Security Advisories - typo3/cms

typo3/cms Security Advisories for v8.7.28 (10)

[MEDIUM] Typo3 XSS Vulnerability

PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75

Affected version: <9.2.0

Reported by:
GitHub
[HIGH] TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier

PKSA-tb1c-8bnf-mvmf CVE-2020-26228 GHSA-954j-f27r-cj52

Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers

PKSA-7sv8-gd3z-zptc CVE-2020-26227 GHSA-vqqx-jw6p-q3rf

Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Insecure Deserialization in Query Generator & Query View

PKSA-fyxc-qkr6-f3ry CVE-2019-19849 GHSA-rcgc-4xfc-564v

Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] SQL Injection in low-level Query Generator

PKSA-8qsb-zpqf-kwq2 CVE-2019-19850 GHSA-59pj-7mjh-4465

Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Directory Traversal on ZIP extraction

PKSA-187n-yk48-q1fv CVE-2019-19848 GHSA-77p4-wfr8-977w

Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Cross-Site Scripting in Form Framework validation handling

PKSA-mk73-2ss9-7t3h GHSA-v5jp-4h2p-j2p4

Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Cross-Site Scripting in Link Handling

PKSA-mgq1-q3nx-4qhb GHSA-5gr6-97fv-52cc

Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Possible Insecure Deserialization in Extbase Request Handling

PKSA-7wb5-3v3w-d2zd GHSA-qr5f-6fcv-w69q

Affected version: >=8.0.0,<8.7.30|>=9.0.0,<9.5.12

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Cross-Site Scripting in Filelist Module

PKSA-jfwm-f2y6-dfw3 GHSA-2rcw-9hrm-8q7q

Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12

Reported by:
GitHub, FriendsOfPHP/security-advisories

typo3/cms Security Advisories for v8.7.28 (10)

[MEDIUM] Typo3 XSS Vulnerability

[HIGH] TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier

[MEDIUM] TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers

[HIGH] Insecure Deserialization in Query Generator &amp; Query View

[MEDIUM] SQL Injection in low-level Query Generator

[MEDIUM] Directory Traversal on ZIP extraction

[MEDIUM] Cross-Site Scripting in Form Framework validation handling

[MEDIUM] Cross-Site Scripting in Link Handling

[MEDIUM] Possible Insecure Deserialization in Extbase Request Handling

[MEDIUM] Cross-Site Scripting in Filelist Module

[HIGH] Insecure Deserialization in Query Generator & Query View