Typo3

Typo3

218 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-59013

  • EPSS 0.05%
  • Veröffentlicht 09.09.2025 09:00:23
  • Zuletzt bearbeitet 10.09.2025 13:38:40

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attac...

6.5

CVE-2025-7900

  • EPSS 0.04%
  • Veröffentlicht 22.07.2025 10:21:32
  • Zuletzt bearbeitet 07.10.2025 20:32:46

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0

5.3

CVE-2025-48202

  • EPSS 0.06%
  • Veröffentlicht 21.05.2025 00:00:00
  • Zuletzt bearbeitet 21.05.2025 20:24:58

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.

7.2

CVE-2025-47941

  • EPSS 0.08%
  • Veröffentlicht 20.05.2025 14:15:51
  • Zuletzt bearbeitet 03.09.2025 17:22:00

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed ...

7.2

CVE-2025-47940

  • EPSS 0.08%
  • Veröffentlicht 20.05.2025 14:15:50
  • Zuletzt bearbeitet 03.09.2025 17:24:07

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can es...

5.4

CVE-2025-47939

  • EPSS 0.05%
  • Veröffentlicht 20.05.2025 14:00:07
  • Zuletzt bearbeitet 03.09.2025 17:25:35

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable i...

3.8

CVE-2025-47938

  • EPSS 0.05%
  • Veröffentlicht 20.05.2025 13:49:39
  • Zuletzt bearbeitet 03.09.2025 17:26:46

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes wit...

5.3

CVE-2025-47937

  • EPSS 0.05%
  • Veröffentlicht 20.05.2025 13:47:48
  • Zuletzt bearbeitet 03.09.2025 17:28:08

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables throug...

4.4

CVE-2025-47936

  • EPSS 0.04%
  • Veröffentlicht 20.05.2025 13:23:52
  • Zuletzt bearbeitet 03.09.2025 17:30:42

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery (CSRF), which can be explo...

5.4

CVE-2024-55922

  • EPSS 0.05%
  • Veröffentlicht 14.01.2025 20:15:30
  • Zuletzt bearbeitet 26.08.2025 19:35:01

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). ...