Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TYPO3 — Vulnerabilities & Security Advisories 118

Browse all 118 CVE security advisories affecting TYPO3. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by TYPO3:TYPO3TYPO3 CMSTYPO3.CMShtml-sanitizerns backup extensionFluidsr feuser register extensionExtension "Mailqueue"Extension "E-Mail MFA Provider"Extension "Redirect Tabs"Extension "Modules"Extension "Form to Database" (form_to_database)Extension "TYPO3 Backup Plus"Extension "femanager"Extension "powermail"cs seo extensionreint downloadmanager extensionfemanager extensionoidc
CVE IDTitleCVSSSeverityPublished
CVE-2023-24814 Persisted Cross-Site Scripting in Frontend Rendering in typo3 — typo3CWE-79 8.8 High2023-02-07
CVE-2022-23504 TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration — typo3CWE-200 5.7 Medium2022-12-14
CVE-2022-23503 TYPO3 vulnerable to Arbitrary Code Execution via Form Framework — typo3CWE-94 7.5 High2022-12-14
CVE-2022-23502 TYPO3 contains Insufficient Session Expiration after Password Reset — typo3CWE-613 5.4 Medium2022-12-14
CVE-2022-23501 TYPO3 vulnerable to Improper Authentication in Frontend Login — typo3CWE-287 5.9 Medium2022-12-14
CVE-2022-23500 TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service — typo3CWE-674 5.9 Medium2022-12-14
CVE-2022-23499 Cross-Site Scripting Protection bypass in HTML Sanitizer — html-sanitizerCWE-79 6.1 Medium2022-12-13
CVE-2022-36105 User Enumeration via Response Timing in TYPO3 — typo3CWE-203 5.3 Medium2022-09-13
CVE-2022-36106 Missing check for expiration time of password reset token in TYPO3 — typo3CWE-287 5.4 Medium2022-09-13
CVE-2022-36107 Stored Cross-Site Scripting via FileDumpController — typo3CWE-79 6.5 Medium2022-09-13
CVE-2022-36104 Denial of Service via Page Error Handling in TYPO3/cms — typo3CWE-770 5.9 Medium2022-09-13
CVE-2022-36108 Cross-Site Scripting in typo3/cms-core — typo3CWE-79 6.5 Medium2022-09-13
CVE-2022-36020 Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer — html-sanitizerCWE-79 6.1 Medium2022-09-13
CVE-2022-31050 Insufficient Session Expiration in TYPO3 Admin Tool — typo3CWE-613 6.0 Medium2022-06-14
CVE-2022-31048 Cross-Site Scripting in Form Framework — typo3CWE-79 5.4 Medium2022-06-14
CVE-2022-31049 Cross-Site Scripting in Frontend Login Mailer — typo3CWE-79 5.4 Medium2022-06-14
CVE-2022-31046 Information Disclosure via Export Module in TYPO3 CMS — typo3CWE-200 4.3 Medium2022-06-14
CVE-2022-31047 Insertion of Sensitive Information into Log File in typo3/cms-core — typo3CWE-532 5.3 Medium2022-06-14
CVE-2021-41113 Cross-Site-Request-Forgery in Backend URI Handling in Typo3 — typo3CWE-352 8.8 High2021-10-05
CVE-2021-41114 HTTP Host Header Injection in Request Handling in Typo3 — typo3CWE-20 4.8 Medium2021-10-05
CVE-2021-32768 Cross-Site Scripting via Rich-Text Content — TYPO3.CMSCWE-79 6.1 Medium2021-08-10
CVE-2021-32767 Information Disclosure in User Authentication — TYPO3.CMSCWE-532 5.3 Medium2021-07-20
CVE-2021-32669 Cross-Site Scripting in Backend Grid View — TYPO3.CMSCWE-79 6.4 Medium2021-07-20
CVE-2021-32668 Cross-Site Scripting in Query Generator & Query View — TYPO3.CMSCWE-79 6.4 Medium2021-07-20
CVE-2021-32667 Cross-Site Scripting in Page Preview — TYPO3.CMSCWE-79 6.4 Medium2021-07-20
CVE-2021-21359 Denial of Service in Page Error Handling — TYPO3.CMSCWE-674 5.9 Medium2021-03-23
CVE-2021-21370 Cross-Site Scripting in Content Preview (CType menu) — TYPO3.CMSCWE-79 5.4 Medium2021-03-23
CVE-2021-21339 Cleartext storage of session identifier — TYPO3.CMSCWE-312 5.9 Medium2021-03-23
CVE-2021-21340 Cross-Site Scripting in Content Preview — TYPO3.CMSCWE-79 5.4 Medium2021-03-23
CVE-2021-21355 Unrestricted File Upload in Form Framework — TYPO3.CMSCWE-434 8.6 High2021-03-23

This page lists every published CVE security advisory associated with TYPO3. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.