Package impact

Packagist / typo3/cms-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2013-1842	high	—	7.5	13y ago	TYPO3 SQL injection vulnerability in the Extbase Framework
CVE-2013-1843	medium	—	6.4	13y ago	TYPO3 Open redirect vulnerability in the Access tracking mechanism
CVE-2013-7080	medium	—	5.8	13y ago	TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
CVE-2013-4320	medium	—	5.5	12y ago	TYPO3 Improper Access Management in the File Abstraction Layer
CVE-2013-7081	medium	—	4.9	13y ago	TYPO3 Improper Access Control vulnerability
CVE-2013-7077	medium	—	4.3	13y ago	TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
CVE-2010-5104	medium	—	4.3	14y ago	TYPO3 Sensitive Information Disclosure via escapeStrForLike method
CVE-2013-7078	low	—	2.6	13y ago	TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
CVE-2026-0859	unknown	—	—	4mo ago	TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
CVE-2025-59016	unknown	—	—	9mo ago	TYPO3 CMS exposes sensitive information in an error message
CVE-2025-59013	unknown	—	—	9mo ago	TYPO3 CMS has an open‑redirect vulnerability
CVE-2025-59015	unknown	—	—	9mo ago	TYPO3 CMS uses insufficient entropy when generating passwords
CVE-2025-47940	unknown	—	—	1y ago	TYPO3 Allows Privilege Escalation to System Maintainer
CVE-2025-47939	unknown	—	—	1y ago	TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
CVE-2025-47938	unknown	—	—	1y ago	TYPO3 Unverified Password Change for Backend Users
CVE-2025-47937	unknown	—	—	1y ago	TYPO3 Allows Information Disclosure via DBAL Restriction Handling
CVE-2024-55892	unknown	—	—	1y ago	TYPO3 Potential Open Redirect via Parsing Differences
CVE-2024-34358	unknown	—	—	2y ago	TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
CVE-2024-34357	unknown	—	—	2y ago	TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
CVE-2024-34356	unknown	—	—	2y ago	TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
CVE-2024-34355	unknown	—	—	2y ago	TYPO3 vulnerable to an HTML Injection in the History Module
CVE-2024-22188	unknown	—	—	2y ago	TYPO3 Install Tool vulnerable to Code Execution
CVE-2023-30451	unknown	—	—	2y ago	Path Traversal in TYPO3 File Abstraction Layer Storages
CVE-2024-25121	unknown	—	—	2y ago	TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
CVE-2024-25120	unknown	—	—	2y ago	TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
CVE-2024-25119	unknown	—	—	2y ago	TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
CVE-2024-25118	unknown	—	—	2y ago	TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
CVE-2023-47127	unknown	—	—	3y ago	TYPO3 vulnerable to Weak Authentication in Session Handling
CVE-2023-38499	unknown	—	—	3y ago	Information Disclosure due to Out-of-scope Site Resolution
CVE-2023-24814	unknown	—	—	3y ago	TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
CVE-2022-23504	unknown	—	—	4y ago	TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
CVE-2022-23503	unknown	—	—	4y ago	TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
CVE-2022-23502	unknown	—	—	4y ago	TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
CVE-2022-23501	unknown	—	—	4y ago	TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
CVE-2022-23500	unknown	—	—	4y ago	TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
CVE-2022-36020	unknown	—	—	4y ago	TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
CVE-2022-36104	unknown	—	—	4y ago	TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
CVE-2022-36105	unknown	—	—	4y ago	TYPO3 CMS vulnerable to User Enumeration via Response Timing
CVE-2022-36106	unknown	—	—	4y ago	TYPO3 CMS missing check for expiration time of password reset token for backend users
CVE-2022-36107	unknown	—	—	4y ago	TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
CVE-2022-36108	unknown	—	—	4y ago	TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
CVE-2022-31050	unknown	—	—	4y ago	Insufficient Session Expiration in TYPO3's Admin Tool
CVE-2022-31049	unknown	—	—	4y ago	Cross-Site Scripting in TYPO3's Frontend Login Mailer
CVE-2022-31048	unknown	—	—	4y ago	Cross-Site Scripting in TYPO3's Form Framework
CVE-2022-31047	unknown	—	—	4y ago	Insertion of Sensitive Information into Log File in typo3/cms-core
CVE-2022-31046	unknown	—	—	4y ago	Information Disclosure via Export Module
CVE-2019-12747	unknown	—	—	4y ago	TYPO3 Vulnerable to Insecure Deserialization
CVE-2019-12748	unknown	—	—	4y ago	Typo3 Cross-Site Scripting in Link Handling
CVE-2019-11832	unknown	—	—	4y ago	TYPO3 Image Processing susceptible to Code Execution
CVE-2019-19850	unknown	—	—	4y ago	TYPO3 SQL Injection in low-level Query Generator
CVE-2019-19848	unknown	—	—	4y ago	TYPO3 Directory Traversal on ZIP extraction
CVE-2019-19849	unknown	—	—	4y ago	TYPO3 Insecure Deserialization in Query Generator & Query View
CVE-2009-3633	unknown	—	—	4y ago	TYPO3 API function vulnerable to Cross-site Scripting
CVE-2008-2717	unknown	—	—	4y ago	TYPO3 Unrestricted File Upload vulnerability
CVE-2010-3673	unknown	—	—	4y ago	TYPO3 is vulnerable to Information Disclosure in the HTML mailing API
CVE-2021-41113	unknown	—	—	5y ago	Cross-Site-Request-Forgery in Backend
CVE-2021-41114	unknown	—	—	5y ago	HTTP Host Header Injection
CVE-2021-32768	unknown	—	—	5y ago	Cross-Site Scripting via Rich-Text Content
CVE-2021-32767	unknown	—	—	5y ago	Information Disclosure in User Authentication
CVE-2021-32669	unknown	—	—	5y ago	Cross-Site Scripting in Backend Grid View
CVE-2021-32668	unknown	—	—	5y ago	Cross-Site Scripting in Query Generator & Query View
CVE-2021-32667	unknown	—	—	5y ago	Cross-Site Scripting in Page Preview
CVE-2021-21370	unknown	—	—	5y ago	Cross-Site Scripting in Content Preview (CType menu)
CVE-2021-21359	unknown	—	—	5y ago	Denial of Service in Page Error Handling
CVE-2021-21358	unknown	—	—	5y ago	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
CVE-2021-21357	unknown	—	—	5y ago	Broken Access Control in Form Framework
CVE-2021-21355	unknown	—	—	5y ago	Unrestricted File Upload in Form Framework
CVE-2021-21340	unknown	—	—	5y ago	Cross-Site Scripting in Content Preview
CVE-2021-21339	unknown	—	—	5y ago	Cleartext storage of session identifier
CVE-2021-21338	unknown	—	—	5y ago	Open Redirection in Login Handling
CVE-2020-26227	unknown	—	—	6y ago	Cross-Site Scripting in Fluid view helpers
CVE-2020-26229	unknown	—	—	6y ago	XML External Entity in Dashboard Widget
CVE-2020-26228	unknown	—	—	6y ago	Cleartext storage of session identifier
CVE-2020-15241	unknown	—	—	6y ago	Cross-Site Scripting in ternary conditional operator
CVE-2020-15099	unknown	—	—	6y ago	Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
CVE-2020-15098	unknown	—	—	6y ago	Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
CVE-2020-11069	unknown	—	—	6y ago	Backend Same-Site Request Forgery in TYPO3 CMS
CVE-2020-11067	unknown	—	—	6y ago	Insecure Deserialization in Backend User Settings in TYPO3 CMS
CVE-2020-11066	unknown	—	—	6y ago	Class destructors causing side-effects when being unserialized in TYPO3 CMS
CVE-2020-11065	unknown	—	—	6y ago	Cross-Site Scripting in TYPO3 CMS Link Handling
CVE-2020-11064	unknown	—	—	6y ago	Cross-Site Scripting in TYPO3 CMS Form Engine
CVE-2020-11063	unknown	—	—	6y ago	Information Disclosure in Password Reset
CVE-2019-10912	unknown	—	—	6y ago	In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this coul…
CVE-2018-17960	unknown	—	—	8y ago	Ckeditor XSS Vulnerability
CVE-2018-14041	unknown	—	—	8y ago	In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.	+2