Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TYPO3 — Vulnerabilities & Security Advisories 118

Browse all 118 CVE security advisories affecting TYPO3. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TYPO3 is an open-source enterprise content management system primarily designed for large-scale websites and complex digital platforms. Historically, its extensive feature set and modular architecture have introduced a significant attack surface, resulting in 118 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation or improper access controls within extensions. While the core framework has seen improved security practices in recent versions, legacy installations remain particularly susceptible to exploitation. Notable incidents have frequently involved unpatched third-party extensions rather than core flaws, highlighting the critical importance of rigorous extension auditing. Security advisories are regularly issued by the TYPO3 Security Team, urging administrators to maintain strict update protocols to mitigate these persistent risks associated with its broad ecosystem.

Found 58 results / 118Clear Filters
Top products by TYPO3: TYPO3 TYPO3 CMS TYPO3.CMS html-sanitizer ns backup extension Fluid sr feuser register extension Extension "Mailqueue" Extension "E-Mail MFA Provider" Extension "Redirect Tabs" Extension "Modules" Extension "Form to Database" (form_to_database) Extension "TYPO3 Backup Plus" Extension "femanager" Extension "powermail" cs seo extension reint downloadmanager extension femanager extension oidc
CVE IDTitleCVSSSeverityPublished
CVE-2022-23503 TYPO3 vulnerable to Arbitrary Code Execution via Form Framework — typo3CWE-94 7.5 High2022-12-14
CVE-2022-23502 TYPO3 contains Insufficient Session Expiration after Password Reset — typo3CWE-613 5.4 Medium2022-12-14
CVE-2022-23501 TYPO3 vulnerable to Improper Authentication in Frontend Login — typo3CWE-287 5.9 Medium2022-12-14
CVE-2022-23500 TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service — typo3CWE-674 5.9 Medium2022-12-14
CVE-2022-36105 User Enumeration via Response Timing in TYPO3 — typo3CWE-203 5.3 Medium2022-09-13
CVE-2022-36106 Missing check for expiration time of password reset token in TYPO3 — typo3CWE-287 5.4 Medium2022-09-13
CVE-2022-36107 Stored Cross-Site Scripting via FileDumpController — typo3CWE-79 6.5 Medium2022-09-13
CVE-2022-36104 Denial of Service via Page Error Handling in TYPO3/cms — typo3CWE-770 5.9 Medium2022-09-13
CVE-2022-36108 Cross-Site Scripting in typo3/cms-core — typo3CWE-79 6.5 Medium2022-09-13
CVE-2022-31050 Insufficient Session Expiration in TYPO3 Admin Tool — typo3CWE-613 6.0 Medium2022-06-14
CVE-2022-31048 Cross-Site Scripting in Form Framework — typo3CWE-79 5.4 Medium2022-06-14
CVE-2022-31049 Cross-Site Scripting in Frontend Login Mailer — typo3CWE-79 5.4 Medium2022-06-14
CVE-2022-31046 Information Disclosure via Export Module in TYPO3 CMS — typo3CWE-200 4.3 Medium2022-06-14
CVE-2022-31047 Insertion of Sensitive Information into Log File in typo3/cms-core — typo3CWE-532 5.3 Medium2022-06-14
CVE-2021-41113 Cross-Site-Request-Forgery in Backend URI Handling in Typo3 — typo3CWE-352 8.8 High2021-10-05
CVE-2021-41114 HTTP Host Header Injection in Request Handling in Typo3 — typo3CWE-20 4.8 Medium2021-10-05
CVE-2011-4904 TYPO3 输入验证错误漏洞 — TYPO3 4.3 -2019-11-06
CVE-2011-4903 TYPO3 跨站脚本漏洞 — TYPO3 5.4 -2019-11-06
CVE-2011-4902 TYPO3 输入验证错误漏洞 — TYPO3 6.5 -2019-11-06
CVE-2011-4901 TYPO3 信息泄露漏洞 — TYPO3 6.5 -2019-11-06
CVE-2011-4900 TYPO3 信息泄露漏洞 — TYPO3 6.5 -2019-11-06
CVE-2011-4632 TYPO3 跨站脚本漏洞 — TYPO3 5.4 -2019-11-06
CVE-2011-4631 TYPO3 跨站脚本漏洞 — TYPO3 5.4 -2019-11-06
CVE-2011-4630 TYPO3 跨站脚本漏洞 — TYPO3 5.4 -2019-11-06
CVE-2011-4629 TYPO3 跨站脚本漏洞 — TYPO3 5.4 -2019-11-06
CVE-2011-4628 TYPO3 授权问题漏洞 — TYPO3 9.8 -2019-11-06
CVE-2011-4627 TYPO3 信息泄露漏洞 — TYPO3 6.5 -2019-11-06
CVE-2011-4626 TYPO3 跨站脚本漏洞 — TYPO3 5.4 -2019-11-06

This page lists every published CVE security advisory associated with TYPO3. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.