typo3/cms vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the typo3/cms package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Arbitrary Code Injection

>=6.1.0, <6.1.4>=6.0.0, <6.0.9
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.16
  • M
Open Redirect

>=6.2.0, <6.2.16
  • H
Arbitrary Code Injection

>=6.1.0, <6.1.9>=6.0.0, <6.0.14>=4.7.0, <4.7.19>=4.5.0, <4.5.34
  • M
Cross-site Scripting (XSS)

>=7.0.0, <7.6.1>=6.2.0, <6.2.16
  • H
Arbitrary File Upload

>=6.0.0, <6.0.8>=6.1.0, <6.1.3
  • L
Incorrect Authorization

<11.5.40>=12.0.0, <12.4.21>=13.0.0, <13.3.1
  • M
Information Exposure

>=6.2.0, <6.2.20
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.19
  • M
XML External Entity (XXE) Injection

>=7.6.0, <7.6.4>=6.2.0, <6.2.19
  • C
SQL Injection

>=6.2.0, <6.2.18
  • H
Unrestricted Upload of File with Dangerous Type

>=7.6.0, <7.6.22>=8.0.0, <8.7.5
  • M
Path Traversal

>=8.0.0, <8.7.30>=9.0.0, <9.5.12>=10.0.0, <10.2.2
  • M
Cleartext Transmission of Sensitive Information

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.19
  • M
Improper Input Validation

>=6.1.0, <=6.1.12>=6.0.0, <=6.0.14>=4.7.0, <=4.7.20>=4.6.0, <=4.6.18>=7.0.0, <7.0.2>=6.2.0, <6.2.9>=4.5.0, <4.5.39
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.16>=7.0.0, <7.6.1
  • L
Information Exposure

<11.5.30>=12.0.0, <12.4.4
  • L
Information Exposure

<11.5.30>=12.0.0, <12.4.4
  • M
Cross-site Scripting (XSS)

>=8.7.0, <10.4.36>=11.0.0, <11.5.23>=12.0.0, <12.2.0
  • M
Uncontrolled Recursion

>=9.0.0, <10.4.33>=11.0.0, <11.5.20
  • M
Insufficient Session Expiration

>=10.0.0, <10.4.33>=11.0.0, <11.5.20>=12.0.0, <12.1.1
  • M
Operation on a Resource after Expiration or Release

<10.4.32>=11.0.0, <11.5.16
  • M
Cross-site Scripting (XSS)

<10.4.32>=11.0.0, <11.5.16
  • M
Cross-site Scripting (XSS)

<10.4.32>=11.0.0, <11.5.16
  • M
Denial of Service (DoS)

>=11.4.0, <11.5.16
  • M
Timing Attack

<10.4.32>=11.0.0, <11.5.16
  • M
Cross-site Scripting (XSS)

>=11.0.0, <11.3.2>=10.0.0, <10.4.19>=9.0.0, <9.5.29>=8.0.0, <8.7.42>=0.0.0, <7.6.53
  • M
Denial of Service (DoS)

>=7.0.0, <7.6.32>=8.0.0, <8.7.21
  • M
Session Fixation

>=8.0.0, <8.7.25>=9.0.0, <9.5.6
  • L
Cross-site Scripting (XSS)

>=11.0.0, <11.1.1>=10.0.0, <10.4.14<9.5.25
  • M
Information Exposure

>=11.0.0, <11.1.1>=10.0.0, <10.4.14<9.5.25
  • M
Cross-site Scripting (XSS)

>=11.0.0, <11.1.1>=10.0.0, <10.4.14
  • M
Cross-site Scripting (XSS)

>=11.0.0, <11.1.1>=10.2.0, <10.4.14
  • M
Denial of Service (DoS)

>=11.0.0, <11.1.1>=10.0.0, <10.4.14>=9.0.0, <9.5.25
  • M
Open Redirect

>=11.0.0, <11.1.1>=10.0.0, <10.4.14<9.5.25
  • H
Cross-site Scripting (XSS)

>=11.0.0, <11.1.1>=10.0.0, <10.4.14>=8.0.0, <9.5.25
  • H
Improper Input Validation

>=11.0.0, <11.1.1>=10.0.0, <10.4.14>=8.0.0, <9.5.25
  • L
XML External Entity (XXE) Injection

>=10.4.0, <10.4.10
  • H
Information Exposure

>=9.0.0, <9.5.23>=10.0.0, <10.4.9
  • H
Cryptographic Issues

>=9.0.0, <9.5.20>=10.0.0, <10.4.6
  • M
Cryptographic Issues

>=9.0.0, <9.5.20>=10.0.0, <10.4.6
  • H
Privilege Escalation

>=9.0.0, <9.5.20>=10.0.0, <10.4.6
  • H
Information Exposure

>=9.0.0, <9.5.20>=10.0.0, <10.4.6
  • M
Cross-site Scripting (XSS)

>=10.0.0, <10.4.2>=9.0.0, <9.5.17
  • H
Server-side Request Forgery (SSRF)

>=10.0.0, <10.4.2>=9.0.0, <9.5.17
  • L
Information Exposure

>=10.0.0, <10.4.2
  • H
Deserialization of Untrusted Data

>=10.0.0, <10.4.2>=9.0.0, <9.5.17
  • M
Cross-site Scripting (XSS)

>=10.0.0, <10.4.2>=9.0.0, <9.5.17
  • H
Deserialization of Untrusted Data

>=10.0.0, <10.4.2>=9.0.0, <9.5.17
  • M
Cross-site Scripting (XSS)

>=7.0.0, <7.1.0>=6.2.0, <6.2.38
  • M
SQL Injection

>=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
  • H
Deserialization of Untrusted Data

>=8.0.0, <8.7.30>=9.0.0, <9.5.12
  • M
Cross-site Scripting (XSS)

>=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
  • M
Arbitrary File Write via Archive Extraction (Zip Slip)

>=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
  • M
Cross-site Scripting (XSS)

>=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
  • H
Deserialization of Untrusted Data

>=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
  • M
Cross-site Scripting (XSS)

>=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
  • M
Information Exposure

>=8.0.0, <8.7.27>=9.0.0, <9.5.8
  • H
Arbitrary Code Execution

>=8.0.0, <8.7.27>=9.0.0, <9.5.8
  • H
Deserialization of Untrusted Data

>=8.0.0, <8.7.27>=9.0.0, <9.5.8
  • M
Cross-site Scripting (XSS)

>=8.3.0, <8.7.27>=9.0.0, <9.5.8
  • L
Session Fixation

>=8.0.0, <8.7.27>=9.0.0, <9.5.8
  • H
Improper Access Control

>=9.0.0, <9.5.8
  • C
Arbitrary Code Execution

>=8.0.0, <8.7.25>=9.0.0, <9.5.6
  • M
Improper Access Control

>=8.0.0, <8.7.25>=9.0.0, <9.5.6
  • M
Information Exposure

>=9.0.0, <9.5.6
  • M
Information Exposure

>=9.0.0, <9.5.6
  • M
Cross-site Scripting (XSS)

>=8.0.0, <8.7.25>=9.0.0, <9.5.6
  • M
Cross-site Scripting (XSS)

>=8.0.0, <8.7.23>=9.0.0, <9.5.4
  • M
Broken Access Control

>=8.0.0, <8.7.23>=9.0.0, <9.5.8
  • M
Information Exposure

>=8.0.0, <8.7.23>=9.0.0, <9.5.4
  • C
Arbitrary Code Execution

>=8.0.0, <8.7.23>=9.0.0, <9.5.4
  • M
Cross-site Scripting (XSS)

>=8.0.0, <8.7.23>=9.0.0, <9.5.4
  • M
Cross-site Scripting (XSS)

>=9.0.0, <9.5.4
  • H
Security Misconfiguration

>=8.0.0, <8.7.23>=9.0.0, <9.5.4
  • M
Cross-site Scripting (XSS)

>=8.0.0, <8.7.21>=7.0.0, <7.6.32>=9.0.0, <9.5.2
  • M
Cross-site Scripting (XSS)

>=8.0.0, <8.7.21>=7.5.0, <7.6.32>=9.0.0, <9.5.2
  • M
Information Exposure

>=8.0.0, <8.7.21>=7.0.0, <7.6.32>=9.0.0, <9.5.2
  • H
Denial of Service (DoS)

>=8.0.0, <8.7.21>=7.0.0, <7.6.32>=9.0.0, <9.5.2
  • M
Denial of Service (DoS)

>=8.0.0, <8.7.21
  • M
Cross-site Scripting (XSS)

>=7.0.0, <7.6.32>=8.5.0, <8.7.21>=9.0.0, <9.5.2
  • H
Insecure Deserialization

>=8.5.0, <8.7.17>=9.0.0, <9.3.2
  • H
SQL Injection

>=8.5.0, <8.7.17>=9.0.0, <9.3.2
  • M
Authentication Bypass

>=8.0.0, <8.7.17>=7.0.0, <7.6.30>=9.0.0, <9.3.2
  • H
Arbitrary Code Execution

>=7.0.0, <7.6.30>=8.0.0, <8.7.17>=9.0.0, <9.3.2
  • M
Authentication Bypass

<6.2
  • H
Authentication Bypass

<0.2.13
  • M
Cross-site Scripting (XSS)

<8.7.11>=9.0.0, <9.1.0
  • M
Cross-site Scripting (XSS)

>=8.0.0, <8.7.5
  • L
Information Exposure

>=7.6.0, <7.6.22>=8.0.0, <8.7.5
  • H
Arbitrary Code Execution

>=7.6.0, <7.6.22>=8, <8.7.5
  • L
Information Exposure

>=7.6.0, <7.6.22>=8.0.0, <8.7.5
  • M
Access Restriction Bypass

>=8.2.0, <8.6.1
  • M
Cross-site Scripting (XSS)

>=7.6.0, <7.6.16>=8.0.0, <8.6.1
  • H
Arbitrary Code Execution

>=6.2.0, <6.2.30>=7.6.0, <7.6.15>=8.0.0, <8.5.1
  • M
Directory Traversal

>=6.2.0, <6.2.29>=7.6.0, <7.6.13>=8.0.0, <8.4.1
  • H
Deserialization of Untrusted Data

>=6.2.0, <6.2.29>=7.6.0, <7.6.13>=8.0.0, <8.4.1
  • M
SQL Injection

>=6.2.0, <6.2.26>=7.6.0, <7.6.10
  • L
Information Exposure

>=6.2.0, <6.2.26>=7.6.0, <7.6.10>=8.0.0, <8.2.1
  • L
Cross-site Scripting (XSS)

>=6.2.0, <6.2.26>=7.6.0, <7.6.10>=8.0.0, <8.2.1
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.26>=7.6.0, <7.6.10>=8.0.0, <8.2.1
  • M
Cross-site Scripting (XSS)

>=7.6.0, <7.6.10>=8.0.0, <8.2.1
  • H
Deserialization of Untrusted Data

>=6.2.0, <6.2.26>=7.6.0, <7.6.10>=8.0.0, <8.2.1
  • H
HTTP Header Injection

>=8.0.0, <8.2.1
  • M
Denial of Service (DoS)

>=6.2.0, <6.2.27>=7.6.0, <7.6.11>=8, <8.3.1
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.27>=7.6.0, <7.6.11>=8.0.0, <8.3.1
  • C
Arbitrary Code Execution

<6.2.24>=7, <7.6.8>=8, <8.1.1
  • M
Access Restriction Bypass

>=6.2.0, <6.2.20>=7.6.0, <7.6.5>=8, <8.0.1
  • H
Arbitrary File Read

>=6.2.0, <6.2.20
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.20>=7.6.0, <7.6.5>=8.0.0, <8.0.1
  • M
Privilege Escalation

>=6.2.0, <6.2.20>=7.6.0, <7.6.5>=8, <8.0.1
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.19
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.19>=7.6.0, <7.6.4
  • H
Denial of Service (DoS)

>=6.2.0, <6.2.19>=7.6.0, <7.6.4
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.18>=7.6.0, <7.6.3
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.18
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.18
  • M
SQL Injection

>=6.2.0, <6.2.18
  • L
Cross-site Scripting (XSS)

>=6.2.0, <6.2.16>=7.0.0, <7.6.1
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.16>=7.0.0, <7.6.1
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.16>=7.0.0, <7.6.1
  • M
Cross-Site Flashing (XSF)

>=6.2.0, <6.2.16
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.16
  • L
Cross-site Scripting (XSS)

>=6.2.0, <6.2.15>=7.0.0, <7.4.0
  • M
Information Exposure

>=6.2.0, <6.2.15>=7, <7.4.0
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.14>=7.0.0, <7.3.1
  • L
Information Exposure

>=6.2.0, <6.2.14>=7.0.0, <7.3.1
  • M
Denial of Service (DoS)

>=6.2.0, <6.2.14>=7, <7.3.1
  • M
Access Restriction Bypass

>=6.2.0, <6.2.14>=7, <7.3.1
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.14>=7.0.0, <7.3.1
  • M
Session Fixation

>=6.2.0, <6.2.14>=7, <7.3.1
  • M
Link Spoofing

>=4.5.0, <4.5.39>=6.2.0, <6.2.9>=7, <7.0.2
  • M
Cache Poisoning

>=4.5.0, <4.5.39>=6.2.0, <6.2.9>=7, <7.0.2
  • H
Denial of Service (DoS)

>=4.5.0, <4.5.37>=4.7.0, <4.7.20>=6.1.0, <6.1.11>=6.2.0, <6.2.6
  • M
Arbitrary Shell Execution

>=4.5.0, <4.5.37>=4.7.0, <4.7.20>=6.1.0, <6.1.12>=6.2.0, <6.2.6
  • M
Host Spoofing

>=4.5.0, <4.5.34>=4.7.0, <4.7.19>=6, <6.0.14>=6.1.0, <6.1.9>=6.2.0, <6.2.3
  • L
Cross-site Scripting (XSS)

>=6.2.0, <6.2.3
  • M
Session Hijacking

>=6.2.0, <6.2.3
  • M
Information Exposure

>=6.2.0, <6.2.3
  • M
Cross-site Scripting (XSS)

>=6.2.0, <6.2.3