Filtered by vendor Typo3
Subscribe
Total
478 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4165 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-2718 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-3634 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2009-4340 | 2 Mischa Heissmann, Typo3 | 2 No Indexed Search, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-4338 | 2 Jean-david Gadina, Typo3 | 2 Slideshow, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-2008-3050 | 1 Typo3 | 1 Pdf Generator 2 Extension | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2008-6145 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-6340 | 2 Mathieu Vidal, Typo3 | 2 Mv Vox Populi, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-5797 | 1 Typo3 | 2 Advcalendar Extension, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-3043 | 1 Typo3 | 1 Wec Discussion Forum | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types." | |||||
CVE-2008-6457 | 2 Typo3, Walnutstreet | 2 Typo3, Cgswigmore | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-6688 | 2 Kevin Renskers, Typo3 | 2 Dmmjobcontrol, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2009-3629 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-4336 | 2 Simon Rundell, Typo3 | 2 Pd Calendar Today, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-3055 | 1 Typo3 | 1 Support View Extension | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-6459 | 1 Typo3 | 2 Autobeuser, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-0256 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | |||||
CVE-2009-2104 | 2 Typo3, Udo Von Eynern | 2 Typo3, Modern Guest Book Commenting System | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-4337 | 2 Simon Rundell, Typo3 | 2 Pd Calendar Today, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691. | |||||
CVE-2009-4158 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |