Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TYPO3 — Vulnerabilities & Security Advisories 118

Browse all 118 CVE security advisories affecting TYPO3. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by TYPO3:TYPO3TYPO3 CMSTYPO3.CMShtml-sanitizerns backup extensionFluidsr feuser register extensionExtension "Mailqueue"Extension "E-Mail MFA Provider"Extension "Redirect Tabs"Extension "Modules"Extension "Form to Database" (form_to_database)Extension "TYPO3 Backup Plus"Extension "femanager"Extension "powermail"cs seo extensionreint downloadmanager extensionfemanager extensionoidc
CVE IDTitleCVSSSeverityPublished
CVE-2025-47940 TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer — typo3CWE-283 7.2 High2025-05-20
CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer — typo3CWE-351 5.4 Medium2025-05-20
CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users — typo3CWE-620 3.8 Low2025-05-20
CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling — typo3CWE-863 3.7 Low2025-05-20
CVE-2025-47936 TYPO3 Vulnerable to Server Side Request Forgery via Webhooks — typo3CWE-918 3.3 Low2025-05-20
CVE-2025-24856 TYPO3 安全漏洞 — oidcCWE-348 4.2 Medium2025-03-16
CVE-2024-55892 Potential Open Redirect via Parsing Differences in TYPO3 — typo3CWE-601 4.8 Medium2025-01-14
CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55920 Cross-Site Request Forgery in Dashboard Module in TYPO3 — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55921 Cross-Site Request Forgery in Extension Manager Module in TYPO3 — typo3CWE-352 7.5 High2025-01-14
CVE-2024-55922 Cross-Site Request Forgery in Form Framework Module in TYPO3 — typo3CWE-352 5.4 Medium2025-01-14
CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3 — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55924 Cross-Site Request Forgery in Scheduler Module in TYPO3 — typo3CWE-352 8.0 High2025-01-14
CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3 — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55891 Information Disclosure via Exception Handling/Logger in TYPO3 — typo3CWE-532 3.1 Low2025-01-14
CVE-2024-47780 Information Disclosure in TYPO3 Page Tree — typo3CWE-863 3.1 Low2024-10-08
CVE-2024-34358 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController — typo3CWE-347 5.3 Medium2024-05-14
CVE-2024-34357 TYPO3 vulnerable to Cross-Site Scripting in ShowImageController — typo3CWE-79 5.4 Medium2024-05-14
CVE-2024-34356 TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module — typo3CWE-79 5.4 Medium2024-05-14
CVE-2024-34355 TYPO3 vulnerable to an HTML Injection in the History Module — typo3CWE-116 3.5 Low2024-05-14
CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms — typo3CWE-200 4.3 Medium2024-02-13
CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool — typo3CWE-200 4.9 Medium2024-02-13
CVE-2024-25120 Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3 — typo3CWE-200 4.3 Medium2024-02-13
CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3 — typo3CWE-200 7.1 High2024-02-13
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer — html-sanitizerCWE-79 4.7 Medium2023-11-14
CVE-2023-47126 Information Disclosure in Install Tool in typo3/cms-install — typo3CWE-200 3.7 Low2023-11-14
CVE-2023-47127 Weak Authentication in Session Handling in typo3/cms-core — typo3CWE-302 4.2 Medium2023-11-14
CVE-2023-38500 By-passing Cross-Site Scripting Protection in HTML Sanitizer — html-sanitizerCWE-79 4.7 Medium2023-07-25
CVE-2023-38499 typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution — typo3CWE-200 3.7 Low2023-07-25

This page lists every published CVE security advisory associated with TYPO3. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.