeStrForLike method
CVE-2013-7078 low 2.6 13y ago TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
CVE-2026-0859 unknown 5mo ago TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
CVE-2025-59016 unknown 9mo ago TYPO3 CMS exposes sensitive information in an error message
CVE-2025-59015 unknown 9mo ago TYPO3 CMS uses insufficient entropy when generating passwords
CVE-2025-59013 unknown 9mo ago TYPO3 CMS has an open‑redirect vulnerability
CVE-2025-47940 unknown 1y ago TYPO3 Allows Privilege Escalation to System Maintainer
CVE-2025-47939 unknown 1y ago TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
CVE-2025-47938 unknown 1y ago TYPO3 Unverified Password Change for Backend Users
CVE-2025-47937 unknown 1y ago TYPO3 Allows Information Disclosure via DBAL Restriction Handling
CVE-2024-55892 unknown 1y ago TYPO3 Potential Open Redirect via Parsing Differences
CVE-2024-34358 unknown 2y ago TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
CVE-2024-34357 unknown 2y ago TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
CVE-2024-34356 unknown 2y ago TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
CVE-2024-34355 unknown 2y ago TYPO3 vulnerable to an HTML Injection in the History Module
CVE-2024-22188 unknown 2y ago TYPO3 Install Tool vulnerable to Code Execution
CVE-2023-30451 unknown 2y ago Path Traversal in TYPO3 File Abstraction Layer Storages
CVE-2024-25121 unknown 2y ago TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
CVE-2024-25120 unknown 2y ago TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
CVE-2024-25119 unknown 2y ago TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
CVE-2024-25118 unknown 2y ago TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
CVE-2023-47127 unknown 3y ago TYPO3 vulnerable to Weak Authentication in Session Handling
CVE-2023-38499 unknown 3y ago Information Disclosure due to Out-of-scope Site Resolution
CVE-2023-24814 unknown 3y ago TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
CVE-2022-23504 unknown 4y ago TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
CVE-2022-23503 unknown 4y ago TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
CVE-2022-23502 unknown 4y ago TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
CVE-2022-23501 unknown 4y ago TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
CVE-2022-23500 unknown 4y ago TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
CVE-2022-36020 unknown 4y ago TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
CVE-2022-36104 unknown 4y ago TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
CVE-2022-36105 unknown 4y ago TYPO3 CMS vulnerable to User Enumeration via Response Timing
CVE-2022-36106 unknown 4y ago TYPO3 CMS missing check for expiration time of password reset token for backend users
CVE-2022-36107 unknown 4y ago TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
CVE-2022-36108 unknown 4y ago TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
CVE-2022-31050 unknown 4y ago Insufficient Session Expiration in TYPO3's Admin Tool
CVE-2022-31049 unknown 4y ago Cross-Site Scripting in TYPO3's Frontend Login Mailer
CVE-2022-31048 unknown 4y ago Cross-Site Scripting in TYPO3's Form Framework
CVE-2022-31047 unknown 4y ago Insertion of Sensitive Information into Log File in typo3/cms-core
CVE-2022-31046 unknown 4y ago Information Disclosure via Export Module
CVE-2019-12748 unknown 4y ago Typo3 Cross-Site Scripting in Link Handling
CVE-2019-12747 unknown 4y ago TYPO3 Vulnerable to Insecure Deserialization
CVE-2019-11832 unknown 4y ago TYPO3 Image Processing susceptible to Code Execution
CVE-2019-19850 unknown 4y ago TYPO3 SQL Injection in low-level Query Generator
CVE-2019-19849 unknown 4y ago TYPO3 Insecure Deserialization in Query Generator & Query View
CVE-2019-19848 unknown 4y ago TYPO3 Directory Traversal on ZIP extraction
CVE-2009-3633 unknown 4y ago TYPO3 API function vulnerable to Cross-site Scripting
CVE-2008-2717 unknown 4y ago TYPO3 Unrestricted File Upload vulnerability
CVE-2010-3673 unknown 4y ago TYPO3 is vulnerable to Information Disclosure in the HTML mailing API
CVE-2021-41113 unknown 5y ago Cross-Site-Request-Forgery in Backend
CVE-2021-41114 unknown 5y ago HTTP Host Header Injection
CVE-2021-32768 unknown 5y ago Cross-Site Scripting via Rich-Text Content
CVE-2021-32767 unknown 5y ago Information Disclosure in User Authentication
CVE-2021-32669 unknown 5y ago Cross-Site Scripting in Backend Grid View
CVE-2021-32668 unknown 5y ago Cross-Site Scripting in Query Generator & Query View
CVE-2021-32667 unknown 5y ago Cross-Site Scripting in Page Preview
CVE-2021-21370 unknown 5y ago Cross-Site Scripting in Content Preview (CType menu)
CVE-2021-21359 unknown 5y ago Denial of Service in Page Error Handling
CVE-2021-21358 unknown 5y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
CVE-2021-21357 unknown 5y ago Broken Access Control in Form Framework
CVE-2021-21355 unknown 5y ago Unrestricted File Upload in Form Framework
CVE-2021-21340 unknown 5y ago Cross-Site Scripting in Content Preview
CVE-2021-21339 unknown 5y ago Cleartext storage of session identifier
CVE-2021-21338 unknown 5y ago Open Redirection in Login Handling
CVE-2020-26227 unknown 6y ago Cross-Site Scripting in Fluid view helpers
CVE-2020-26229 unknown 6y ago XML External Entity in Dashboard Widget
CVE-2020-26228 unknown 6y ago Cleartext storage of session identifier
CVE-2020-15241 unknown 6y ago Cross-Site Scripting in ternary conditional operator
CVE-2020-15099 unknown 6y ago Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
CVE-2020-15098 unknown 6y ago Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
CVE-2020-11069 unknown 6y ago Backend Same-Site Request Forgery in TYPO3 CMS
CVE-2020-11067 unknown 6y ago Insecure Deserialization in Backend User Settings in TYPO3 CMS
CVE-2020-11066 unknown 6y ago Class destructors causing side-effects when being unserialized in TYPO3 CMS
CVE-2020-11065 unknown 6y ago Cross-Site Scripting in TYPO3 CMS Link Handling
CVE-2020-11064 unknown 6y ago Cross-Site Scripting in TYPO3 CMS Form Engine
CVE-2020-11063 unknown 6y ago Information Disclosure in Password Reset
CVE-2019-10912 unknown 6y ago In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this coul…
CVE-2018-17960 unknown 8y ago Ckeditor XSS Vulnerability
CVE-2018-14041 unknown 8y ago Bootstrap Cross-site Scripting vulnerability