| CVE-2012-1082 |
low |
— |
3.5 |
|
|
typo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspec… |
| CVE-2012-1081 |
medium |
— |
4.3 |
|
|
roderick_brauntypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspec… |
| CVE-2012-1080 |
medium |
— |
4.3 |
|
|
typo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1079 |
medium |
— |
6.5 |
|
|
helmut_hummeltypo3 |
15y ago |
Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. |
| CVE-2012-1078 |
medium |
— |
5.0 |
|
|
claus_duetypo3 |
15y ago |
The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup o… |
| CVE-2012-1077 |
high |
— |
7.5 |
|
|
manfred_eggertypo3 |
15y ago |
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1076 |
medium |
— |
4.3 |
|
|
robert_gondatypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1075 |
high |
— |
7.5 |
|
|
robert_gondatypo3 |
15y ago |
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1074 |
high |
— |
7.5 |
|
|
typo3 |
15y ago |
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1073 |
medium |
— |
4.3 |
|
|
typo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vec… |
| CVE-2012-1072 |
high |
— |
7.5 |
|
|
typo3 |
15y ago |
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1071 |
high |
— |
7.5 |
|
|
mathieu_vidaltypo3 |
15y ago |
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the … |
| CVE-2012-1070 |
medium |
— |
4.3 |
|
|
netcreatorstypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci… |
| CVE-2011-5080 |
medium |
— |
4.3 |
|
|
juergen_furrertypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary w… |
| CVE-2011-5079 |
medium |
— |
5.8 |
|
|
netcreatorstypo3 |
15y ago |
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing a… |
| CVE-2010-4962 |
high |
— |
7.5 |
|
|
dev-team_typoheadstypo3 |
15y ago |
Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands |
| CVE-2010-4961 |
high |
— |
7.5 |
|
|
dev-team_typoheadstypo3 |
15y ago |
Webkit PDFs for TYPO3 has SQL Injection vulnerability |
| CVE-2010-4960 |
medium |
— |
4.3 |
|
|
martin_hessetypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via … |
| CVE-2010-4957 |
high |
— |
7.5 |
|
|
nadine_schwinglertypo3 |
15y ago |
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4956 |
medium |
— |
4.3 |
|
|
nadine_schwinglertypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vector… |
| CVE-2010-4952 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
15y ago |
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4951 |
medium |
— |
4.3 |
|
|
thomas_mammitzschtypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vect… |
| CVE-2010-4950 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
15y ago |
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4892 |
medium |
— |
4.3 |
|
|
alex_kellnertypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4891 |
high |
— |
7.5 |
|
|
andreas_kiefertypo3 |
15y ago |
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4890 |
medium |
— |
4.3 |
|
|
andreas_kiefertypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4888 |
high |
— |
7.5 |
|
|
marco_hezeltypo3 |
15y ago |
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4887 |
high |
— |
7.5 |
|
|
raphael_zschorschtypo3 |
15y ago |
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vector… |
| CVE-2010-4886 |
medium |
— |
4.3 |
|
|
peter_proelltypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or … |
| CVE-2010-4885 |
medium |
— |
4.3 |
|
|
peter_proelltypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-3980 |
high |
— |
7.5 |
|
|
jerome_schneidertypo3 |
15y ago |
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. |
| CVE-2011-1722 |
high |
— |
7.5 |
|
|
webempoweredchurchtypo3 |
15y ago |
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors,… |
| CVE-2010-4068 |
medium |
— |
4.9 |
|
|
typo3 |
16y ago |
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbi… |
| CVE-2010-3717 |
medium |
— |
5.0 |
|
|
typo3 |
16y ago |
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, whi… |
| CVE-2010-3716 |
medium |
— |
6.0 |
|
|
typo3 |
16y ago |
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrar… |
| CVE-2010-3715 |
medium |
— |
4.3 |
|
|
typo3 |
16y ago |
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend |
| CVE-2010-3714 |
high |
— |
8.1 |
EXP |
|
typo3 |
16y ago |
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism |
| CVE-2010-3687 |
medium |
— |
5.0 |
|
|
alex_kellnertypo3 |
16y ago |
Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validate… |
| CVE-2010-3605 |
medium |
— |
4.3 |
|
|
alex_kellnertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-3604 |
high |
— |
7.5 |
|
|
alex_kellnertypo3 |
16y ago |
powermail extension for TYPO3 vulnerable to SQL Injection |
| CVE-2009-4971 |
high |
— |
7.5 |
|
|
vincent_tietztypo3 |
16y ago |
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4970 |
high |
— |
7.5 |
|
|
typo3-machertypo3 |
16y ago |
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4969 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4968 |
high |
— |
7.5 |
|
|
christian_ehmanntypo3 |
16y ago |
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4967 |
high |
— |
7.5 |
|
|
jochen_riegertypo3 |
16y ago |
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4966 |
high |
— |
7.5 |
|
|
elementetypo3 |
16y ago |
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4965 |
high |
— |
7.5 |
|
|
thomas_waggershausertypo3 |
16y ago |
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4963 |
low |
— |
3.5 |
|
|
typo3 |
16y ago |
Commerce extension for TYPO3 vulnerable to Cross-site Scripting |
| CVE-2009-4959 |
high |
— |
7.5 |
|
|
stefan_kochtypo3 |
16y ago |
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4956 |
medium |
— |
4.3 |
|
|
wapplersystemstypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4955 |
high |
— |
7.5 |
|
|
thomas_hempeltypo3 |
16y ago |
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4954 |
high |
— |
7.5 |
|
|
websedittypo3 |
16y ago |
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4953 |
medium |
— |
4.3 |
|
|
stefan_geithtypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vec… |
| CVE-2009-4951 |
medium |
— |
5.0 |
|
|
hans_olthofftypo3 |
16y ago |
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2009-4950 |
high |
— |
7.5 |
|
|
tim_lochmueller_\&_thomas_busstypo3 |
16y ago |
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecifie… |
| CVE-2009-4949 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
16y ago |
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4948 |
medium |
— |
4.3 |
|
|
joachim_ruhstypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-2131 |
high |
— |
7.5 |
|
|
mario_matzullatypo3 |
16y ago |
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. |
| CVE-2009-4855 |
high |
— |
8.5 |
EXP |
|
typo3 |
16y ago |
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating … |
| CVE-2009-4804 |
medium |
— |
4.3 |
|
|
mario_matzullamicrosofttypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML … |
| CVE-2009-4803 |
high |
— |
7.5 |
|
|
andreas_schwarzkopftypo3 |
16y ago |
Accessibility Glossary (a21glossary) SQL injection vulnerability |
| CVE-2009-4802 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
16y ago |
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1153 |
medium |
— |
6.8 |
|
|
typo3 |
16y ago |
TYPO3 PHP remote file inclusion vulnerability |
| CVE-2010-1218 |
medium |
— |
4.3 |
|
|
mm_forumtypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4740 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors. |
| CVE-2010-1027 |
high |
— |
7.5 |
|
|
dietmar_schffertypo3 |
16y ago |
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1026 |
high |
— |
7.5 |
|
|
mathon_nicolastypo3 |
16y ago |
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1025 |
medium |
— |
4.3 |
|
|
chris_wederkatypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1024 |
high |
— |
7.5 |
|
|
chris_wederkatypo3 |
16y ago |
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1022 |
high |
— |
7.5 |
|
|
marcus_krausetypo3 |
16y ago |
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. |
| CVE-2010-1021 |
medium |
— |
4.3 |
|
|
mads_brunntypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1020 |
medium |
— |
4.3 |
|
|
sk-typo3typo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified … |
| CVE-2010-1019 |
high |
— |
7.5 |
|
|
sk-typo3typo3 |
16y ago |
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1018 |
high |
— |
7.5 |
|
|
jochen_rautypo3 |
16y ago |
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1017 |
high |
— |
7.5 |
|
|
laurent_foulloytypo3 |
16y ago |
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1016 |
high |
— |
7.5 |
|
|
laurent_foulloytypo3 |
16y ago |
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1015 |
high |
— |
7.5 |
|
|
laurent_foulloytypo3 |
16y ago |
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1014 |
medium |
— |
4.3 |
|
|
steffen_kampertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci… |
| CVE-2010-1013 |
high |
— |
7.5 |
|
|
fr.simon_rundelltypo3 |
16y ago |
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vect… |
| CVE-2010-1012 |
high |
— |
7.5 |
|
|
mathias_schreibertypo3 |
16y ago |
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1011 |
medium |
— |
4.3 |
|
|
tim_lochmuellertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1010 |
high |
— |
7.5 |
|
|
matthias_kalltypo3 |
16y ago |
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1009 |
high |
— |
7.5 |
|
|
joachim-ruhstypo3 |
16y ago |
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1008 |
medium |
— |
4.3 |
|
|
christian_hennecketypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unsp… |
| CVE-2010-1007 |
medium |
— |
5.0 |
|
|
chi_hoangtypo3 |
16y ago |
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2010-1006 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1005 |
medium |
— |
4.3 |
|
|
mischa_heimanntypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified… |
| CVE-2010-1004 |
high |
— |
7.5 |
|
|
mischa_heimanntypo3 |
16y ago |
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4711 |
high |
— |
7.5 |
|
|
jan_bednariktypo3 |
16y ago |
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability tha… |
| CVE-2009-4710 |
high |
— |
7.5 |
|
|
robert_heeltypo3 |
16y ago |
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4709 |
high |
— |
7.5 |
|
|
dirk_maiwerttypo3 |
16y ago |
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4708 |
high |
— |
7.5 |
|
|
maximo_cuadrostypo3 |
16y ago |
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecif… |
| CVE-2009-4707 |
medium |
— |
4.3 |
|
|
maximo_cuadrostypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or… |
| CVE-2009-4706 |
medium |
— |
4.3 |
|
|
sebastian_winterhaldertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4705 |
medium |
— |
4.3 |
|
|
thomas_loefflertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4704 |
medium |
— |
5.0 |
|
|
typo3 |
16y ago |
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2009-4703 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4702 |
high |
— |
7.5 |
|
|
markus_barchfeldtypo3 |
16y ago |
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4701 |
high |
— |
7.5 |
|
|
liviu_mitrofantypo3 |
16y ago |
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0798 |
high |
— |
7.5 |
|
|
snowflaketypo3 |
17y ago |
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
