Filtered by vendor Typo3
Subscribe
Total
478 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4719 | 2 Lina Wolf, Typo3 | 2 Seo Pack For Tt News, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-7080 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 5.8 MEDIUM | N/A |
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment." | |||||
CVE-2012-3528 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-5099 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 6.8 MEDIUM | N/A |
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. | |||||
CVE-2013-7076 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-4683 | 2 Christophe Balisky, Typo3 | 2 Meta Feedit, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-5307 | 2 Kennziffer, Typo3 | 2 Ke Search, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-1843 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 6.4 MEDIUM | N/A |
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2013-4749 | 2 Typo3, Usertask Center Messaging Project | 2 Typo3, Usertask Center Messaging | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-6145 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-5102 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors. | |||||
CVE-2012-1606 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2112 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages. | |||||
CVE-2013-6289 | 2 Ingo Renner, Typo3 | 2 Apache Solr, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-5305 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-4634 | 2 Raphael Zschorsch, Typo3 | 2 Rzautocomplete, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2012-1607 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 5.0 MEDIUM | N/A |
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. | |||||
CVE-2012-6577 | 2 Typo3, Typoheads | 2 Typo3, Formhandler | 2023-12-10 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-4682 | 2 Bas Van Beek, Typo3 | 2 Multishop, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-5308 | 2 Juralsulek, Typo3 | 2 Realurlmanagement, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |