Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

typo3 — Vulnerabilities & Security Advisories 118

Browse all 118 CVE security advisories affecting typo3. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TYPO3 is an open-source enterprise content management system primarily designed for large-scale websites and complex digital platforms. Historically, its extensive feature set and modular architecture have introduced a significant attack surface, resulting in 118 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation or improper access controls within extensions. While the core framework has seen improved security practices in recent versions, legacy installations remain particularly susceptible to exploitation. Notable incidents have frequently involved unpatched third-party extensions rather than core flaws, highlighting the critical importance of rigorous extension auditing. Security advisories are regularly issued by the TYPO3 Security Team, urging administrators to maintain strict update protocols to mitigate these persistent risks associated with its broad ecosystem.

Found 58 results / 118Clear Filters
Top products by typo3: TYPO3 TYPO3 CMS TYPO3.CMS html-sanitizer ns backup extension Fluid sr feuser register extension Extension "Mailqueue" Extension "E-Mail MFA Provider" Extension "Redirect Tabs" Extension "Modules" Extension "Form to Database" (form_to_database) Extension "TYPO3 Backup Plus" Extension "femanager" Extension "powermail" cs seo extension reint downloadmanager extension femanager extension oidc
CVE IDTitleCVSSSeverityPublished
CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA — typo3CWE-288 7.2 High2025-05-20
CVE-2025-47940 TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer — typo3CWE-283 7.2 High2025-05-20
CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer — typo3CWE-351 5.4 Medium2025-05-20
CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users — typo3CWE-620 3.8 Low2025-05-20
CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling — typo3CWE-863 3.7 Low2025-05-20
CVE-2025-47936 TYPO3 Vulnerable to Server Side Request Forgery via Webhooks — typo3CWE-918 3.3 Low2025-05-20
CVE-2024-55892 Potential Open Redirect via Parsing Differences in TYPO3 — typo3CWE-601 4.8 Medium2025-01-14
CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55920 Cross-Site Request Forgery in Dashboard Module in TYPO3 — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55921 Cross-Site Request Forgery in Extension Manager Module in TYPO3 — typo3CWE-352 7.5 High2025-01-14
CVE-2024-55922 Cross-Site Request Forgery in Form Framework Module in TYPO3 — typo3CWE-352 5.4 Medium2025-01-14
CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3 — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55924 Cross-Site Request Forgery in Scheduler Module in TYPO3 — typo3CWE-352 8.0 High2025-01-14
CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3 — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55891 Information Disclosure via Exception Handling/Logger in TYPO3 — typo3CWE-532 3.1 Low2025-01-14
CVE-2024-47780 Information Disclosure in TYPO3 Page Tree — typo3CWE-863 3.1 Low2024-10-08
CVE-2024-34358 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController — typo3CWE-347 5.3 Medium2024-05-14
CVE-2024-34357 TYPO3 vulnerable to Cross-Site Scripting in ShowImageController — typo3CWE-79 5.4 Medium2024-05-14
CVE-2024-34356 TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module — typo3CWE-79 5.4 Medium2024-05-14
CVE-2024-34355 TYPO3 vulnerable to an HTML Injection in the History Module — typo3CWE-116 3.5 Low2024-05-14
CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms — typo3CWE-200 4.3 Medium2024-02-13
CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool — typo3CWE-200 4.9 Medium2024-02-13
CVE-2024-25120 Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3 — typo3CWE-200 4.3 Medium2024-02-13
CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3 — typo3CWE-200 7.1 High2024-02-13
CVE-2023-47126 Information Disclosure in Install Tool in typo3/cms-install — typo3CWE-200 3.7 Low2023-11-14
CVE-2023-47127 Weak Authentication in Session Handling in typo3/cms-core — typo3CWE-302 4.2 Medium2023-11-14
CVE-2023-38499 typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution — typo3CWE-200 3.7 Low2023-07-25
CVE-2023-24814 Persisted Cross-Site Scripting in Frontend Rendering in typo3 — typo3CWE-79 8.8 High2023-02-07
CVE-2022-23504 TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration — typo3CWE-200 5.7 Medium2022-12-14

This page lists every published CVE security advisory associated with typo3. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.