high  TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler

Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-rj3x-wvc6-5j66

high  TYPO3 Install Tool vulnerable to Code Execution

Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-5w2h-59j3-8x5w

medium  TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController

Versions affectées : >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47
Versions patchées : 9.5.48 10.4.45 11.5.37 12.4.15 13.1.1 https://github.com/advisories/GHSA-hw6c-6gwq-3m3m

medium  TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module

Versions affectées : >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47
Versions patchées : 9.5.48 10.4.45 11.5.37 12.4.15 13.1.1 https://github.com/advisories/GHSA-v6mw-h7w6-59w3

medium  TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-h47m-3f78-qp9g

medium  TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme

Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-wf85-8hx9-gj7c

medium  TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords

Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-38r2-5695-334w

medium  TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling

Versions affectées : >=8.0.0,<8.7.55|>=9.0.0,<9.5.44|>=10.0.0,<10.4.41|>=11.0.0,<11.5.33|>=12.0.0,<12.4.8
Versions patchées : 8.7.55 9.5.44 10.4.41 11.5.33 12.4.8 https://typo3.org/security/advisory/typo3-core-sa-2023-006

medium  TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

Versions affectées : >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47
Versions patchées : 9.5.48 10.4.45 11.5.37 12.4.15 13.1.1 https://github.com/advisories/GHSA-36g8-62qv-5957

medium  Path Traversal in TYPO3 File Abstraction Layer Storages

Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Versions patchées : https://github.com/advisories/GHSA-w6x2-jg8h-p6mp

low  Information Disclosure due to Out-of-scope Site Resolution

Versions affectées : >=12.0.0,<12.4.4|>=11.0.0,<11.5.30|>=10.0.0,<10.4.39|>=9.4.0,<9.5.42
Versions patchées : 9.5.42 10.4.39 11.5.30 12.4.4 https://github.com/advisories/GHSA-jq6g-4v5m-wm9r

medium  Cross-Site Scripting in CKEditor4 WordCount Plugin

Versions affectées : >=11.0.0,<11.5.30|>=10.0.0,<10.4.39|>=9.5.0,<9.5.42
Versions patchées : 9.5.42 10.4.39 11.5.30 https://github.com/advisories/GHSA-m8fw-p3cr-6jqc

low  Information Disclosure in TYPO3 Page Tree

Versions affectées : <11.5.40|>=12.0.0,<12.4.21|>=13.0.0,<13.3.1
Versions patchées : 13.3.1 12.4.21 11.5.40 https://github.com/advisories/GHSA-rf5m-h8q9-9w6q

low  Denial of Service in TYPO3 Bookmark Toolbar

Versions affectées : >=10.0.0,<=10.4.45|>=11.0.0,<=11.5.39|>=12.0.0,<12.4.20|=13.0.0
Versions patchées : 13.3.1 12.4.21 11.5.40 10.4.46 https://github.com/advisories/GHSA-ffcv-v6pw-qhrp