Sven Jürgens

**Name of the Vulnerable Software and Affected Versions** TYPO3 CMS versions 10.0.0 through 10.4.54 TYPO3 CMS versions 11.0.0 through 11.5.48 TYPO3 CMS versions 12.0.0 through 12.4.40 TYPO3 CMS versions 13.0.0 through 13.4.22 TYPO3 CMS versions 14.0.0 through 14.0.1 **Description** Backend users with access to the recycler module could delete arbitrary data from any database table defined in the TCA, irrespective of their permissions for that specific table. This allowed attackers to purge and destroy critical site data, potentially rendering the website unavailable. The issue concerns the TYPO3 CMS recycler module and its interaction with the TCA (TypoScript Configuration Array). **Recommendations** TYPO3 CMS versions 10.0.0 through 10.4.54 should be updated to a newer, fixed version. TYPO3 CMS versions 11.0.0 through 11.5.48 should be updated to a newer, fixed version. TYPO3 CMS versions 12.0.0 through 12.4.40 should be updated to a newer, fixed version. TYPO3 CMS versions 13.0.0 through 13.4.22 should be updated to a newer, fixed version. TYPO3 CMS versions 14.0.0 through 14.0.1 should be updated to a newer, fixed version.

**Name of the Vulnerable Software and Affected Versions** jh captcha extension versions 2.1.3 and earlier jh captcha extension versions 3.x through 3.0.2 **Description** The issue allows for XSS. **Recommendations** For jh captcha extension versions 2.1.3 and earlier, update to a version later than 2.1.3. For jh captcha extension versions 3.x through 3.0.2, update to a version later than 3.0.2.