Vulnerabilities > Typo3 > Typo3

DATE CVE VULNERABILITY TITLE RISK
2023-12-25 CVE-2023-30451 Path Traversal vulnerability in Typo3 11.5.24
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
network
low complexity
typo3 CWE-22
4.9
2023-11-14 CVE-2023-47125 Cross-site Scripting vulnerability in Typo3 Html Sanitizer and Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3 CWE-79
6.1
2023-11-14 CVE-2023-47126 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3
5.3
2023-11-14 CVE-2023-47127 Improper Authentication vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3 CWE-287
5.4
2023-07-25 CVE-2023-38499 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3
5.3
2023-02-07 CVE-2023-24814 Cross-site Scripting vulnerability in Typo3
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License.
network
low complexity
typo3 CWE-79
6.1
2022-12-14 CVE-2022-23501 Improper Authentication vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3 CWE-287
6.5
2022-06-14 CVE-2022-31046 Cleartext Transmission of Sensitive Information vulnerability in Typo3
TYPO3 is an open source web content management system.
network
low complexity
typo3 CWE-319
4.0
2022-06-14 CVE-2022-31047 Information Exposure Through an Error Message vulnerability in Typo3
TYPO3 is an open source web content management system.
network
low complexity
typo3 CWE-209
6.5
2022-06-14 CVE-2022-31048 Cross-site Scripting vulnerability in Typo3
TYPO3 is an open source web content management system.
network
typo3 CWE-79
3.5