| CVE-2017-14251 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
TYPO3 Arbitrary Code Execution |
| CVE-2010-3714 |
high |
— |
8.1 |
|
|
|
16y ago |
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism |
| CVE-2010-5099 |
medium |
— |
7.8 |
|
|
|
14y ago |
TYPO3 Path Traversal vulnerability |
| CVE-2014-9509 |
high |
— |
7.5 |
|
|
|
12y ago |
Typo3 Vulnerable to Cache Poisoning |
| CVE-2013-4701 |
high |
— |
7.5 |
|
|
|
13y ago |
PHP OpenID Library Denial of Service vulnerability |
| CVE-2010-1153 |
medium |
— |
6.8 |
|
|
|
16y ago |
TYPO3 PHP remote file inclusion vulnerability |
| CVE-2013-4321 |
medium |
— |
6.5 |
|
|
|
12y ago |
TYPO3 vulnerable to remote authenticated arbitrary code execution |
| CVE-2013-4250 |
medium |
— |
6.5 |
|
|
|
12y ago |
TYPO3 doesn't properly check file extensions |
| CVE-2013-7075 |
medium |
— |
6.5 |
|
|
|
13y ago |
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component |
| CVE-2012-6144 |
medium |
— |
6.5 |
|
|
|
13y ago |
Typo3 Backend History Module Vulnerable to SQL Injection |
| CVE-2016-4056 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
TYPO3 Backend component Cross-site scripting (XSS) vulnerability |
| CVE-2015-8760 |
medium |
6.1 |
6.1 |
|
|
|
11y ago |
TYPO3 allows remote attackers to embed Flash videos from external domain |
| CVE-2014-3942 |
medium |
— |
6.0 |
|
|
|
12y ago |
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code |
| CVE-2010-5103 |
medium |
— |
6.0 |
|
|
|
14y ago |
TYPO3 SQL Injection vulnerability |
| CVE-2014-3944 |
medium |
— |
5.8 |
|
|
|
12y ago |
TYPO3 Improper Session Invalidation |
| CVE-2015-8759 |
medium |
5.4 |
5.4 |
|
|
|
11y ago |
TYPO3 Cross-site Scripting vulnerability |
| CVE-2015-8756 |
medium |
5.4 |
5.4 |
|
|
|
11y ago |
TYPO3 CMS indexed search Cross-site Scripting vulnerability |
| CVE-2015-8755 |
medium |
5.4 |
5.4 |
|
|
|
11y ago |
Typo3 XSS Vulnerability |
| CVE-2017-6370 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
TYPO3 Information Disclosure Vulnerability |
| CVE-2014-3941 |
medium |
— |
5.0 |
|
|
|
12y ago |
Typo3 Host Header Spoofing Vulnerability |
| CVE-2012-1608 |
medium |
— |
5.0 |
|
|
|
14y ago |
Typo3 API XSS Vulnerabilities |
| CVE-2012-1607 |
medium |
— |
5.0 |
|
|
|
14y ago |
TYPO3 allows remote attackers to obtain the database name via a direct request |
| CVE-2012-1605 |
medium |
— |
5.0 |
|
|
|
14y ago |
Typo3 Extbase Framework Unsafe Deserialization |
| CVE-2012-3527 |
medium |
— |
4.6 |
|
|
|
14y ago |
TYPO3 allows remote authenticated backend users to unserialize arbitrary objects |
| CVE-2014-9508 |
medium |
— |
4.3 |
|
|
|
12y ago |
Typo3 Open Redirect In Frontend Rendering |
| CVE-2013-7341 |
medium |
— |
4.3 |
|
|
|
12y ago |
Moodle cross-site scripting (XSS) vulnerabilities |
| CVE-2012-3531 |
medium |
— |
4.3 |
|
|
|
14y ago |
Typo3 Install Tool XSS Vulnerability |
| CVE-2012-3530 |
medium |
— |
4.3 |
|
|
|
14y ago |
Typo3 API XSS Vulnerability |
| CVE-2012-2112 |
medium |
— |
4.3 |
|
|
|
14y ago |
Typo3 Exception Handler XSS |
| CVE-2014-3946 |
medium |
— |
4.0 |
|
|
|
12y ago |
Typo3 Information Disclosure |
| CVE-2014-3945 |
medium |
— |
4.0 |
|
|
|
12y ago |
TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash |
| CVE-2012-6146 |
medium |
— |
4.0 |
|
|
|
12y ago |
Typo3 Backend History Module Vulnerable to XSS |
| CVE-2013-7073 |
medium |
— |
4.0 |
|
|
|
13y ago |
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component |
| CVE-2010-5101 |
medium |
— |
4.0 |
|
|
|
14y ago |
TYPO3 Directory Traversal vulnerability |
| CVE-2015-5956 |
low |
— |
3.5 |
|
|
|
11y ago |
TYPO3 cross-site scripting (XSS) |
| CVE-2014-3943 |
low |
— |
3.5 |
|
|
|
12y ago |
Typo3 XSS Vulnerabilities |
| CVE-2013-7074 |
low |
— |
3.5 |
|
|
|
13y ago |
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component |
| CVE-2012-6148 |
low |
— |
3.5 |
|
|
|
13y ago |
Typo3 Function Menu API XSS Vulnerability |
| CVE-2012-6147 |
low |
— |
3.5 |
|
|
|
13y ago |
Typo3 Backend API XSS Vulnerability |
| CVE-2012-6145 |
low |
— |
3.5 |
|
|
|
13y ago |
Typo3 Backend History Module Vulnerable to XSS |
| CVE-2012-3529 |
low |
— |
3.5 |
|
|
|
14y ago |
Typo3 Backend Configuration XSS Vulnerability |
| CVE-2012-3528 |
low |
— |
3.5 |
|
|
|
14y ago |
Typo3 Backend XSS Vulnerability |
| CVE-2012-1606 |
low |
— |
3.5 |
|
|
|
14y ago |
Typo3 Backend XSS Vulnerabilities |
| CVE-2009-0815 |
unknown |
— |
1.0 |
|
|
|
4y ago |
TYPO3 leaks a hash secret in an error message |
| CVE-2023-24814 |
unknown |
— |
— |
|
|
|
3y ago |
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering |
| CVE-2022-47406 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 vulnerable to Insufficient Session Expiration |
| CVE-2022-23504 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration |
| CVE-2022-23503 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework |
| CVE-2022-23502 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset |
| CVE-2022-23501 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login |
| CVE-2022-23500 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling |
| CVE-2022-23499 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting |
| CVE-2022-36020 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection |
| CVE-2022-36104 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling |
| CVE-2022-36105 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS vulnerable to User Enumeration via Response Timing |
| CVE-2022-36106 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS missing check for expiration time of password reset token for backend users |
| CVE-2022-36107 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController |
| CVE-2022-36108 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper |
| CVE-2022-31050 |
unknown |
— |
— |
|
|
|
4y ago |
Insufficient Session Expiration in TYPO3's Admin Tool |
| CVE-2022-31049 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-Site Scripting in TYPO3's Frontend Login Mailer |
| CVE-2022-31048 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-Site Scripting in TYPO3's Form Framework |
| CVE-2022-31047 |
unknown |
— |
— |
|
|
|
4y ago |
Insertion of Sensitive Information into Log File in typo3/cms-core |
| CVE-2022-31046 |
unknown |
— |
— |
|
|
|
4y ago |
Information Disclosure via Export Module |
| CVE-2019-12747 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 Vulnerable to Insecure Deserialization |
| CVE-2019-12748 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 Cross-Site Scripting in Link Handling |
| CVE-2019-11832 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 Image Processing susceptible to Code Execution |
| CVE-2020-8091 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 Cross-Site Scripting in Flash component (ELTS) |
| CVE-2019-19850 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 SQL Injection in low-level Query Generator |
| CVE-2019-19849 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 Insecure Deserialization in Query Generator & Query View |
| CVE-2019-19848 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 Directory Traversal on ZIP extraction |
| CVE-2018-6905 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 XSS Vulnerability |
| CVE-2009-3635 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential |
| CVE-2009-0816 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 Backend XSS Vulnerability |
| CVE-2009-0258 |
unknown |
— |
— |
|
|
|
4y ago |
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection |
| CVE-2009-0256 |
unknown |
— |
— |
|
|
|
4y ago |
Authentication library in TYPO3 vulnerable to session fixation |
| CVE-2005-4875 |
unknown |
— |
— |
|
|
|
4y ago |
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/` |
| CVE-2011-3583 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 SQL injection due to faulty prepared statements |
| CVE-2011-4900 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 Information Disclosure |
| CVE-2011-4902 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 Arbitrary File Delete |
| CVE-2011-4903 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 XSS in RemoveXSS function |
| CVE-2011-4904 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 Improper Access Control |
| CVE-2011-4630 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 XSS Vulnerability |
| CVE-2011-4628 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 Authentication Bypass |
| CVE-2011-4901 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 Arbitrary Information Disclosure |
| CVE-2011-4632 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 XSS Vulnerabilities |
| CVE-2011-4627 |
unknown |
— |
— |
|
|
|
4y ago |
Typo3 Information Disclosure |
| CVE-2021-41113 |
unknown |
— |
— |
|
|
|
5y ago |
Cross-Site-Request-Forgery in Backend |
| CVE-2021-41114 |
unknown |
— |
— |
|
|
|
5y ago |
HTTP Host Header Injection |
| CVE-2021-32768 |
unknown |
— |
— |
|
|
|
5y ago |
Cross-Site Scripting via Rich-Text Content |
| CVE-2021-32767 |
unknown |
— |
— |
|
|
|
5y ago |
Information Disclosure in User Authentication |
| CVE-2021-32669 |
unknown |
— |
— |
|
|
|
5y ago |
Cross-Site Scripting in Backend Grid View |
| CVE-2021-32668 |
unknown |
— |
— |
|
|
|
5y ago |
Cross-Site Scripting in Query Generator & Query View |
| CVE-2021-32667 |
unknown |
— |
— |
|
|
|
5y ago |
Cross-Site Scripting in Page Preview |
| CVE-2021-21370 |
unknown |
— |
— |
|
|
|
5y ago |
Cross-Site Scripting in Content Preview (CType menu) |
| CVE-2021-21359 |
unknown |
— |
— |
|
|
|
5y ago |
Denial of Service in Page Error Handling |
| CVE-2021-21358 |
unknown |
— |
— |
|
|
|
5y ago |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form |
| CVE-2021-21357 |
unknown |
— |
— |
|
|
|
5y ago |
Broken Access Control in Form Framework |
| CVE-2021-21355 |
unknown |
— |
— |
|
|
|
5y ago |
Unrestricted File Upload in Form Framework |
| CVE-2021-21340 |
unknown |
— |
— |
|
|
|
5y ago |
Cross-Site Scripting in Content Preview |
| CVE-2021-21339 |
unknown |
— |
— |
|
|
|
5y ago |
Cleartext storage of session identifier |
