heise PlusAbo
Anzeige

CMS: Typo3 developers seal ten security gaps

The content management system Typo3 closes ten security gaps with updated packages.

listen Print view
Woman,Creating,Her,Own,Website,On,Computer, Wordpress, CMS, Screen, Website,

(Image: Shutterstock/Kaspars Grinvalds)

2 min. read
Security
By

The developers have reported ten security vulnerabilities in the Typo3 content management system. Updated versions of Typo3 are available to patch the vulnerabilities, some of which are highly risky.

Most of the security leaks are of the cross-site scripting type. Attackers can use them to inject links into victims that inject malicious code into their user context and execute it. According to the description of the most serious vulnerability in the scheduler module, visiting a compromised or manipulated website is sufficient.

Videos by heise

Due to the severity of some vulnerabilities, IT managers should quickly install the updated software versions. The security-relevant errors correct the Typo3 versions 9.5.49 ELTS, 10.4.48 ELTS,11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS. They are available on the Typo3 download page. However, the updates for the 10 and 11 development branches in particular are no longer supported in the free version; users must switch to the 12 or 13 version. However, the security notices do not explain where those affected can obtain the update to Typo3 9.5.49 ELTS.

The vulnerabilities in detail:

Read also

High-risk vulnerabilities in Typo3 were last discovered in early 2023. Here, too, a cross-site scripting vulnerability allowed malicious HTML code to be injected.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten