Total
433 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6699 | 1 Typo3 | 2 Tjs Reslib, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2008-4660 | 1 Typo3 | 2 M1 Intern, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-2717 | 2 Apache, Typo3 | 2 Apache Webserver, Typo3 | 2023-12-10 | 6.5 MEDIUM | N/A |
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. | |||||
CVE-2009-1264 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2023-12-10 | 4.0 MEDIUM | N/A |
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | |||||
CVE-2008-6344 | 1 Typo3 | 2 Tu-clausthal Staff, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-3633 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. | |||||
CVE-2009-3632 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | |||||
CVE-2008-5799 | 1 Typo3 | 2 Typo3, Wir Ber Uns Extension | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-2103 | 2 Steve Grundell, Typo3 | 2 Frontend Mp3 Player, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-4165 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-2718 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-3634 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2009-4340 | 2 Mischa Heissmann, Typo3 | 2 No Indexed Search, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-4338 | 2 Jean-david Gadina, Typo3 | 2 Slideshow, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-2008-6145 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-6340 | 2 Mathieu Vidal, Typo3 | 2 Mv Vox Populi, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-5797 | 1 Typo3 | 2 Advcalendar Extension, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-6457 | 2 Typo3, Walnutstreet | 2 Typo3, Cgswigmore | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-6688 | 2 Kevin Renskers, Typo3 | 2 Dmmjobcontrol, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2009-3629 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |