Total
432 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-3673 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | |||||
CVE-2010-3671 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 9.4 HIGH | 6.5 MEDIUM |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | |||||
CVE-2010-3674 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
TYPO3 before 4.4.1 allows XSS in the frontend search box. | |||||
CVE-2010-3664 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | |||||
CVE-2010-3660 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | |||||
CVE-2011-4627 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | |||||
CVE-2010-3665 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | |||||
CVE-2011-4629 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | |||||
CVE-2011-4631 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | |||||
CVE-2011-3583 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | |||||
CVE-2010-3663 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | |||||
CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.8 MEDIUM | 4.8 MEDIUM |
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | |||||
CVE-2011-4904 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | |||||
CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | |||||
CVE-2010-3661 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | |||||
CVE-2010-3668 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | |||||
CVE-2011-4902 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.5 MEDIUM | 6.5 MEDIUM |
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | |||||
CVE-2010-3667 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. | |||||
CVE-2011-4632 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | |||||
CVE-2011-4900 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
TYPO3 before 4.5.4 allows Information Disclosure in the backend. |