Typo3

typo3

Vendor: Typo3 • 218 CVEs

CVEs (218)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-4631 1Typo3 1Typo3 Nov 21, 2024 Nov 6, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
CVE-2011-4630 1Typo3 1Typo3 Nov 21, 2024 Nov 6, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.
CVE-2011-4629 1Typo3 1Typo3 Nov 21, 2024 Nov 6, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.
CVE-2011-4628 1Typo3 1Typo3 Nov 21, 2024 Nov 6, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
CVE-2011-4627 1Typo3 1Typo3 Nov 21, 2024 Nov 6, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
CVE-2011-4626 1Typo3 1Typo3 Nov 21, 2024 Nov 6, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
CVE-2010-3674 2Debian Typo3 2Debian Linux Typo3 Nov 21, 2024 Nov 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 TYPO3 before 4.4.1 allows XSS in the frontend search box.
CVE-2010-3673 1Typo3 1Typo3 Nov 21, 2024 Nov 5, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
CVE-2010-3672 1Typo3 1Typo3 Nov 21, 2024 Nov 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
CVE-2010-3671 1Typo3 1Typo3 Nov 21, 2024 Nov 5, 2019 N/A· v4 6.5 MEDIUM· v3 9.4 HIGH· v2 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
CVE-2010-3670 1Typo3 1Typo3 Nov 21, 2024 Nov 5, 2019 N/A· v4 4.8 MEDIUM· v3 5.8 MEDIUM· v2 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
CVE-2010-3669 1Typo3 1Typo3 Nov 21, 2024 Nov 4, 2019 N/A· v4 5.4 MEDIUM· v3 4.9 MEDIUM· v2 TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
CVE-2010-3668 1Typo3 1Typo3 Nov 21, 2024 Nov 4, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
CVE-2010-3667 1Typo3 1Typo3 Nov 21, 2024 Nov 4, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
CVE-2010-3666 1Typo3 1Typo3 Nov 21, 2024 Nov 4, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
CVE-2010-3665 1Typo3 1Typo3 Nov 21, 2024 Nov 4, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
CVE-2010-3664 1Typo3 1Typo3 Nov 21, 2024 Nov 4, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
CVE-2010-3663 1Typo3 1Typo3 Nov 21, 2024 Nov 4, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the b...Show more TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.Show less
CVE-2010-3662 1Typo3 1Typo3 Nov 21, 2024 Nov 4, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
CVE-2010-3661 1Typo3 1Typo3 Nov 21, 2024 Nov 1, 2019 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.

Previous 1...567...11 Next