| CVE-2010-4068 |
medium |
— |
4.9 |
|
|
typo3 |
16y ago |
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbi… |
| CVE-2010-3717 |
medium |
— |
5.0 |
|
|
typo3 |
16y ago |
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, whi… |
| CVE-2010-3716 |
medium |
— |
6.0 |
|
|
typo3 |
16y ago |
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrar… |
| CVE-2010-3715 |
medium |
— |
4.3 |
|
|
typo3 |
16y ago |
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend |
| CVE-2010-3687 |
medium |
— |
5.0 |
|
|
alex_kellnertypo3 |
16y ago |
Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validate… |
| CVE-2010-3605 |
medium |
— |
4.3 |
|
|
alex_kellnertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4963 |
low |
— |
3.5 |
|
|
typo3 |
16y ago |
Commerce extension for TYPO3 vulnerable to Cross-site Scripting |
| CVE-2009-4956 |
medium |
— |
4.3 |
|
|
wapplersystemstypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4953 |
medium |
— |
4.3 |
|
|
stefan_geithtypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vec… |
| CVE-2009-4952 |
critical |
— |
10.0 |
|
|
serge_gebhardttypo3 |
16y ago |
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. |
| CVE-2009-4951 |
medium |
— |
5.0 |
|
|
hans_olthofftypo3 |
16y ago |
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2009-4948 |
medium |
— |
4.3 |
|
|
joachim_ruhstypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4804 |
medium |
— |
4.3 |
|
|
mario_matzullamicrosofttypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML … |
| CVE-2010-1153 |
medium |
— |
6.8 |
|
|
typo3 |
16y ago |
TYPO3 PHP remote file inclusion vulnerability |
| CVE-2010-1218 |
medium |
— |
4.3 |
|
|
mm_forumtypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1025 |
medium |
— |
4.3 |
|
|
chris_wederkatypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1021 |
medium |
— |
4.3 |
|
|
mads_brunntypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1020 |
medium |
— |
4.3 |
|
|
sk-typo3typo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified … |
| CVE-2010-1014 |
medium |
— |
4.3 |
|
|
steffen_kampertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci… |
| CVE-2010-1011 |
medium |
— |
4.3 |
|
|
tim_lochmuellertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-1008 |
medium |
— |
4.3 |
|
|
christian_hennecketypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unsp… |
| CVE-2010-1007 |
medium |
— |
5.0 |
|
|
chi_hoangtypo3 |
16y ago |
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2010-1005 |
medium |
— |
4.3 |
|
|
mischa_heimanntypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified… |
| CVE-2009-4707 |
medium |
— |
4.3 |
|
|
maximo_cuadrostypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or… |
| CVE-2009-4706 |
medium |
— |
4.3 |
|
|
sebastian_winterhaldertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4705 |
medium |
— |
4.3 |
|
|
thomas_loefflertypo3 |
16y ago |
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-4704 |
medium |
— |
5.0 |
|
|
typo3 |
16y ago |
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2010-0797 |
medium |
— |
4.3 |
|
|
snowflaketypo3 |
17y ago |
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0286 |
medium |
— |
5.1 |
|
|
typo3 |
17y ago |
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack … |
