Headline
CVE-2022-44543: TYPO3 Security Bulletins
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.
Security Advisories
All Advisories
TYPO3 CMS TYPO3 Extensions Public Service Announcements Security Advisories (RSS Feed)
Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail
Wed. 13th December, 2023
TYPO3-EXT-SA-2023-011: Configuration Injection in extension “Direct Mail” (direct_mail)
Categories: Development, Security
Advisory type: TYPO3 Extensions
Created by Torben Hansen
It has been discovered that the extension “Direct Mail” (direct_mail) is susceptible to Configuration Injection.
Read more
Wed. 13th December, 2023
TYPO3-EXT-SA-2023-010: Broken Access Control in extension “femanager” (femanager)
Categories: Development, Security
Advisory type: TYPO3 Extensions
Created by Torben Hansen
It has been discovered that the extension “femanager” (femanager) is susceptible to Broken Access Control.
Read more
Wed. 13th December, 2023
TYPO3-EXT-SA-2023-009: Insecure Direct Object Reference in extension “Content Consent” (content_consent)
Categories: Development, Security
Advisory type: TYPO3 Extensions
Created by Torben Hansen
It has been discovered that the extension “Content Consent” (content_consent) is susceptible to Insecure Direct Object Reference.
Read more
Tue. 14th November, 2023
TYPO3-CORE-SA-2023-007: By-passing Cross-Site Scripting Protection in HTML Sanitizer
Categories: Development, TYPO3 CMS
Advisory type: TYPO3 CMS
Created by Oliver Hader
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Read more
Tue. 14th November, 2023
TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling
Categories: Development, TYPO3 CMS
Advisory type: TYPO3 CMS
Created by Oliver Hader
It has been discovered that TYPO3 CMS is susceptible to weak authentication.
Read more
Tue. 14th November, 2023
TYPO3-CORE-SA-2023-005: Information Disclosure in Install Tool
Categories: Development, TYPO3 CMS
Advisory type: TYPO3 CMS
Created by Oliver Hader
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more
Wed. 4th October, 2023
TYPO3-EXT-SA-2023-008: Broken Access Control in extension “femanager” (femanager)
Categories: Development, Security
Advisory type: TYPO3 Extensions
Created by Torben Hansen
It has been discovered that the extension “femanager” (femanager) is susceptible to Broken Access Control.
Read more
Thu. 17th August, 2023
TYPO3-EXT-SA-2023-007: Broken Access Control in extension “hCaptcha for EXT:form” (hcaptcha)
Categories: Development, Security
Advisory type: TYPO3 Extensions
Created by Torben Hansen
It has been discovered that the extension “hCaptcha for EXT:form” (hcaptcha) is susceptible to Broken Access Control.
Read more
Tue. 25th July, 2023
TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin
Categories: Development, TYPO3 CMS
Advisory type: TYPO3 CMS
Created by Oliver Hader
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Read more
Tue. 25th July, 2023
TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution
Categories: Development, TYPO3 CMS
Advisory type: TYPO3 CMS
Created by Oliver Hader
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more
- «
- ‹
- 1
- 2
- 3
- …
- ›
- »
Related news
The TYPO3 Extension femanager prior to versions 5.5.2, 6.3.3, and 7.0.1 is vulnerable to broken access control. The `usergroup.inList` validation can be bypassed resulting in new frontend users created by the extension may be members of groups that are restricted. The vulnerability is only exploitable if the field usergroup is available in the registration form. Versions 5.5.2, 6.3.3, and 7.0.1 contain patches.