Filtered by vendor Typo3
Subscribe
Total
477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3672 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. | |||||
| CVE-2019-19850 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges. | |||||
| CVE-2010-3662 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | |||||
| CVE-2010-3669 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. | |||||
| CVE-2011-4626 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | |||||
| CVE-2019-19849 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges. | |||||
| CVE-2010-3673 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | |||||
| CVE-2010-3671 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 9.4 HIGH | 6.5 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | |||||
| CVE-2010-3674 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| TYPO3 before 4.4.1 allows XSS in the frontend search box. | |||||
| CVE-2010-3664 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | |||||
| CVE-2010-3660 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | |||||
| CVE-2011-4627 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | |||||
| CVE-2010-3665 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | |||||
| CVE-2011-4629 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | |||||
| CVE-2011-4631 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | |||||
| CVE-2011-3583 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | |||||
| CVE-2010-3663 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | |||||
| CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.8 MEDIUM | 4.8 MEDIUM |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | |||||
| CVE-2011-4904 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | |||||
| CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | |||||