Vulnerabilities > Typo3 > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-25118 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3
6.5
2024-02-13 CVE-2024-25119 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3
4.9
2024-02-13 CVE-2024-25120 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3
4.3
2023-12-25 CVE-2023-30451 Path Traversal vulnerability in Typo3 11.5.24
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
network
low complexity
typo3 CWE-22
4.9
2023-11-14 CVE-2023-47125 Cross-site Scripting vulnerability in Typo3 Html Sanitizer and Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3 CWE-79
6.1
2023-11-14 CVE-2023-47126 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3
5.3
2023-11-14 CVE-2023-47127 Improper Authentication vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3 CWE-287
5.4
2023-07-25 CVE-2023-38499 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3
5.3
2023-07-25 CVE-2023-38500 Cross-site Scripting vulnerability in Typo3 Html Sanitizer
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values.
network
low complexity
typo3 CWE-79
6.1
2023-02-07 CVE-2023-24814 Cross-site Scripting vulnerability in Typo3
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License.
network
low complexity
typo3 CWE-79
6.1