CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55891 – Information Disclosure via Exception Handling/Logger in TYPO3
https://notcve.org/view.php?id=CVE-2024-55891
14 Jan 2025 — TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. • https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-25118 – Information Disclosure of Hashed Passwords in TYPO3 Backend Forms
https://notcve.org/view.php?id=CVE-2024-25118
13 Feb 2024 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. • https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-25119 – Information Disclosure of Encryption Key in TYPO3 Install Tool
https://notcve.org/view.php?id=CVE-2024-25119
13 Feb 2024 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to upda... • https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-25120 – Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3
https://notcve.org/view.php?id=CVE-2024-25120
13 Feb 2024 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1... • https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-25121 – Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3
https://notcve.org/view.php?id=CVE-2024-25121
13 Feb 2024 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root director... • https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47127 – Weak Authentication in Session Handling in typo3/cms-core
https://notcve.org/view.php?id=CVE-2023-47127
14 Nov 2023 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. • https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019 • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23503 – TYPO3 vulnerable to Arbitrary Code Execution via Form Framework
https://notcve.org/view.php?id=CVE-2022-23503
14 Dec 2022 — TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the ... • https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23501 – TYPO3 vulnerable to Improper Authentication in Frontend Login
https://notcve.org/view.php?id=CVE-2022-23501
14 Dec 2022 — TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.3... • https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36105 – User Enumeration via Response Timing in TYPO3
https://notcve.org/view.php?id=CVE-2022-36105
13 Sep 2022 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which... • https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6 • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36107 – Stored Cross-Site Scripting via FileDumpController
https://notcve.org/view.php?id=CVE-2022-36107
13 Sep 2022 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. • https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •