TYPO3-CORE-SA-2025-019: Insufficient Entropy in Password Generation
It has been discovered that TYPO3 CMS is susceptible to insufficient entropy.
TYPO3-CORE-SA-2025-018: Denial of Service in TYPO3 Bookmark Toolbar
It has been discovered that TYPO3 CMS is susceptible to denial of service.
TYPO3-CORE-SA-2025-017: Open Redirect in TYPO3 CMS
It has been discovered that TYPO3 CMS is susceptible to open redirect.
TYPO3-EXT-SA-2025-011: Command Injection in extension "TYPO3 Backup Plus" (ns_backup)
It has been discovered that the extension "TYPO3 Backup Plus" (ns_backup) is susceptible to Command Injection.
TYPO3-PSA-2025-001: Sanitization bypass in SVG Sanitizer
Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
TYPO3-EXT-SA-2025-010: Insecure Direct Object Reference in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.
TYPO3-EXT-SA-2025-009: Insecure Direct Object Reference in extension "powermail" (powermail)
It has been discovered that the extension "powermail" (powermail) is susceptible to Insecure Direct Object Reference.
TYPO3-EXT-SA-2025-008: Multiple vulnerabilities in extension "Front End User Registration" (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Remote Code Execution and Insecure…
TYPO3-EXT-SA-2025-007: Multiple vulnerabilities in extension "Backup Plus" (ns_backup)
It has been discovered that the extension "Backup Plus" (ns_backup) is susceptible to Command Injection, Predictable Resource Location and Cross-Site…
TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.
Pioneer Rapsfeldtag 2024
28.05.2024 18 Uhr in Hohenstein, Holzhausen
TYPO3 13.1.1, 12.4.15 and 11.5.37 security releases published
The versions 13.1.1, 12.4.15 and 11.5.37 of the TYPO3 Enterprise Content Management System have just been released.
TYPO3-CORE-SA-2024-010: Uncontrolled Resource Consumption in ShowImageController
It has been discovered that TYPO3 CMS is susceptible to denial of service.
TYPO3-CORE-SA-2024-009: Cross-Site Scripting in ShowImageController
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2024-008: Cross-Site Scripting in Form Manager Module
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2024-007: HTML Injection in History Module
It has been discovered that TYPO3 CMS is vulnerable to HTML injection.
Call for Community Budget Ideas (Q3/2024)
The TYPO3 Association has officially launched the third community budget process of 2024.
The Comprehensive Guide to Enterprise CMS with TYPO3
The choice of an enterprise CMS should not be taken lightly. This guide should support your business in choosing the right enterprise CMS.