TYPO3 — Vulnerabilities & Security Advisories 141

Browse all 141 CVE security advisories affecting TYPO3. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TYPO3 is an open-source enterprise content management system primarily designed for large-scale websites and complex digital platforms. Historically, its extensive feature set and modular architecture have introduced a significant attack surface, resulting in 118 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation or improper access controls within extensions. While the core framework has seen improved security practices in recent versions, legacy installations remain particularly susceptible to exploitation. Notable incidents have frequently involved unpatched third-party extensions rather than core flaws, highlighting the critical importance of rigorous extension auditing. Security advisories are regularly issued by the TYPO3 Security Team, urging administrators to maintain strict update protocols to mitigate these persistent risks associated with its broad ecosystem.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-55893	TYPO3 Cross-Site Request Forgery in Log Module — typo3CWE-352	4.3	Medium	2025-01-14
CVE-2024-55894	TYPO3 Cross-Site Request Forgery in Backend User Module — typo3CWE-352	4.3	Medium	2025-01-14
CVE-2024-55920	Cross-Site Request Forgery in Dashboard Module in TYPO3 — typo3CWE-352	4.3	Medium	2025-01-14
CVE-2024-55921	Cross-Site Request Forgery in Extension Manager Module in TYPO3 — typo3CWE-352	7.5	High	2025-01-14
CVE-2024-55922	Cross-Site Request Forgery in Form Framework Module in TYPO3 — typo3CWE-352	5.4	Medium	2025-01-14
CVE-2024-55923	Cross-Site Request Forgery in Indexed Search Module in TYPO3 — typo3CWE-352	4.3	Medium	2025-01-14
CVE-2024-55924	Cross-Site Request Forgery in Scheduler Module in TYPO3 — typo3CWE-352	8.0	High	2025-01-14
CVE-2024-55945	Cross-Site Request Forgery in DB Check Module in TYPO3 — typo3CWE-352	4.3	Medium	2025-01-14
CVE-2024-55891	Information Disclosure via Exception Handling/Logger in TYPO3 — typo3CWE-532	3.1	Low	2025-01-14
CVE-2024-47780	Information Disclosure in TYPO3 Page Tree — typo3CWE-863	3.1	Low	2024-10-08
CVE-2024-34358	TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController — typo3CWE-347	5.3	Medium	2024-05-14
CVE-2024-34357	TYPO3 vulnerable to Cross-Site Scripting in ShowImageController — typo3CWE-79	5.4	Medium	2024-05-14
CVE-2024-34356	TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module — typo3CWE-79	5.4	Medium	2024-05-14
CVE-2024-34355	TYPO3 vulnerable to an HTML Injection in the History Module — typo3CWE-116	3.5	Low	2024-05-14
CVE-2024-25118	Information Disclosure of Hashed Passwords in TYPO3 Backend Forms — typo3CWE-200	4.3	Medium	2024-02-13
CVE-2024-25119	Information Disclosure of Encryption Key in TYPO3 Install Tool — typo3CWE-200	4.9	Medium	2024-02-13
CVE-2024-25120	Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3 — typo3CWE-200	4.3	Medium	2024-02-13
CVE-2024-25121	Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3 — typo3CWE-200	7.1	High	2024-02-13
CVE-2023-47125	By-passing Cross-Site Scripting Protection in HTML Sanitizer — html-sanitizerCWE-79	4.7	Medium	2023-11-14
CVE-2023-47126	Information Disclosure in Install Tool in typo3/cms-install — typo3CWE-200	3.7	Low	2023-11-14
CVE-2023-47127	Weak Authentication in Session Handling in typo3/cms-core — typo3CWE-302	4.2	Medium	2023-11-14
CVE-2023-38500	By-passing Cross-Site Scripting Protection in HTML Sanitizer — html-sanitizerCWE-79	4.7	Medium	2023-07-25
CVE-2023-38499	typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution — typo3CWE-200	3.7	Low	2023-07-25
CVE-2023-24814	Persisted Cross-Site Scripting in Frontend Rendering in typo3 — typo3CWE-79	8.8	High	2023-02-07
CVE-2022-23504	TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration — typo3CWE-200	5.7	Medium	2022-12-14
CVE-2022-23503	TYPO3 vulnerable to Arbitrary Code Execution via Form Framework — typo3CWE-94	7.5	High	2022-12-14
CVE-2022-23502	TYPO3 contains Insufficient Session Expiration after Password Reset — typo3CWE-613	5.4	Medium	2022-12-14
CVE-2022-23501	TYPO3 vulnerable to Improper Authentication in Frontend Login — typo3CWE-287	5.9	Medium	2022-12-14
CVE-2022-23500	TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service — typo3CWE-674	5.9	Medium	2022-12-14
CVE-2022-23499	Cross-Site Scripting Protection bypass in HTML Sanitizer — html-sanitizerCWE-79	6.1	Medium	2022-12-13

This page lists every published CVE security advisory associated with TYPO3. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

TYPO3 — Vulnerabilities & Security Advisories 141