CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 2CVE-2020-26227 – Cross-Site Scripting in Fluid view helpers
https://notcve.org/view.php?id=CVE-2020-26227
23 Nov 2020 — TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. TYPO3 es un sistema de administración de contenido web de código abierto basado en PHP. En TYPO3 anterior a versiones 9.5.23 y 10.4.10, la extensión del siste... • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2020-15098 – Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-15098
29 Jul 2020 — In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability i... • https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-325: Missing Cryptographic Step CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15099 – Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-15099
29 Jul 2020 — In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encrypt... • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11069 – Cross-Site Request Forgery in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11069
13 May 2020 — In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is ba... • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4 • CWE-346: Origin Validation Error CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11067 – Deserialization of Untrusted Data in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11067
13 May 2020 — In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones 9.0.0 hasta 9.5.16 y versiones 10.0.0 hasta 10.4.1, ha sido detectado que la configuración del usuari... • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11066 – Improperly Controlled Modification of Dynamically-Determined Object Attributes in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11066
13 May 2020 — In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability... • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11065 – Cross-Site Scripting in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11065
13 May 2020 — In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ha sido detecta... • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11064 – Cross-Site Scripting in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11064
13 May 2020 — In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ... • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11063 – Observable Response Discrepancy in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11063
13 May 2020 — In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2. En TYPO3 CMS versiones 10.4.0 y 10.4.1, ha sido detectado que los ataques basados en tiempo pueden ser usados con la funcionalidad password reset para usuarios del back-end. Esto permite a un atacante montar la enu... • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-347x-877p-hcwx • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19849
https://notcve.org/view.php?id=CVE-2019-19849
17 Dec 2019 — An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited... • https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security • CWE-502: Deserialization of Untrusted Data •