Skip to main navigation Skip to main content Skip to page footer
main logo main logo

Vulnerabilities in multiple TYPO3 components

12 April 2016 ยท TYPO3 Security Team 
Dear TYPO3 users!

It has been discovered that TYPO3 CMS is susceptible to Cross-Site Scripting, Authentication Bypass, Arbitrary File Disclosure and Privilege Escalation.

For details on the issues please read the accordant advisories:

TYPO3-CORE-SA-2016-009: Cross-Site Scripting in TYPO3 Backend
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-009/

TYPO3-CORE-SA-2016-010: Arbitrary File Disclosure in Form Component
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-010/

TYPO3-CORE-SA-2016-011: Authentication Bypass in TYPO3 CMS
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-011/

TYPO3-CORE-SA-2016-012: Privilege Escalation in TYPO3 CMS
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-012/



In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
https://docs.typo3.org/typo3cms/SecurityGuide/

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
https://typo3.org/teams/security/security-bulletins/



Regards,

Helmut Hummel
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: https://typo3.org/teams/security/

E-Mail: security@typo3.org
Back to list