typo3/cms-core
Packagist98 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting typo3/cms-corepage 2 of 2
- CVE-2022-23503HIGHCVSS 7.5EG 7.5✓ Fixed in 12.1.12022-12-14
vulnerable: v12.0.0, v12.1.0
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configura…
- CVE-2022-23504MEDIUMCVSS 5.7EG 5.7✓ Fixed in 12.1.12022-12-14
vulnerable: v12.0.0, v12.1.0
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expression…
- CVE-2022-31046MEDIUMCVSS 4.3EG 4.3✓ Fixed in 11.5.112022-06-14
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table.…
- CVE-2022-31047MEDIUMCVSS 5.3EG 5.3✓ Fixed in 11.5.112022-06-14
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception h…
- CVE-2022-31048MEDIUMCVSS 5.4EG 5.4✓ Fixed in 11.5.112022-06-14
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user acc…
- CVE-2022-31049MEDIUMCVSS 5.4EG 5.4✓ Fixed in 11.5.112022-06-14
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were …
- CVE-2022-31050MEDIUMCVSS 6.0EG 6.0✓ Fixed in 11.5.112022-06-14
vulnerable: v11.0.0 ... v11.5.9 (20 versions)
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was …
- CVE-2022-36020MEDIUMCVSS 6.1EG 6.1✓ Fixed in 11.5.162022-09-13
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious…
- CVE-2022-36104MEDIUMCVSS 5.9EG 5.9✓ Fixed in 11.5.162022-09-13
vulnerable: v11.4.0 ... v11.5.9 (17 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be…
- CVE-2022-36105MEDIUMCVSS 5.3EG 5.3✓ Fixed in 11.5.162022-09-13
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing a…
- CVE-2022-36106MEDIUMCVSS 5.4EG 5.4✓ Fixed in 11.5.162022-09-13
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password …
- CVE-2022-36107MEDIUMCVSS 6.5EG 6.5✓ Fixed in 11.5.162022-09-13
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are …
- CVE-2022-36108MEDIUMCVSS 6.5EG 6.5✓ Fixed in 11.5.162022-09-13
vulnerable: v11.0.0 ... v11.5.9 (25 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. …
- CVE-2023-24814HIGHCVSS 8.8EG 8.8✓ Fixed in 8.7.512023-02-07
vulnerable: v8.7.10 ... v8.7.9 (26 versions)
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_…
- CVE-2023-30451MEDIUMCVSS 4.9EG 4.9✓ Fixed in 13.0.12023-12-25
vulnerable: 13.0.0, v13.0.0
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[…
- CVE-2023-38499LOWCVSS 3.7EG 3.7✓ Fixed in 12.4.42023-07-25
vulnerable: v12.0.0 ... v12.4.3 (11 versions)
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` al…
- CVE-2023-47127MEDIUMCVSS 5.4EG 4.2✓ Fixed in 12.4.82023-11-14
vulnerable: v12.0.0 ... v12.4.7 (15 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session …
- CVE-2024-22188HIGHCVSS 7.2EG 7.2✓ Fixed in 13.0.12024-03-05
vulnerable: 13.0.0, v13.0.0
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool…
- CVE-2024-25118MEDIUMCVSS 4.3EG 4.3✓ Fixed in 13.0.12024-02-13
vulnerable: 13.0.0, v13.0.0
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext passwo…
- CVE-2024-25119MEDIUMCVSS 4.9EG 4.9✓ Fixed in 13.0.12024-02-13
vulnerable: 13.0.0, v13.0.0
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed…
- CVE-2024-25120MEDIUMCVSS 4.3EG 4.3✓ Fixed in 13.0.12024-02-13
vulnerable: 13.0.0, v13.0.0
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pa…
- CVE-2024-25121HIGHCVSS 7.1EG 7.1✓ Fixed in 13.0.12024-02-13
vulnerable: 13.0.0, v13.0.0
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to…
- CVE-2024-34355LOWCVSS 3.5EG 3.5✓ Fixed in 13.1.12024-05-14
vulnerable: v13.0.0, v13.0.1, v13.1.0
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript e…
- CVE-2024-34356MEDIUMCVSS 5.4EG 5.4✓ Fixed in 13.1.12024-05-14
vulnerable: v13.0.0, v13.0.1, v13.1.0
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Explo…
- CVE-2024-34357MEDIUMCVSS 5.4EG 5.4✓ Fixed in 13.1.12024-05-14
vulnerable: v13.0.0, v13.0.1, v13.1.0
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `Sho…
- CVE-2024-34358MEDIUMCVSS 5.3EG 5.3✓ Fixed in 13.1.12024-05-14
vulnerable: v13.0.0, v13.0.1, v13.1.0
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMA…
- CVE-2024-55892MEDIUMCVSS 4.8EG 4.8✓ Fixed in 13.4.32025-01-14
vulnerable: v13.0.0 ... v13.4.2 (11 versions)
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open…
- CVE-2025-47937LOWCVSS 3.7EG 3.7✓ Fixed in 13.4.122025-05-20
vulnerable: v13.0.0 ... v13.4.9 (20 versions)
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple ta…
- CVE-2025-47938LOWCVSS 3.8EG 3.8✓ Fixed in 13.4.122025-05-20
vulnerable: v13.0.0 ... v13.4.9 (20 versions)
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password …
- CVE-2025-47939MEDIUMCVSS 5.4EG 5.4✓ Fixed in 13.4.122025-05-20
vulnerable: v13.0.0 ... v13.4.9 (20 versions)
TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly…
- CVE-2025-47940HIGHCVSS 7.2EG 7.2✓ Fixed in 13.4.122025-05-20
vulnerable: v13.0.0 ... v13.4.9 (20 versions)
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privil…
- CVE-2025-59013MEDIUMCVSS 6.1EG 6.1✓ Fixed in 13.4.182025-09-09
vulnerable: v13.0.0 ... v13.4.9 (26 versions)
An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, …
- CVE-2025-59015MEDIUMCVSS 6.5EG 6.5✓ Fixed in 13.4.182025-09-09
vulnerable: v13.0.0 ... v13.4.9 (26 versions)
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.
- CVE-2025-59016MEDIUMCVSS 4.3EG 4.3✓ Fixed in 13.4.182025-09-09
vulnerable: v13.0.0 ... v13.4.9 (26 versions)
Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed…
- CVE-2026-0859HIGHCVSS 7.8EG 7.8✓ Fixed in 10.4.552026-01-13
vulnerable: v10.0.0 ... v10.4.9 (43 versions)
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web ser…
- CVE-2026-11607HIGHCVSS 7.6EG 7.6✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used t…
- CVE-2026-47343HIGHCVSS 7.2EG 7.2✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 C…
- CVE-2026-47346HIGHCVSS 7.6EG 7.6✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to e…
- CVE-2026-47347MEDIUMCVSS 5.3EG 5.3✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users…
- CVE-2026-47348MEDIUMCVSS 5.1EG 5.1✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these …
- CVE-2026-47349MEDIUMCVSS 5.3EG 5.3✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.…
- CVE-2026-47350MEDIUMCVSS 5.3EG 5.3✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.
- CVE-2026-47351MEDIUMCVSS 5.3EG 5.3✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue af…
- CVE-2026-47352MEDIUMCVSS 5.3EG 5.3✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS version…
- CVE-2026-49738LOWCVSS 2.1EG 2.1✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as v…
- CVE-2026-49740MEDIUMCVSS 6.3EG 6.3✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend (cache store …
- CVE-2026-49741HIGHCVSS 8.7EG 8.7✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. Thi…
- CVE-2026-49742HIGHCVSS 7.1EG 7.1✓ Fixed in 14.3.32026-06-09
vulnerable: v14.0.0 ... v14.3.2 (9 versions)
Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths relative to the server's document root, …
Check whether typo3/cms-core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for typo3/cms-core CVEs against the assets you own.
Start Free Scan →