typo3/cms vulnerabilities

TYPO3 CMS is a free open source Content Management Framework initially created by Kasper Skaarhoj and licensed under GNU/GPL.

Latest version: v9.5.5

View on Packagist.org
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the typo3/cms package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Broken Access Control
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Information Disclosure
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Cross-Site Scripting (XSS)
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Cross-Site Scripting (XSS)
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Cross-Site Scripting (XSS)
>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • H
Arbitrary Code Execution
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • H
Security Misconfiguration
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Cross-Site Scripting (XSS)
>=8.0.0, <8.7.21,>=7.0.0, <7.6.32,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • M
Cross-site Scripting (XSS)
>=8.0.0, <8.7.21,>=7.5.0, <7.6.32,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • M
Information Exposure
>=8.0.0, <8.7.21,>=7.0.0, <7.6.32,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • H
Denial of Service (DOS)
>=8.0.0, <8.7.21,>=7.0.0, <7.6.32,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • M
Denial of Service (DOS)
>=8.0.0, <8.7.21 Not available 12 Dec, 2018
  • M
Cross-Site Scripting (XSS)
>=8.5.0, <8.7.21,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • H
Insecure Deserialization
>=8.5.0, <8.7.17,>=9.0.0, <9.3.2 Not available 23 Jul, 2018
  • H
Arbitrary Code Execution
>=8.0.0, <8.7.17,>=7.0.0, <7.6.30,>=9.0.0, <9.3.2 Not available 19 Jul, 2018
  • H
SQL Injection
>=8.5.0, <8.7.17,>=9.0.0, <9.3.2 Not available 19 Jul, 2018
  • M
Authentication Bypass
>=8.0.0, <8.7.17,>=7.0.0, <7.6.30,>=9.0.0, <9.3.2 Not available 19 Jul, 2018
  • M
Authentication Bypass
<6.2 Not available 06 Jun, 2018
  • H
Authentication Bypass
<0.2.13 Not available 06 Jun, 2018
  • M
Cross-site Scripting (XSS)
<8.7.11,>=9.0.0, <9.1.0 Not available 09 Apr, 2018
  • M
Cross-site Scripting (XSS)
>=8.0.0, <8.7.5 Not available 05 Sep, 2017
  • L
Information Exposure
>=7.6.0, <7.6.22,>=8.0.0, <8.7.5 Not available 05 Sep, 2017
  • L
Information Exposure
>=7.6.0, <7.6.22,>=8.0.0, <8.7.5 Not available 05 Sep, 2017
  • H
Arbitrary Code Execution
>=7.6.0, <7.6.22,>=8, <8.7.5 Not available 05 Sep, 2017
  • M
Access Restriction Bypass
>=8.2.0, <8.6.1 Not available 28 Feb, 2017
  • M
Cross-site Scripting (XSS)
>=7.6.0, <7.6.16,>=8.0.0, <8.6.1 Not available 28 Feb, 2017
  • H
Arbitrary Code Execution
>=6.2.0, <6.2.30,>=7.6.0, <7.6.15,>=8.0.0, <8.5.1 Not available 03 Jan, 2017
  • H
Deserialization of Untrusted Data
>=6.2.0, <6.2.29,>=7.6.0, <7.6.13,>=8.0.0, <8.4.1 Not available 22 Nov, 2016
  • M
Directory Traversal
>=6.2.0, <6.2.29,>=7.6.0, <7.6.13,>=8.0.0, <8.4.1 Not available 22 Nov, 2016
  • M
Cross-site Scripting (XSS)
>=6.2.0, <6.2.26,>=7.6.0, <7.6.10,>=8.0.0, <8.2.1 Not available 19 Jul, 2016