Search

Found 185 results in 14ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-6553	high	7.5	7.5			typo3	1mo ago	TYPO3 CMS Stores Cleartext Password in User Settings Module
CVE-2010-3659	medium	5.4	5.4			typo3	9y ago	TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms
CVE-2017-14251	high	8.8	8.8			typo3	9y ago	TYPO3 Arbitrary Code Execution
CVE-2017-6370	medium	5.3	5.3			typo3	9y ago	TYPO3 Information Disclosure Vulnerability
CVE-2016-5091	high	8.1	8.1			typo3	10y ago	Extbase for TYPO3 allows RCE
CVE-2016-4056	medium	6.1	6.1			typo3	10y ago	TYPO3 Backend component Cross-site scripting (XSS) vulnerability
CVE-2015-8760	medium	6.1	6.1			typo3	11y ago	TYPO3 allows remote attackers to embed Flash videos from external domain
CVE-2015-8759	medium	5.4	5.4			typo3	11y ago	TYPO3 Cross-site Scripting vulnerability
CVE-2015-8758	medium	5.4	5.4			typo3	11y ago	Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web scr…
CVE-2015-8757	medium	6.1	6.1			typo3	11y ago	Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
CVE-2015-8756	medium	5.4	5.4			typo3	11y ago	TYPO3 CMS indexed search Cross-site Scripting vulnerability
CVE-2015-8755	medium	5.4	5.4			typo3	11y ago	Typo3 XSS Vulnerability
CVE-2015-2821	medium	—	6.5			typo3	11y ago	TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.
CVE-2014-9509	high	—	7.5			typo3	12y ago	Typo3 Vulnerable to Cache Poisoning
CVE-2014-9508	medium	—	4.3			typo3	12y ago	Typo3 Open Redirect In Frontend Rendering
CVE-2014-3948	medium	—	4.3			alex_kellnertypo3	12y ago	Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or H…
CVE-2014-3946	medium	—	4.0			typo3	12y ago	Typo3 Information Disclosure
CVE-2014-3945	medium	—	4.0			typo3	12y ago	TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash
CVE-2014-3944	medium	—	5.8			typo3	12y ago	TYPO3 Improper Session Invalidation
CVE-2014-3942	medium	—	6.0			typo3	12y ago	TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
CVE-2014-3941	medium	—	5.0			typo3	12y ago	Typo3 Host Header Spoofing Vulnerability
CVE-2013-4321	medium	—	6.5			typo3	12y ago	TYPO3 vulnerable to remote authenticated arbitrary code execution
CVE-2013-4320	medium	—	5.5			typo3	12y ago	TYPO3 Improper Access Management in the File Abstraction Layer
CVE-2013-4250	medium	—	6.5			typo3	12y ago	TYPO3 doesn't properly check file extensions
CVE-2012-6146	medium	—	4.0			typo3	12y ago	Typo3 Backend History Module Vulnerable to XSS
CVE-2013-7081	medium	—	4.9			typo3	13y ago	TYPO3 Improper Access Control vulnerability
CVE-2013-7080	medium	—	5.8			typo3	13y ago	TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
CVE-2013-7079	medium	—	5.8			typo3	13y ago	TYPO3 OpenID extension Open redirect vulnerability
CVE-2013-7075	medium	—	6.5			typo3	13y ago	TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
CVE-2013-7073	medium	—	4.0			typo3	13y ago	TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
CVE-2013-7082	medium	—	4.3			typo3	13y ago	TYPO3 Flow Cross-site scripting (XSS) vulnerability
CVE-2013-7077	medium	—	4.3			typo3	13y ago	TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
CVE-2013-7076	medium	—	4.3			typo3	13y ago	Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vecto…
CVE-2013-6289	medium	—	4.3			ingo_rennertypo3	13y ago	Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
CVE-2013-5570	medium	—	4.3			axel_jungtypo3	13y ago	Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5569	high	—	7.5			heiko_sudartypo3	13y ago	SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5323	medium	—	4.3			stanislas_rollandtypo3	13y ago	Static Info Tables (static_info_tables) extension TYPO3 vulnerable to Cross-site Scripting
CVE-2013-5322	high	—	7.5			jan_bednariktypo3	13y ago	CoolURI extension for TYPO3 vulnerable to SQL Injection
CVE-2013-5310	high	—	7.5			mauro_lorenzuttitypo3	13y ago	SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5308	medium	—	4.3			juralsulektypo3	13y ago	Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
CVE-2013-5307	medium	—	4.3			kennziffertypo3	13y ago	Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5306	high	—	7.5			die-netzmachertypo3	13y ago	SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5305	medium	—	4.3			joachim_ruhstypo3	13y ago	Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5304	high	—	7.5			joachim_ruhstypo3	13y ago	SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5302	high	—	7.5			kennziffertypo3	13y ago	SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4871	medium	—	6.8			markus_blaschketypo3	13y ago	Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims …
CVE-2013-4870	high	—	7.5			news_search_projecttypo3	13y ago	SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4749	medium	—	4.3			usertask_center_messaging_projecttypo3	13y ago	Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unsp…
CVE-2013-4748	high	—	7.5			georg_ringertypo3	13y ago	News system (news) extension for TYPO3 vulnerable to SQL Injection
CVE-2013-4747	medium	—	4.3			kasper_skarhojtypo3	13y ago	Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arb…
CVE-2013-4746	medium	—	4.3			kurt_gusbethtypo3	13y ago	Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4745	high	—	7.5			kurt_gusbethtypo3	13y ago	SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-6144	medium	—	6.5			typo3	13y ago	Typo3 Backend History Module Vulnerable to SQL Injection
CVE-2013-4721	high	—	7.5			3dstypo3	13y ago	SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4720	high	—	7.5			webempoweredchurchtypo3	13y ago	SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4719	high	—	7.5			lina_wolftypo3	13y ago	SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-6577	medium	—	6.0			typoheadstypo3	13y ago	SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4683	high	—	7.5			christophe_baliskytypo3	13y ago	SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4682	high	—	7.5			bas_van_beektypo3	13y ago	Multishop extension for TYPO3 has SQL Injection vulnerability
CVE-2013-4681	high	—	7.5			michael_staatztypo3	13y ago	SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4680	medium	—	6.4			urs_maagtypo3	13y ago	Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ve…
CVE-2013-4634	high	—	7.5			raphael_zschorschtypo3	13y ago	SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified v…
CVE-2013-1843	medium	—	6.4			typo3	13y ago	TYPO3 Open redirect vulnerability in the Access tracking mechanism
CVE-2013-1842	high	—	7.5			typo3	13y ago	TYPO3 SQL injection vulnerability in the Extbase Framework
CVE-2012-5890	medium	—	5.0			stanislas_rollandtypo3	14y ago	Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords
CVE-2012-5889	medium	—	4.3			alex_kellnertypo3	14y ago	powermail extension for TYPO3 has Cross-site Scripting vulnerability
CVE-2012-5888	medium	—	4.3			benjamin_macktypo3	14y ago	Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting
CVE-2012-3531	medium	—	4.3			typo3	14y ago	Typo3 Install Tool XSS Vulnerability
CVE-2012-3530	medium	—	4.3			typo3	14y ago	Typo3 API XSS Vulnerability
CVE-2012-3527	medium	—	4.6		debian	typo3	14y ago	TYPO3 allows remote authenticated backend users to unserialize arbitrary objects
CVE-2012-1608	medium	—	5.0			typo3	14y ago	Typo3 API XSS Vulnerabilities
CVE-2012-1607	medium	—	5.0			typo3	14y ago	TYPO3 allows remote attackers to obtain the database name via a direct request
CVE-2012-1605	medium	—	5.0			typo3	14y ago	Typo3 Extbase Framework Unsafe Deserialization
CVE-2012-2112	medium	—	4.3			typo3	14y ago	Typo3 Exception Handler XSS
CVE-2010-5099	medium	—	7.8	EXP		typo3	14y ago	TYPO3 Path Traversal vulnerability
CVE-2010-5104	medium	—	4.3			typo3	14y ago	TYPO3 Sensitive Information Disclosure via escapeStrForLike method
CVE-2010-5103	medium	—	6.0			typo3	14y ago	TYPO3 SQL Injection vulnerability
CVE-2010-5102	medium	—	5.0			typo3	14y ago	Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arb…
CVE-2010-5101	medium	—	4.0			typo3	14y ago	TYPO3 Directory Traversal vulnerability
CVE-2011-4614	medium	—	7.8	EXP		typo3	15y ago	PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.…
CVE-2012-1087	medium	—	4.3			bluechiptypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via un…
CVE-2012-1086	medium	—	4.3			typo3	15y ago	Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1085	medium	—	5.0			typo3	15y ago	Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2012-1084	medium	—	4.3			typo3	15y ago	Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1083	medium	—	6.8			typo3	15y ago	Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims …
CVE-2012-1081	medium	—	4.3			roderick_brauntypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspec…
CVE-2012-1080	medium	—	4.3			typo3	15y ago	Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1079	medium	—	6.5			helmut_hummeltypo3	15y ago	Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
CVE-2012-1078	medium	—	5.0			claus_duetypo3	15y ago	The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup o…
CVE-2012-1077	high	—	7.5			manfred_eggertypo3	15y ago	SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1076	medium	—	4.3			robert_gondatypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1075	high	—	7.5			robert_gondatypo3	15y ago	SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1074	high	—	7.5			typo3	15y ago	SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1073	medium	—	4.3			typo3	15y ago	Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vec…
CVE-2012-1072	high	—	7.5			typo3	15y ago	SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1071	high	—	7.5			mathieu_vidaltypo3	15y ago	SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the …
CVE-2012-1070	medium	—	4.3			netcreatorstypo3	15y ago	Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
CVE-2011-5080	medium	—	4.3			juergen_furrertypo3	15y ago	Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary w…
CVE-2011-5079	medium	—	5.8			netcreatorstypo3	15y ago	Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing a…
CVE-2010-4962	high	—	7.5			dev-team_typoheadstypo3	15y ago	Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands