Vulnerabilities > Typo3 > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-25 CVE-2023-30451 Path Traversal vulnerability in Typo3 11.5.24
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
network
low complexity
typo3 CWE-22
4.9
2023-11-14 CVE-2023-47125 Cross-site Scripting vulnerability in Typo3 Html Sanitizer and Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3 CWE-79
6.1
2023-11-14 CVE-2023-47126 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3
5.3
2023-11-14 CVE-2023-47127 Improper Authentication vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3 CWE-287
5.4
2023-07-25 CVE-2023-38499 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3
5.3
2023-07-25 CVE-2023-38500 Cross-site Scripting vulnerability in Typo3 Html Sanitizer
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values.
network
low complexity
typo3 CWE-79
6.1
2023-02-07 CVE-2023-24814 Cross-site Scripting vulnerability in Typo3
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License.
network
low complexity
typo3 CWE-79
6.1
2022-12-14 CVE-2022-23501 Improper Authentication vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3 CWE-287
6.5
2022-12-13 CVE-2022-23499 Cross-site Scripting vulnerability in Typo3 Html Sanitizer
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.
network
low complexity
typo3 CWE-79
6.1
2022-06-14 CVE-2022-31046 Cleartext Transmission of Sensitive Information vulnerability in Typo3
TYPO3 is an open source web content management system.
network
low complexity
typo3 CWE-319
4.0