VIR Vulnerability Intelligence Relay

Search

Found 124 results in 15ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2010-3659 medium 5.4 5.4 typo3 9y ago TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms
CVE-2017-6370 medium 5.3 5.3 typo3 9y ago TYPO3 Information Disclosure Vulnerability
CVE-2016-4056 medium 6.1 6.1 typo3 10y ago TYPO3 Backend component Cross-site scripting (XSS) vulnerability
CVE-2015-8760 medium 6.1 6.1 typo3 11y ago TYPO3 allows remote attackers to embed Flash videos from external domain
CVE-2015-8759 medium 5.4 5.4 typo3 11y ago TYPO3 Cross-site Scripting vulnerability
CVE-2015-8758 medium 5.4 5.4 typo3 11y ago Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web scr…
CVE-2015-8757 medium 6.1 6.1 typo3 11y ago Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
CVE-2015-8756 medium 5.4 5.4 typo3 11y ago TYPO3 CMS indexed search Cross-site Scripting vulnerability
CVE-2015-8755 medium 5.4 5.4 typo3 11y ago Typo3 XSS Vulnerability
CVE-2015-5956 low 3.5 typo3 11y ago TYPO3 cross-site scripting (XSS)
CVE-2015-2821 medium 6.5 typo3 11y ago TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.
CVE-2015-2047 low 2.6 debian debian typo3 11y ago The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authenti…
CVE-2014-9508 medium 4.3 typo3 12y ago Typo3 Open Redirect In Frontend Rendering
CVE-2014-3949 low 3.5 jo_hasenautypo3 12y ago Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to …
CVE-2014-3948 medium 4.3 alex_kellnertypo3 12y ago Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or H…
CVE-2014-3946 medium 4.0 typo3 12y ago Typo3 Information Disclosure
CVE-2014-3945 medium 4.0 typo3 12y ago TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash
CVE-2014-3944 medium 5.8 typo3 12y ago TYPO3 Improper Session Invalidation
CVE-2014-3943 low 3.5 typo3 12y ago Typo3 XSS Vulnerabilities
CVE-2014-3942 medium 6.0 typo3 12y ago TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
CVE-2014-3941 medium 5.0 typo3 12y ago Typo3 Host Header Spoofing Vulnerability
CVE-2013-4321 medium 6.5 typo3 12y ago TYPO3 vulnerable to remote authenticated arbitrary code execution
CVE-2013-4320 medium 5.5 typo3 12y ago TYPO3 Improper Access Management in the File Abstraction Layer
CVE-2013-4250 medium 6.5 typo3 12y ago TYPO3 doesn't properly check file extensions
CVE-2012-6146 medium 4.0 typo3 12y ago Typo3 Backend History Module Vulnerable to XSS
CVE-2013-7078 low 2.6 typo3 13y ago TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
CVE-2013-7081 medium 4.9 typo3 13y ago TYPO3 Improper Access Control vulnerability
CVE-2013-7080 medium 5.8 typo3 13y ago TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
CVE-2013-7079 medium 5.8 typo3 13y ago TYPO3 OpenID extension Open redirect vulnerability
CVE-2013-7075 medium 6.5 typo3 13y ago TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
CVE-2013-7073 medium 4.0 typo3 13y ago TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
CVE-2013-7082 medium 4.3 typo3 13y ago TYPO3 Flow Cross-site scripting (XSS) vulnerability
CVE-2013-7077 medium 4.3 typo3 13y ago TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
CVE-2013-7076 medium 4.3 typo3 13y ago Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vecto…
CVE-2013-7074 low 3.5 typo3 13y ago TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
CVE-2013-6289 medium 4.3 ingo_rennertypo3 13y ago Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
CVE-2013-5570 medium 4.3 axel_jungtypo3 13y ago Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5323 medium 4.3 stanislas_rollandtypo3 13y ago Static Info Tables (static_info_tables) extension TYPO3 vulnerable to Cross-site Scripting
CVE-2013-5308 medium 4.3 juralsulektypo3 13y ago Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
CVE-2013-5307 medium 4.3 kennziffertypo3 13y ago Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5305 medium 4.3 joachim_ruhstypo3 13y ago Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4871 medium 6.8 markus_blaschketypo3 13y ago Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims …
CVE-2013-4749 medium 4.3 usertask_center_messaging_projecttypo3 13y ago Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unsp…
CVE-2013-4747 medium 4.3 kasper_skarhojtypo3 13y ago Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arb…
CVE-2013-4746 medium 4.3 kurt_gusbethtypo3 13y ago Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6148 low 3.5 typo3 13y ago Typo3 Function Menu API XSS Vulnerability
CVE-2012-6147 low 3.5 typo3 13y ago Typo3 Backend API XSS Vulnerability
CVE-2012-6145 low 3.5 typo3 13y ago Typo3 Backend History Module Vulnerable to XSS
CVE-2012-6144 medium 6.5 typo3 13y ago Typo3 Backend History Module Vulnerable to SQL Injection
CVE-2012-6577 medium 6.0 typoheadstypo3 13y ago SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4680 medium 6.4 urs_maagtypo3 13y ago Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ve…
CVE-2013-1843 medium 6.4 typo3 13y ago TYPO3 Open redirect vulnerability in the Access tracking mechanism
CVE-2012-5890 medium 5.0 stanislas_rollandtypo3 14y ago Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords
CVE-2012-5889 medium 4.3 alex_kellnertypo3 14y ago powermail extension for TYPO3 has Cross-site Scripting vulnerability
CVE-2012-5888 medium 4.3 benjamin_macktypo3 14y ago Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting
CVE-2012-3531 medium 4.3 typo3 14y ago Typo3 Install Tool XSS Vulnerability
CVE-2012-3530 medium 4.3 typo3 14y ago Typo3 API XSS Vulnerability
CVE-2012-3529 low 3.5 typo3 14y ago Typo3 Backend Configuration XSS Vulnerability
CVE-2012-3528 low 3.5 typo3 14y ago Typo3 Backend XSS Vulnerability
CVE-2012-3527 medium 4.6 debian debian typo3 14y ago TYPO3 allows remote authenticated backend users to unserialize arbitrary objects
CVE-2012-1608 medium 5.0 typo3 14y ago Typo3 API XSS Vulnerabilities
CVE-2012-1607 medium 5.0 typo3 14y ago TYPO3 allows remote attackers to obtain the database name via a direct request
CVE-2012-1606 low 3.5 typo3 14y ago Typo3 Backend XSS Vulnerabilities
CVE-2012-1605 medium 5.0 typo3 14y ago Typo3 Extbase Framework Unsafe Deserialization
CVE-2012-2112 medium 4.3 typo3 14y ago Typo3 Exception Handler XSS
CVE-2010-5099 medium 7.8 EXP typo3 14y ago TYPO3 Path Traversal vulnerability
CVE-2010-5104 medium 4.3 typo3 14y ago TYPO3 Sensitive Information Disclosure via escapeStrForLike method
CVE-2010-5103 medium 6.0 typo3 14y ago TYPO3 SQL Injection vulnerability
CVE-2010-5102 medium 5.0 typo3 14y ago Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arb…
CVE-2010-5101 medium 4.0 typo3 14y ago TYPO3 Directory Traversal vulnerability
CVE-2010-5100 low 3.5 typo3 14y ago TYPO3 Cross-Site Scripting vulnerability in the Install Tool
CVE-2010-5098 low 3.5 typo3 14y ago TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object
CVE-2010-5097 low 2.6 typo3 14y ago TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality
CVE-2011-4614 medium 7.8 EXP typo3 15y ago PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.…
CVE-2012-1087 medium 4.3 bluechiptypo3 15y ago Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via un…
CVE-2012-1086 medium 4.3 typo3 15y ago Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1085 medium 5.0 typo3 15y ago Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2012-1084 medium 4.3 typo3 15y ago Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1083 medium 6.8 typo3 15y ago Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims …
CVE-2012-1082 low 3.5 typo3 15y ago Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspec…
CVE-2012-1081 medium 4.3 roderick_brauntypo3 15y ago Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspec…
CVE-2012-1080 medium 4.3 typo3 15y ago Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1079 medium 6.5 helmut_hummeltypo3 15y ago Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
CVE-2012-1078 medium 5.0 claus_duetypo3 15y ago The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup o…
CVE-2012-1076 medium 4.3 robert_gondatypo3 15y ago Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1073 medium 4.3 typo3 15y ago Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vec…
CVE-2012-1070 medium 4.3 netcreatorstypo3 15y ago Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
CVE-2011-5080 medium 4.3 juergen_furrertypo3 15y ago Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary w…
CVE-2011-5079 medium 5.8 netcreatorstypo3 15y ago Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing a…
CVE-2010-4960 medium 4.3 martin_hessetypo3 15y ago Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via …
CVE-2010-4956 medium 4.3 nadine_schwinglertypo3 15y ago Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vector…
CVE-2010-4951 medium 4.3 thomas_mammitzschtypo3 15y ago Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
CVE-2010-4892 medium 4.3 alex_kellnertypo3 15y ago Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4890 medium 4.3 andreas_kiefertypo3 15y ago Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4886 medium 4.3 peter_proelltypo3 15y ago Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or …
CVE-2010-4885 medium 4.3 peter_proelltypo3 15y ago Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4068 medium 4.9 typo3 16y ago Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbi…
CVE-2010-3717 medium 5.0 typo3 16y ago The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, whi…
CVE-2010-3716 medium 6.0 typo3 16y ago The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrar…
CVE-2010-3715 medium 4.3 typo3 16y ago TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend