typo3/cms-backend Security Advisories for v12.4.14 (6)
-
[MEDIUM] TYPO3 CSV download feature information disclosure
PKSA-npmp-rd1w-2fyt CVE-2025-59019 GHSA-j8vm-7q52-2m2m
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37
Reported by:
GitHub -
[MEDIUM] TYPO3 backend modules have Broken Access Control
PKSA-27mn-p368-8rxc CVE-2025-59017 GHSA-2fhw-2j7m-mr4m
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37|>=11.0.0,<11.5.48|>=10.0.0,<10.4.54|>=9.0.0,<9.5.55
Reported by:
GitHub -
[MEDIUM] TYPO3 Bookmark Toolbar vulnerable to denial of service
PKSA-957f-x856-svyv CVE-2025-59014 GHSA-xrcq-533q-8rxw
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37|>=11.0.0,<11.5.48
Reported by:
GitHub -
[HIGH] The TYPO3 CMS Backend has Broken Authentication in Backend MFA
PKSA-7w9w-389g-6rb9 CVE-2025-47941 GHSA-744g-7qm9-hjh9
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30
Reported by:
GitHub -
[LOW] Denial of Service in TYPO3 Bookmark Toolbar
PKSA-9vjc-5m3y-9mrq CVE-2024-34537 GHSA-ffcv-v6pw-qhrp
Affected version: >=10.0.0,<=10.4.45|>=11.0.0,<=11.5.39|>=12.0.0,<12.4.20|=13.0.0
Reported by:
GitHub -
[LOW] Information Disclosure in TYPO3 Page Tree
PKSA-4w8t-ddwx-n1z6 CVE-2024-47780 GHSA-rf5m-h8q9-9w6q
Affected version: >=10.0.0,<10.4.46|>=11.0.0,<11.5.40|>=12.0.0,<12.4.21|>=13.0.0,<13.3.1
Reported by:
GitHub