| CVE-2010-4961 |
high |
— |
7.5 |
|
|
dev-team_typoheadstypo3 |
15y ago |
Webkit PDFs for TYPO3 has SQL Injection vulnerability |
| CVE-2010-4960 |
medium |
— |
4.3 |
|
|
martin_hessetypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via … |
| CVE-2010-4957 |
high |
— |
7.5 |
|
|
nadine_schwinglertypo3 |
15y ago |
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4956 |
medium |
— |
4.3 |
|
|
nadine_schwinglertypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vector… |
| CVE-2010-4952 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
15y ago |
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4951 |
medium |
— |
4.3 |
|
|
thomas_mammitzschtypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vect… |
| CVE-2010-4950 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
15y ago |
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4892 |
medium |
— |
4.3 |
|
|
alex_kellnertypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4891 |
high |
— |
7.5 |
|
|
andreas_kiefertypo3 |
15y ago |
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4890 |
medium |
— |
4.3 |
|
|
andreas_kiefertypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4888 |
high |
— |
7.5 |
|
|
marco_hezeltypo3 |
15y ago |
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4887 |
high |
— |
7.5 |
|
|
raphael_zschorschtypo3 |
15y ago |
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vector… |
| CVE-2010-4886 |
medium |
— |
4.3 |
|
|
peter_proelltypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or … |
| CVE-2010-4885 |
medium |
— |
4.3 |
|
|
peter_proelltypo3 |
15y ago |
Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-3980 |
high |
— |
7.5 |
|
|
jerome_schneidertypo3 |
15y ago |
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. |
| CVE-2011-1722 |
high |
— |
7.5 |
|
|
webempoweredchurchtypo3 |
15y ago |
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors,… |
| CVE-2010-4068 |
medium |
— |
4.9 |
|
|
typo3 |
16y ago |
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbi… |
| CVE-2010-3717 |
medium |
— |
5.0 |
|
|
typo3 |
16y ago |
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, whi… |
| CVE-2010-3716 |
medium |
— |
6.0 |
|
|
typo3 |
16y ago |
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrar… |
| CVE-2010-3715 |
medium |
— |
4.3 |
|
|
typo3 |
16y ago |
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend |
| CVE-2010-3714 |
high |
— |
8.1 |
EXP |
|
typo3 |
16y ago |
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism |
| CVE-2010-3687 |
medium |
— |
5.0 |
|
|
alex_kellnertypo3 |
16y ago |
Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validate… |
| CVE-2010-3605 |
medium |
— |
4.3 |
|
|
alex_kellnertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-3604 |
high |
— |
7.5 |
|
|
alex_kellnertypo3 |
16y ago |
powermail extension for TYPO3 vulnerable to SQL Injection |
| CVE-2009-4971 |
high |
— |
7.5 |
|
|
vincent_tietztypo3 |
16y ago |
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4970 |
high |
— |
7.5 |
|
|
typo3-machertypo3 |
16y ago |
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4969 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4968 |
high |
— |
7.5 |
|
|
christian_ehmanntypo3 |
16y ago |
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4967 |
high |
— |
7.5 |
|
|
jochen_riegertypo3 |
16y ago |
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4966 |
high |
— |
7.5 |
|
|
elementetypo3 |
16y ago |
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4965 |
high |
— |
7.5 |
|
|
thomas_waggershausertypo3 |
16y ago |
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4959 |
high |
— |
7.5 |
|
|
stefan_kochtypo3 |
16y ago |
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4956 |
medium |
— |
4.3 |
|
|
wapplersystemstypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4955 |
high |
— |
7.5 |
|
|
thomas_hempeltypo3 |
16y ago |
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4954 |
high |
— |
7.5 |
|
|
websedittypo3 |
16y ago |
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4953 |
medium |
— |
4.3 |
|
|
stefan_geithtypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vec… |
| CVE-2009-4951 |
medium |
— |
5.0 |
|
|
hans_olthofftypo3 |
16y ago |
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2009-4950 |
high |
— |
7.5 |
|
|
tim_lochmueller_\&_thomas_busstypo3 |
16y ago |
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecifie… |
| CVE-2009-4949 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
16y ago |
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4948 |
medium |
— |
4.3 |
|
|
joachim_ruhstypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-2131 |
high |
— |
7.5 |
|
|
mario_matzullatypo3 |
16y ago |
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. |
| CVE-2009-4855 |
high |
— |
8.5 |
EXP |
|
typo3 |
16y ago |
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating … |
| CVE-2009-4804 |
medium |
— |
4.3 |
|
|
mario_matzullamicrosofttypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML … |
| CVE-2009-4803 |
high |
— |
7.5 |
|
|
andreas_schwarzkopftypo3 |
16y ago |
Accessibility Glossary (a21glossary) SQL injection vulnerability |
| CVE-2009-4802 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
16y ago |
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1153 |
medium |
— |
6.8 |
|
|
typo3 |
16y ago |
TYPO3 PHP remote file inclusion vulnerability |
| CVE-2010-1218 |
medium |
— |
4.3 |
|
|
mm_forumtypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4740 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors. |
| CVE-2010-1027 |
high |
— |
7.5 |
|
|
dietmar_schffertypo3 |
16y ago |
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1026 |
high |
— |
7.5 |
|
|
mathon_nicolastypo3 |
16y ago |
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1025 |
medium |
— |
4.3 |
|
|
chris_wederkatypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1024 |
high |
— |
7.5 |
|
|
chris_wederkatypo3 |
16y ago |
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1022 |
high |
— |
7.5 |
|
|
marcus_krausetypo3 |
16y ago |
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. |
| CVE-2010-1021 |
medium |
— |
4.3 |
|
|
mads_brunntypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1020 |
medium |
— |
4.3 |
|
|
sk-typo3typo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified … |
| CVE-2010-1019 |
high |
— |
7.5 |
|
|
sk-typo3typo3 |
16y ago |
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1018 |
high |
— |
7.5 |
|
|
jochen_rautypo3 |
16y ago |
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1017 |
high |
— |
7.5 |
|
|
laurent_foulloytypo3 |
16y ago |
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1016 |
high |
— |
7.5 |
|
|
laurent_foulloytypo3 |
16y ago |
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1015 |
high |
— |
7.5 |
|
|
laurent_foulloytypo3 |
16y ago |
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1014 |
medium |
— |
4.3 |
|
|
steffen_kampertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci… |
| CVE-2010-1013 |
high |
— |
7.5 |
|
|
fr.simon_rundelltypo3 |
16y ago |
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vect… |
| CVE-2010-1012 |
high |
— |
7.5 |
|
|
mathias_schreibertypo3 |
16y ago |
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1011 |
medium |
— |
4.3 |
|
|
tim_lochmuellertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1010 |
high |
— |
7.5 |
|
|
matthias_kalltypo3 |
16y ago |
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1009 |
high |
— |
7.5 |
|
|
joachim-ruhstypo3 |
16y ago |
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1008 |
medium |
— |
4.3 |
|
|
christian_hennecketypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unsp… |
| CVE-2010-1007 |
medium |
— |
5.0 |
|
|
chi_hoangtypo3 |
16y ago |
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2010-1006 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1005 |
medium |
— |
4.3 |
|
|
mischa_heimanntypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified… |
| CVE-2010-1004 |
high |
— |
7.5 |
|
|
mischa_heimanntypo3 |
16y ago |
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4711 |
high |
— |
7.5 |
|
|
jan_bednariktypo3 |
16y ago |
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability tha… |
| CVE-2009-4710 |
high |
— |
7.5 |
|
|
robert_heeltypo3 |
16y ago |
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4709 |
high |
— |
7.5 |
|
|
dirk_maiwerttypo3 |
16y ago |
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4708 |
high |
— |
7.5 |
|
|
maximo_cuadrostypo3 |
16y ago |
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecif… |
| CVE-2009-4707 |
medium |
— |
4.3 |
|
|
maximo_cuadrostypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or… |
| CVE-2009-4706 |
medium |
— |
4.3 |
|
|
sebastian_winterhaldertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4705 |
medium |
— |
4.3 |
|
|
thomas_loefflertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4704 |
medium |
— |
5.0 |
|
|
typo3 |
16y ago |
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2009-4703 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4702 |
high |
— |
7.5 |
|
|
markus_barchfeldtypo3 |
16y ago |
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4701 |
high |
— |
7.5 |
|
|
liviu_mitrofantypo3 |
16y ago |
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0798 |
high |
— |
7.5 |
|
|
snowflaketypo3 |
17y ago |
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0797 |
medium |
— |
4.3 |
|
|
snowflaketypo3 |
17y ago |
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0286 |
medium |
— |
5.1 |
|
|
typo3 |
17y ago |
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack … |
