typo3/cms Security Advisories for v9.5.14 (20)
-
[MEDIUM] TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content
PKSA-f5pt-5p3j-9w13 CVE-2021-32768 GHSA-c5c9-8c6m-727v
Affected version: >=10.0.0,<10.4.19|>=11.0.0,<11.3.2|>=9.0.0,<9.5.29
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication
PKSA-166g-yc33-swnp CVE-2021-32767 GHSA-34fr-fhqr-7235
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View
PKSA-z4fg-75ns-v363 CVE-2021-32669 GHSA-rgcg-28xm-8mmw
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View
PKSA-vhss-cbdf-h9zf CVE-2021-32668 GHSA-6mh3-j5r5-2379
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview
PKSA-wk8d-zxk8-8xqc CVE-2021-32667 GHSA-8mq9-fqv8-59wf
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview
PKSA-txbn-cfcc-9zgj CVE-2021-21370 GHSA-x7hc-x7fm-f7qh
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier
PKSA-6rj9-2kkd-njb3 CVE-2021-21339 GHSA-qx3w-4864-94ch
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling
PKSA-g918-9bjy-w911 CVE-2021-21359 GHSA-4p9g-qgx9-397p
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework
PKSA-wd9s-13sq-wnby CVE-2021-21357 GHSA-3vg7-jw9m-pc3f
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework
PKSA-3jwm-rpgc-y2bh CVE-2021-21355 GHSA-2r6j-862c-m2v2
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling
PKSA-4pvk-bqg1-qyqj CVE-2021-21338 GHSA-4jhw-2p6j-5wmp
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
PKSA-tb1c-8bnf-mvmf CVE-2020-26228 GHSA-954j-f27r-cj52
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
PKSA-7sv8-gd3z-zptc CVE-2020-26227 GHSA-vqqx-jw6p-q3rf
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure
PKSA-89kh-571y-53vr CVE-2020-15098 GHSA-m5vr-3m74-jwxp
Affected version: >=10.0.0,<10.4.6|>=9.0.0,<9.5.20
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-007: Potential Privilege Escalation
PKSA-bvhz-zjdr-rz23 CVE-2020-15099 GHSA-3x94-fv5h-5q2c
Affected version: >=10.0.0,<10.4.6|>=9.0.0,<9.5.20
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface
PKSA-vncq-mbcp-6vyd CVE-2020-11069 GHSA-pqg8-crx9-g8m4
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings
PKSA-dxxk-hc9h-1z3f CVE-2020-11067 GHSA-2wj9-434x-9hvp
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
PKSA-ss2r-276b-st5d CVE-2020-11066 GHSA-2rxh-h6h9-qrqc
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling
PKSA-fzgc-n67f-tpd3 CVE-2020-11065 GHSA-4j77-gg36-9864
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine
PKSA-fpbs-1vv7-3m1y CVE-2020-11064 GHSA-43gj-mj2w-wh46
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories