Typo3

Typo3

222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.28%
  • Veröffentlicht 09.09.2025 09:01:03
  • Zuletzt bearbeitet 10.09.2025 13:44:43

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresp...

  • EPSS 0.21%
  • Veröffentlicht 09.09.2025 09:00:55
  • Zuletzt bearbeitet 10.09.2025 13:43:46

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level ...

  • EPSS 0.17%
  • Veröffentlicht 09.09.2025 09:00:48
  • Zuletzt bearbeitet 10.09.2025 13:42:59

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

  • EPSS 0.27%
  • Veröffentlicht 09.09.2025 09:00:38
  • Zuletzt bearbeitet 10.09.2025 13:40:09

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated da...

  • EPSS 0.17%
  • Veröffentlicht 09.09.2025 09:00:23
  • Zuletzt bearbeitet 10.09.2025 13:38:40

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attac...

  • EPSS 0.21%
  • Veröffentlicht 22.07.2025 10:21:32
  • Zuletzt bearbeitet 07.10.2025 20:32:46

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0

  • EPSS 0.24%
  • Veröffentlicht 21.05.2025 00:00:00
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.

  • EPSS 0.41%
  • Veröffentlicht 20.05.2025 14:15:51
  • Zuletzt bearbeitet 03.09.2025 17:22:00

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed ...

  • EPSS 0.38%
  • Veröffentlicht 20.05.2025 14:15:50
  • Zuletzt bearbeitet 03.09.2025 17:24:07

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can es...

  • EPSS 0.16%
  • Veröffentlicht 20.05.2025 14:00:07
  • Zuletzt bearbeitet 03.09.2025 17:25:35

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable i...