Homepage

typo3/cms-core/.../cms-core vulnerabilities

  • licenses detected

    • Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the typo3/cms-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Incorrect Authorization

    <11.5.40>=12.0.0, <12.4.21>=13.0.0, <13.3.1
    • M
    Improper Verification of Cryptographic Signature

    >=9.0.0, <9.5.48>=10.0.0, <10.4.45>=11.0.0, <11.5.37>=12.0.0, <12.4.15>=13.0.0, <13.1.1
    • M
    Cross-site Scripting (XSS)

    >=9.0.0, <9.5.48>=10.0.0, <10.4.45>=11.0.0, <11.5.37>=12.0.0, <12.4.15>=13.0.0, <13.1.1
    • M
    Cross-site Scripting (XSS)

    >=9.0.0, <9.5.48>=10.0.0, <10.4.45>=11.0.0, <11.5.37>=12.0.0, <12.4.15>=13.0.0, <13.1.1
    • L
    Cross-site Scripting

    >=13.0.0, <13.1.1
    • M
    Path Traversal

    >=8.0.0, <8.7.30>=9.0.0, <9.5.12>=10.0.0, <10.2.2
    • H
    Improper Control of Generation of Code ('Code Injection')

    <11.5.35>=12.0.0, <12.4.11>=13.0.0, <13.0.1
    • M
    Information Exposure

    <11.5.35>=12.0.0, <12.4.11>=13.0.0, <13.0.1
    • H
    Exposure of Sensitive Information to an Unauthorized Actor

    <11.5.35>=12.0.0, <12.4.11>=13.0.0, <13.0.1
    • M
    Exposure of Sensitive Information to an Unauthorized Actor

    <11.5.35>=12.0.0, <12.4.11>=13.0.0, <13.0.1
    • M
    Directory Traversal

    <13.1.0
    • M
    Authentication Bypass by Assumed-Immutable Data

    <11.5.33>=12.0.0, <12.4.8
    • M
    Uncontrolled Recursion

    >=9.0.0, <10.4.33>=11.0.0, <11.5.20
    • M
    Information Exposure

    >=9.0.0, <10.4.33>=11.0.0, <11.5.20>=12.0.0, <12.1.1
    • H
    Arbitrary Code Execution

    >=8.0.0, <8.7.49>=9.0.0, <9.5.38>=10.0.0, <10.4.33>=11.0.0, <11.5.20>=12.0.0, <12.1.1
    • M
    Access Restriction Bypass

    >=8.0.0, <8.7.49>=9.0.0, <9.5.38>=10.0.0, <10.4.33>=11.0.0, <11.5.2>=12.0.0, <12.1.1
    • M
    Cross-site Scripting (XSS)

    <10.4.32>=11.0.0, <11.5.16
    • M
    Denial of Service (DoS)

    >=11.4.0, <11.5.16
    • M
    Timing Attack

    <10.4.32>=11.0.0, <11.5.16
    • M
    Information Exposure

    <10.4.29>=11.0.0, <11.1.11
    • M
    Denial of Service (DoS)

    <10.4.29>=11.0.0, <11.5.11
    • L
    HTTP Header Injection

    >=11.0.0, <11.5.0
    • H
    Cross-site Request Forgery (CSRF)

    >=11.0.0, <11.5.0
    • M
    Cross-site Scripting (XSS)

    >=11.0.0, <11.3.2>=10.0.0, <10.4.19>=9.0.0, <9.5.29>=8.0.0, <8.7.42>=0.0.0, <7.6.53
    • M
    Denial of Service (DoS)

    >=7.0.0, <7.6.32>=8.0.0, <8.7.21
    • M
    Information Disclosure

    >=8.0.0, <8.7.27>=9.0.0, <9.5.8
    • M
    Insecure Defaults

    >=7.0.0, <7.6.32>=8.0.0, <8.7.21>=9.0.0, <9.5.2
    • M
    Session Fixation

    >=8.0.0, <8.7.25>=9.0.0, <9.5.6
    • M
    Cross-site Scripting (XSS)

    >=11.0.0, <11.3.1>=10.0.0, <10.4.18>=9.0.0, <9.5.28>=8.0.0, <8.7.41
    • M
    Information Exposure

    >=11.0.0, <11.3.1>=10.0.0, <10.4.18>=9.0.0, <9.5.28>=8.0.0, <8.7.41>=7.0.0, <7.6.52
    • L
    Cross-site Scripting (XSS)

    >=11.0.0, <11.1.1>=10.0.0, <10.4.14<9.5.25
    • M
    Information Exposure

    >=11.0.0, <11.1.1>=10.0.0, <10.4.14<9.5.25
    • M
    Cross-site Scripting (XSS)

    >=11.0.0, <11.1.1>=10.0.0, <10.4.14
    • M
    Cross-site Scripting (XSS)

    >=11.0.0, <11.1.1>=10.2.0, <10.4.14
    • M
    Denial of Service (DoS)

    >=11.0.0, <11.1.1>=10.0.0, <10.4.14>=9.0.0, <9.5.25
    • M
    Open Redirect

    >=11.0.0, <11.1.1>=10.0.0, <10.4.14<9.5.25
    • H
    Cross-site Scripting (XSS)

    >=11.0.0, <11.1.1>=10.0.0, <10.4.14>=8.0.0, <9.5.25
    • H
    Improper Input Validation

    >=11.0.0, <11.1.1>=10.0.0, <10.4.14>=8.0.0, <9.5.25
    • H
    Privilege Escalation

    >=9.0.0, <9.5.20>=10.0.0, <10.4.6
    • H
    Information Exposure

    >=9.0.0, <9.5.20>=10.0.0, <10.4.6
    • M
    Cross-site Scripting (XSS)

    >=10.0.0, <10.4.2>=9.0.0, <9.5.17
    • H
    Server-side Request Forgery (SSRF)

    >=10.0.0, <10.4.2>=9.0.0, <9.5.17
    • L
    Information Exposure

    >=10.0.0, <10.4.2
    • H
    Deserialization of Untrusted Data

    >=10.0.0, <10.4.2>=9.0.0, <9.5.17
    • M
    Cross-site Scripting (XSS)

    >=10.0.0, <10.4.2>=9.0.0, <9.5.17
    • H
    Deserialization of Untrusted Data

    >=10.0.0, <10.4.2>=9.0.0, <9.5.17
    • M
    SQL Injection

    >=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
    • M
    Arbitrary File Write via Archive Extraction (Zip Slip)

    >=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
    • M
    Cross-site Scripting (XSS)

    >=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
    • H
    Deserialization of Untrusted Data

    >=8.0.0, <8.7.30>=9.0.0, <9.5.12
    • M
    Cross-site Scripting (XSS)

    >=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
    • M
    Cross-site Scripting (XSS)

    >=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
    • H
    Deserialization of Untrusted Data

    >=10.0.0, <10.2.1>=9.0.0, <9.5.12>=8.0.0, <8.7.30
    • H
    Arbitrary Code Execution

    >=8.0.0, <8.7.27>=9.0.0, <9.5.8
    • H
    Deserialization of Untrusted Data

    >=8.0.0, <8.7.27>=9.0.0, <9.5.8
    • M
    Cross-site Scripting (XSS)

    >=8.3.0, <8.7.27>=9.0.0, <9.5.8
    • L
    Session Fixation

    >=8.0.0, <8.7.27>=9.0.0, <9.5.8
    • C
    Arbitrary Code Execution

    >=8.0.0, <8.7.25>=9.0.0, <9.5.6
    • M
    Improper Access Control

    >=8.0.0, <8.7.25>=9.0.0, <9.5.6
    • M
    Information Exposure

    >=9.0.0, <9.5.6
    • M
    Information Exposure

    >=9.0.0, <9.5.6
    • M
    Cross-site Scripting (XSS)

    >=8.0.0, <8.7.25>=9.0.0, <9.5.6
    • M
    Cross-site Scripting (XSS)

    >=8.0.0, <8.7.23>=9.0.0, <9.5.4
    • M
    Cross-site Scripting (XSS)

    >=8.0.0, <8.7.23>=9.0.0, <9.5.4
    • M
    Information Exposure

    >=8.0.0, <8.7.23>=9.0.0, <9.5.4
    • M
    Broken Access Control

    >=8.0.0, <8.7.23>=9.0.0, <9.5.8
    • M
    Cross-site Scripting (XSS)

    >=9.0.0, <9.5.4
    • C
    Arbitrary Code Execution

    >=8.0.0, <8.7.23>=9.0.0, <9.5.4
    • H
    Security Misconfiguration

    >=8.0.0, <8.7.23>=9.0.0, <9.5.4
    • M
    Cross-site Scripting (XSS)

    >=8.0.0, <8.7.21>=7.0.0, <7.6.32>=9.0.0, <9.5.2
    • M
    Cross-site Scripting (XSS)

    >=8.0.0, <8.7.21>=7.5.0, <7.6.32>=9.0.0, <9.5.2
    • M
    Information Exposure

    >=8.0.0, <8.7.21>=7.0.0, <7.6.32>=9.0.0, <9.5.2
    • H
    Denial of Service (DoS)

    >=8.0.0, <8.7.21>=7.0.0, <7.6.32>=9.0.0, <9.5.2
    • M
    Denial of Service (DoS)

    >=8.0.0, <8.7.21
    • M
    Cross-site Scripting (XSS)

    >=7.0.0, <7.6.32>=8.5.0, <8.7.21>=9.0.0, <9.5.2
    • H
    Insecure Deserialization

    >=8.5.0, <8.7.17>=9.0.0, <9.3.2
    • H
    Arbitrary Code Execution

    >=7.0.0, <7.6.30>=8.0.0, <8.7.17>=9.0.0, <9.3.2
    • H
    SQL Injection

    >=8.5.0, <8.7.17>=9.0.0, <9.3.2
    • M
    Improper Authentication

    >=8.0.0, <8.7.17>=9.0.0, <9.3.2