Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

typo3 — Vulnerabilities & Security Advisories 118

Browse all 118 CVE security advisories affecting typo3. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TYPO3 is an open-source enterprise content management system primarily designed for large-scale websites and complex digital platforms. Historically, its extensive feature set and modular architecture have introduced a significant attack surface, resulting in 118 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation or improper access controls within extensions. While the core framework has seen improved security practices in recent versions, legacy installations remain particularly susceptible to exploitation. Notable incidents have frequently involved unpatched third-party extensions rather than core flaws, highlighting the critical importance of rigorous extension auditing. Security advisories are regularly issued by the TYPO3 Security Team, urging administrators to maintain strict update protocols to mitigate these persistent risks associated with its broad ecosystem.

Found 16 results / 118Clear Filters
Top products by typo3: TYPO3 TYPO3 CMS TYPO3.CMS html-sanitizer ns backup extension Fluid sr feuser register extension Extension "Mailqueue" Extension "E-Mail MFA Provider" Extension "Redirect Tabs" Extension "Modules" Extension "Form to Database" (form_to_database) Extension "TYPO3 Backup Plus" Extension "femanager" Extension "powermail" cs seo extension reint downloadmanager extension femanager extension oidc
CVE IDTitleCVSSSeverityPublished
CVE-2021-32768 Cross-Site Scripting via Rich-Text Content — TYPO3.CMSCWE-79 6.1 Medium2021-08-10
CVE-2021-32767 Information Disclosure in User Authentication — TYPO3.CMSCWE-532 5.3 Medium2021-07-20
CVE-2021-32669 Cross-Site Scripting in Backend Grid View — TYPO3.CMSCWE-79 6.4 Medium2021-07-20
CVE-2021-32668 Cross-Site Scripting in Query Generator & Query View — TYPO3.CMSCWE-79 6.4 Medium2021-07-20
CVE-2021-32667 Cross-Site Scripting in Page Preview — TYPO3.CMSCWE-79 6.4 Medium2021-07-20
CVE-2021-21359 Denial of Service in Page Error Handling — TYPO3.CMSCWE-674 5.9 Medium2021-03-23
CVE-2021-21370 Cross-Site Scripting in Content Preview (CType menu) — TYPO3.CMSCWE-79 5.4 Medium2021-03-23
CVE-2021-21339 Cleartext storage of session identifier — TYPO3.CMSCWE-312 5.9 Medium2021-03-23
CVE-2021-21340 Cross-Site Scripting in Content Preview — TYPO3.CMSCWE-79 5.4 Medium2021-03-23
CVE-2021-21355 Unrestricted File Upload in Form Framework — TYPO3.CMSCWE-434 8.6 High2021-03-23
CVE-2021-21357 Broken Access Control in Form Framework — TYPO3.CMSCWE-20 8.3 High2021-03-23
CVE-2021-21358 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form — TYPO3.CMSCWE-79 5.4 Medium2021-03-23
CVE-2021-21338 Open Redirection in Login Handling — TYPO3.CMSCWE-601 4.7 Medium2021-03-23
CVE-2020-26229 XML External Entity in Dashboard Widget — TYPO3.CMSCWE-611 3.7 Low2020-11-23
CVE-2020-26228 Cleartext storage of session identifier — TYPO3.CMSCWE-312 8.1 High2020-11-23
CVE-2020-26227 Cross-Site Scripting in Fluid view helpers — TYPO3.CMSCWE-79 6.1 Medium2020-11-23

This page lists every published CVE security advisory associated with typo3. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.