tpwd/ke_search
Packagist4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tpwd/ke_searchpage 1 of 1
- CVE-2020-15517MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.8.32020-07-07
vulnerable: 1.99.0 ... v2.8.2 (27 versions)
The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS.
- CVE-2023-35783MEDIUMCVSS 6.3EG 6.3✓ Fixed in 4.0.32023-06-16
vulnerable: 1.99.0 ... v4.0.1 (61 versions)
The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.
- CVE-2026-46722MEDIUMCVSS 5.9EG 5.9✓ Fixed in 7.0.12026-05-19
vulnerable: v7.0.0
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieve…
- CVE-2026-46723MEDIUMCVSS 5.9EG 5.9✓ Fixed in 7.0.12026-05-19
vulnerable: v7.0.0
The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the sear…
Check whether tpwd/ke_search is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tpwd/ke_search CVEs against the assets you own.
Start Free Scan →