CVE-2022-23501
- EPSS 0.48%
- Veröffentlicht 14.12.2022 08:15:10
- Zuletzt bearbeitet 21.11.2024 06:48:41
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different st...
CVE-2022-23502
- EPSS 0.4%
- Veröffentlicht 14.12.2022 08:15:10
- Zuletzt bearbeitet 21.11.2024 06:48:41
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user ac...
CVE-2022-23503
- EPSS 0.79%
- Veröffentlicht 14.12.2022 08:15:10
- Zuletzt bearbeitet 21.11.2024 06:48:42
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the...
CVE-2022-23504
- EPSS 0.51%
- Veröffentlicht 14.12.2022 08:15:10
- Zuletzt bearbeitet 21.11.2024 06:48:42
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the si...
CVE-2022-23500
- EPSS 0.69%
- Veröffentlicht 14.12.2022 08:15:09
- Zuletzt bearbeitet 21.11.2024 06:48:41
TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to b...
CVE-2022-36106
- EPSS 0.74%
- Veröffentlicht 13.09.2022 18:15:15
- Zuletzt bearbeitet 21.11.2024 07:12:24
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link ...
CVE-2022-36107
- EPSS 0.72%
- Veröffentlicht 13.09.2022 18:15:15
- Zuletzt bearbeitet 21.11.2024 07:12:24
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed u...
CVE-2022-36108
- EPSS 0.72%
- Veröffentlicht 13.09.2022 18:15:15
- Zuletzt bearbeitet 21.11.2024 07:12:24
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to T...
CVE-2022-36104
- EPSS 1.31%
- Veröffentlicht 13.09.2022 18:15:14
- Zuletzt bearbeitet 21.11.2024 07:12:23
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as a...
CVE-2022-36105
- EPSS 0.98%
- Veröffentlicht 13.09.2022 18:15:14
- Zuletzt bearbeitet 21.11.2024 07:12:24
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-exis...