Vulnerabilities > Typo3 > Typo3 > 11.5.24

DATE CVE VULNERABILITY TITLE RISK
2023-12-25 CVE-2023-30451 Path Traversal vulnerability in Typo3 11.5.24
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
network
low complexity
typo3 CWE-22
4.9
4.9
2023-11-14 CVE-2023-47125 Cross-site Scripting vulnerability in Typo3 Html Sanitizer and Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3 CWE-79
6.1
6.1
2023-11-14 CVE-2023-47127 Improper Authentication vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3 CWE-287
5.4
5.4