Subscribe: TYPO3 news: Security Team
http://news.typo3.org/news/teams/security/rss091.xml
Preview: TYPO3 news: Security Team

typo3.org: Latest News



Latest news from typo3.org



 



Cross Site-Scripting in extension "Caretaker" (caretaker)

Tue, 19 Dec 2017 11:05:00 +0100

It has been discovered that the extension "Caretaker" (caretaker) is susceptible to Cross-Site Scripting.



Multiple vulnerabilities in extension "JobControl" (dmmjobcontrol)

Tue, 19 Dec 2017 11:04:00 +0100

It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to SQL Injection and Cross Site-Scripting.



Multiple vulnerabilities in extension "DRC News Comment" (news_comment)

Tue, 19 Dec 2017 11:03:00 +0100

It has been discovered that the extension "DRC News Comment" (news_comment) is susceptible to Arbitrary Code Execution and Cross Site-Scripting.



Authentication Bypass in extension "Frontend User Registration" (sf_register)

Tue, 19 Dec 2017 11:02:00 +0100

It has been discovered that the extension "Frontend User Registration" (sf_register) is vulnerable to Authentication Bypass.



SQL Injection in extension "Download Center" (pits_downloadcenter)

Tue, 19 Dec 2017 11:01:00 +0100

It has been discovered that the extension "Download Center" (pits_downloadcenter) is susceptible to SQL Injection.



Cross Site-Scripting in extension "Smallads" (ke_smallads)

Tue, 19 Dec 2017 11:00:00 +0100

It has been discovered that the extension "Smallads" (ke_smallads) is susceptible to Cross-Site Scripting.



Cross Site-Scripting in extension "Multishop" (multishop)

Tue, 07 Nov 2017 11:06:00 +0100

It has been discovered that the extension "Multishop" (multishop) is susceptible to Cross-Site Scripting.



Cross Site-Scripting in extension "CAB FAL search" (falsearch)

Tue, 07 Nov 2017 11:05:00 +0100

It has been discovered that the extension "CAB FAL search" (falsearch) is susceptible to Cross-Site Scripting.



Arbitrary File Disclosure in extension "restler" (restler)

Tue, 07 Nov 2017 11:04:00 +0100

It has been discovered that the extension "restler" (restler) is susceptible to Arbitrary File Disclosure.



Cross Site-Scripting in extension "Formhandler" (formhandler)

Tue, 07 Nov 2017 11:03:00 +0100

It has been discovered that the extension "Formhandler" (formhandler) is susceptible to Cross-Site Scripting.