| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-25119 | Information Disclosure of Encryption Key in TYPO3 Install Tool | TYPO3 | typo3 | Medium | 4.9 | 2024-02-13 22:16:37 | Deep Dive |
| CVE-2024-25120 | Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3 | TYPO3 | typo3 | Medium | 4.3 | 2024-02-13 22:15:13 | Deep Dive |
| CVE-2024-25121 | Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3 | TYPO3 | typo3 | High | 7.1 | 2024-02-13 22:14:41 | Deep Dive |
| CVE-2023-47125📌 | By-passing Cross-Site Scripting Protection in HTML Sanitizer | TYPO3 | html-sanitizer | Medium | 4.7 | 2023-11-14 20:07:56 | Deep Dive |
| CVE-2023-47126 | Information Disclosure in Install Tool in typo3/cms-install | TYPO3 | typo3 | Low | 3.7 | 2023-11-14 20:01:17 | Deep Dive |
| CVE-2023-47127 | Weak Authentication in Session Handling in typo3/cms-core | TYPO3 | typo3 | Medium | 4.2 | 2023-11-14 19:26:08 | Deep Dive |
| CVE-2023-38500 | By-passing Cross-Site Scripting Protection in HTML Sanitizer | TYPO3 | html-sanitizer | Medium | 4.7 | 2023-07-25 20:59:53 | Deep Dive |
| CVE-2023-38499📌 | typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution | TYPO3 | typo3 | Low | 3.7 | 2023-07-25 20:54:42 | Deep Dive |
| CVE-2023-37905 | Cross-site Scripting (XSS) in Source Mode of Editor in ckeditor-wordcount-plugin | w8tcha | CKEditor-WordCount-Plugin | Medium | 6.1 | 2023-07-21 19:35:50 | Deep Dive |
| CVE-2023-24814 | Persisted Cross-Site Scripting in Frontend Rendering in typo3 | TYPO3 | typo3 | High | 8.8 | 2023-02-07 18:14:29 | Deep Dive |
| CVE-2022-23504 | TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration | TYPO3 | typo3 | Medium | 5.7 | 2022-12-14 07:58:05 | Deep Dive |
| CVE-2022-23503 | TYPO3 vulnerable to Arbitrary Code Execution via Form Framework | TYPO3 | typo3 | High | 7.5 | 2022-12-14 07:51:04 | Deep Dive |
| CVE-2022-23502 | TYPO3 contains Insufficient Session Expiration after Password Reset | TYPO3 | typo3 | Medium | 5.4 | 2022-12-14 07:34:21 | Deep Dive |
| CVE-2022-23501 | TYPO3 vulnerable to Improper Authentication in Frontend Login | TYPO3 | typo3 | Medium | 5.9 | 2022-12-14 07:23:46 | Deep Dive |
| CVE-2022-23500 | TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service | TYPO3 | typo3 | Medium | 5.9 | 2022-12-14 07:07:05 | Deep Dive |
| CVE-2022-23499 | Cross-Site Scripting Protection bypass in HTML Sanitizer | TYPO3 | html-sanitizer | Medium | 6.1 | 2022-12-13 20:29:41 | Deep Dive |
| CVE-2022-36105 | User Enumeration via Response Timing in TYPO3 | TYPO3 | typo3 | Medium | 5.3 | 2022-09-13 17:40:13 | Deep Dive |
| CVE-2022-36106 | Missing check for expiration time of password reset token in TYPO3 | TYPO3 | typo3 | Medium | 5.4 | 2022-09-13 17:35:11 | Deep Dive |
| CVE-2022-36107 | Stored Cross-Site Scripting via FileDumpController | TYPO3 | typo3 | Medium | 6.5 | 2022-09-13 17:30:13 | Deep Dive |
| CVE-2022-36104 | Denial of Service via Page Error Handling in TYPO3/cms | TYPO3 | typo3 | Medium | 5.9 | 2022-09-13 17:20:19 | Deep Dive |