Search

Found 107 results in 43ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2010-3659	medium	5.4	5.4			typo3	9y ago	TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms
CVE-2017-6370	medium	5.3	5.3			typo3	9y ago	TYPO3 Information Disclosure Vulnerability
CVE-2016-4056	medium	6.1	6.1			typo3	10y ago	TYPO3 Backend component Cross-site scripting (XSS) vulnerability
CVE-2015-8760	medium	6.1	6.1			typo3	11y ago	TYPO3 allows remote attackers to embed Flash videos from external domain
CVE-2015-8759	medium	5.4	5.4			typo3	11y ago	TYPO3 Cross-site Scripting vulnerability
CVE-2015-8758	medium	5.4	5.4			typo3	11y ago	Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web scr…
CVE-2015-8757	medium	6.1	6.1			typo3	11y ago	Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
CVE-2015-8756	medium	5.4	5.4			typo3	11y ago	TYPO3 CMS indexed search Cross-site Scripting vulnerability
CVE-2015-8755	medium	5.4	5.4			typo3	11y ago	Typo3 XSS Vulnerability
CVE-2015-2821	medium	—	6.5			typo3	11y ago	TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.
CVE-2014-9508	medium	—	4.3			typo3	12y ago	Typo3 Open Redirect In Frontend Rendering
CVE-2014-3948	medium	—	4.3			alex_kellnertypo3	12y ago	Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or H…
CVE-2014-3946	medium	—	4.0			typo3	12y ago	Typo3 Information Disclosure
CVE-2014-3945	medium	—	4.0			typo3	12y ago	TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash
CVE-2014-3944	medium	—	5.8			typo3	12y ago	TYPO3 Improper Session Invalidation
CVE-2014-3942	medium	—	6.0			typo3	12y ago	TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
CVE-2014-3941	medium	—	5.0			typo3	12y ago	Typo3 Host Header Spoofing Vulnerability
CVE-2013-4321	medium	—	6.5			typo3	12y ago	TYPO3 vulnerable to remote authenticated arbitrary code execution
CVE-2013-4320	medium	—	5.5			typo3	12y ago	TYPO3 Improper Access Management in the File Abstraction Layer
CVE-2013-4250	medium	—	6.5			typo3	12y ago	TYPO3 doesn't properly check file extensions
CVE-2012-6146	medium	—	4.0			typo3	12y ago	Typo3 Backend History Module Vulnerable to XSS
CVE-2013-7081	medium	—	4.9			typo3	13y ago	TYPO3 Improper Access Control vulnerability
CVE-2013-7080	medium	—	5.8			typo3	13y ago	TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
CVE-2013-7079	medium	—	5.8			typo3	13y ago	TYPO3 OpenID extension Open redirect vulnerability
CVE-2013-7075	medium	—	6.5			typo3	13y ago	TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
CVE-2013-7073	medium	—	4.0			typo3	13y ago	TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
CVE-2013-7082	medium	—	4.3			typo3	13y ago	TYPO3 Flow Cross-site scripting (XSS) vulnerability
CVE-2013-7077	medium	—	4.3			typo3	13y ago	TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
CVE-2013-7076	medium	—	4.3			typo3	13y ago	Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vecto…
CVE-2013-6289	medium	—	4.3			ingo_rennertypo3	13y ago	Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
CVE-2013-5570	medium	—	4.3			axel_jungtypo3	13y ago	Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5323	medium	—	4.3			stanislas_rollandtypo3	13y ago	Static Info Tables (static_info_tables) extension TYPO3 vulnerable to Cross-site Scripting
CVE-2013-5308	medium	—	4.3			juralsulektypo3	13y ago	Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
CVE-2013-5307	medium	—	4.3			kennziffertypo3	13y ago	Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5305	medium	—	4.3			joachim_ruhstypo3	13y ago	Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4871	medium	—	6.8			markus_blaschketypo3	13y ago	Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims …
CVE-2013-4749	medium	—	4.3			usertask_center_messaging_projecttypo3	13y ago	Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unsp…
CVE-2013-4747	medium	—	4.3			kasper_skarhojtypo3	13y ago	Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arb…
CVE-2013-4746	medium	—	4.3			kurt_gusbethtypo3	13y ago	Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6144	medium	—	6.5			typo3	13y ago	Typo3 Backend History Module Vulnerable to SQL Injection
CVE-2012-6577	medium	—	6.0			typoheadstypo3	13y ago	SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4680	medium	—	6.4			urs_maagtypo3	13y ago	Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ve…
CVE-2013-1843	medium	—	6.4			typo3	13y ago	TYPO3 Open redirect vulnerability in the Access tracking mechanism
CVE-2012-5890	medium	—	5.0			stanislas_rollandtypo3	14y ago	Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords
CVE-2012-5889	medium	—	4.3			alex_kellnertypo3	14y ago	powermail extension for TYPO3 has Cross-site Scripting vulnerability
CVE-2012-5888	medium	—	4.3			benjamin_macktypo3	14y ago	Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting
CVE-2012-3531	medium	—	4.3			typo3	14y ago	Typo3 Install Tool XSS Vulnerability
CVE-2012-3530	medium	—	4.3			typo3	14y ago	Typo3 API XSS Vulnerability
CVE-2012-3527	medium	—	4.6		debian	typo3	14y ago	TYPO3 allows remote authenticated backend users to unserialize arbitrary objects
CVE-2012-1608	medium	—	5.0			typo3	14y ago	Typo3 API XSS Vulnerabilities
CVE-2012-1607	medium	—	5.0			typo3	14y ago	TYPO3 allows remote attackers to obtain the database name via a direct request
CVE-2012-1605	medium	—	5.0			typo3	14y ago	Typo3 Extbase Framework Unsafe Deserialization
CVE-2012-2112	medium	—	4.3			typo3	14y ago	Typo3 Exception Handler XSS
CVE-2010-5099	medium	—	7.8	EXP		typo3	14y ago	TYPO3 Path Traversal vulnerability
CVE-2010-5104	medium	—	4.3			typo3	14y ago	TYPO3 Sensitive Information Disclosure via escapeStrForLike method
CVE-2010-5103	medium	—	6.0			typo3	14y ago	TYPO3 SQL Injection vulnerability
CVE-2010-5102	medium	—	5.0			typo3	14y ago	Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arb…
CVE-2010-5101	medium	—	4.0			typo3	14y ago	TYPO3 Directory Traversal vulnerability
CVE-2011-4614	medium	—	7.8	EXP		typo3	15y ago	PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.…
CVE-2012-1087	medium	—	4.3			bluechiptypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via un…
CVE-2012-1086	medium	—	4.3			typo3	15y ago	Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1085	medium	—	5.0			typo3	15y ago	Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2012-1084	medium	—	4.3			typo3	15y ago	Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1083	medium	—	6.8			typo3	15y ago	Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims …
CVE-2012-1081	medium	—	4.3			roderick_brauntypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspec…
CVE-2012-1080	medium	—	4.3			typo3	15y ago	Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1079	medium	—	6.5			helmut_hummeltypo3	15y ago	Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
CVE-2012-1078	medium	—	5.0			claus_duetypo3	15y ago	The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup o…
CVE-2012-1076	medium	—	4.3			robert_gondatypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1073	medium	—	4.3			typo3	15y ago	Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vec…
CVE-2012-1070	medium	—	4.3			netcreatorstypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
CVE-2011-5080	medium	—	4.3			juergen_furrertypo3	15y ago	Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary w…
CVE-2011-5079	medium	—	5.8			netcreatorstypo3	15y ago	Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing a…
CVE-2010-4960	medium	—	4.3			martin_hessetypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via …
CVE-2010-4956	medium	—	4.3			nadine_schwinglertypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vector…
CVE-2010-4951	medium	—	4.3			thomas_mammitzschtypo3	15y ago	Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
CVE-2010-4892	medium	—	4.3			alex_kellnertypo3	15y ago	Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4890	medium	—	4.3			andreas_kiefertypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4886	medium	—	4.3			peter_proelltypo3	15y ago	Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or …
CVE-2010-4885	medium	—	4.3			peter_proelltypo3	15y ago	Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4068	medium	—	4.9			typo3	16y ago	Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbi…
CVE-2010-3717	medium	—	5.0			typo3	16y ago	The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, whi…
CVE-2010-3716	medium	—	6.0			typo3	16y ago	The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrar…
CVE-2010-3715	medium	—	4.3			typo3	16y ago	TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend
CVE-2010-3687	medium	—	5.0			alex_kellnertypo3	16y ago	Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validate…
CVE-2010-3605	medium	—	4.3			alex_kellnertypo3	16y ago	Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4956	medium	—	4.3			wapplersystemstypo3	16y ago	Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4953	medium	—	4.3			stefan_geithtypo3	16y ago	Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vec…
CVE-2009-4951	medium	—	5.0			hans_olthofftypo3	16y ago	Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2009-4948	medium	—	4.3			joachim_ruhstypo3	16y ago	Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4804	medium	—	4.3			mario_matzullamicrosofttypo3	16y ago	Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML …
CVE-2010-1153	medium	—	6.8			typo3	16y ago	TYPO3 PHP remote file inclusion vulnerability
CVE-2010-1218	medium	—	4.3			mm_forumtypo3	16y ago	Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1025	medium	—	4.3			chris_wederkatypo3	16y ago	Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1021	medium	—	4.3			mads_brunntypo3	16y ago	Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1020	medium	—	4.3			sk-typo3typo3	16y ago	Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified …
CVE-2010-1014	medium	—	4.3			steffen_kampertypo3	16y ago	Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
CVE-2010-1011	medium	—	4.3			tim_lochmuellertypo3	16y ago	Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1008	medium	—	4.3			christian_hennecketypo3	16y ago	Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unsp…
CVE-2010-1007	medium	—	5.0			chi_hoangtypo3	16y ago	Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.