TYPO3-EXT-SA-2023-011: Configuration Injection in extension "Direct Mail" (direct_mail)
It has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Configuration Injection.
TYPO3-EXT-SA-2023-010: Broken Access Control in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Broken Access Control.
TYPO3-EXT-SA-2023-009: Insecure Direct Object Reference in extension "Content Consent" (content_consent)
It has been discovered that the extension "Content Consent" (content_consent) is susceptible to Insecure Direct Object Reference.
TYPO3-CORE-SA-2023-007: By-passing Cross-Site Scripting Protection in HTML Sanitizer
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling
It has been discovered that TYPO3 CMS is susceptible to weak authentication.
TYPO3-CORE-SA-2023-005: Information Disclosure in Install Tool
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-EXT-SA-2023-008: Broken Access Control in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Broken Access Control.
TYPO3-EXT-SA-2023-007: Broken Access Control in extension "hCaptcha for EXT:form" (hcaptcha)
It has been discovered that the extension "hCaptcha for EXT:form" (hcaptcha) is susceptible to Broken Access Control.
TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in HTML Sanitizer
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
T3CON23: Call for TYPO3 Award Submissions!
The TYPO3 Awards are back and the winners will be presented during the big Award Ceremony of T3CON23! Did you just finish an outstanding TYPO3 project…
Announcement of Core Mergers 2023
TYPO3 Core development depends on continuous contributions from the TYPO3 community, making the product better. Each year, an application and…
TYPO3-EXT-SA-2023-006: Multiple vulnerabilities in extension "Canto Extension" (canto_extension)
It has been discovered that the extension "Canto Extension" (canto_extension) is susceptible to Server Side Request Forgery and Remote Code Execution.
TYPO3-EXT-SA-2023-005: SQL Injection in extension "ipandlanguageredirect" (ipandlanguageredirect)
It has been discovered that the extension "ipandlanguageredirect" (ipandlanguageredirect) is susceptible to SQL Injection.
TYPO3-EXT-SA-2023-004: Cross-Site Scripting in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to Cross-Site Scripting.
TYPO3 12.4.2 and 11.5.28 maintenance releases published
The versions 12.4.2 and 11.5.28 of the TYPO3 Enterprise Content Management System have just been released.
Report From a Two-Day Code Sprint at the TYPO3 Offices in Düsseldorf, Germany
I really didn’t know what to expect when I decided to go to my first code sprint at TYPO3 HQ. I had been to a few TYPO3 bar camps before so I knew a…
Update on the TYPO3 Content Blocks and Leadership Changes
With the help of a new member, we are actively working on the TYPO3 Content Blocks Core patch for v13. The team has also undergone changes in the…