Skip to main navigation Skip to main content Skip to page footer
main logo main logo

[Ticket#201602234084000031] Multiple vulnerabilities in TYPO3 CMS

23 February 2016 ยท TYPO3 Security Team 
Dear TYPO3 users!

It has been discovered that TYPO3 CMS is susceptible to XML External Entity
(XXE) Processing, Cross-Site Scripting and Denial of Service attacks.

For details on the issues please read the accordant advisories:

TYPO3-CORE-SA-2016-005: XML External Entity (XXE) Processing in TYPO3 Core
[1]https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-005/

TYPO3-CORE-SA-2016-006: Cross-Site Scripting in TYPO3 component Backend
[2]https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/

TYPO3-CORE-SA-2016-007: Cross-Site Scripting in TYPO3 component CSS styled
content
[3]https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-007/

TYPO3-CORE-SA-2016-008: Denial of Service attack possibility in TYPO3
component Indexed Search
[4]https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-008/

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
[5]https://docs.typo3.org/typo3cms/SecurityGuide/

Make sure you are subscribed to the TYPO3 Announce List:
[6]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
[7]https://typo3.org/teams/security/security-bulletins/

Regards,

Nicole Cordes
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: [8]https://typo3.org/teams/security/

E-Mail: security@typo3.org

Please note: When replying to this e-mail, please leave the header intact.


[1] https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-005/
[2] https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/
[3] https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-007/
[4] https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-008/
[5] https://docs.typo3.org/typo3cms/SecurityGuide/
[6] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
[7] https://typo3.org/teams/security/security-bulletins/
[8] https://typo3.org/teams/security/
Back to list