TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-11-04
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-11-04
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-11-04
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-11-04
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-11-01
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-01
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
CVSS Score
8.8
EPSS Score
0.016
Published
2019-07-09
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-07-09
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-05-09
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
CVSS Score
4.8
EPSS Score
0.023
Published
2018-04-08