Vulnerabilities (CVE)

Filtered by vendor Typo3 Subscribe
Filtered by product Typo3
Total 433 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4336 2 Simon Rundell, Typo3 2 Pd Calendar Today, Typo3 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6459 1 Typo3 2 Autobeuser, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-0256 1 Typo3 1 Typo3 2023-12-10 7.5 HIGH N/A
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
CVE-2009-2104 2 Typo3, Udo Von Eynern 2 Typo3, Modern Guest Book Commenting System 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4337 2 Simon Rundell, Typo3 2 Pd Calendar Today, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
CVE-2009-4158 2 Mario Matzulla, Typo3 2 Cal, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4657 1 Typo3 2 Econda Plugin, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6338 2 Typo3, Weber-ebusiness 2 Typo3, Wes Facilities 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4659 1 Typo3 2 Mannschaftsliste, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5795 1 Typo3 2 Eluna Page Comments Extension, Typo3 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6463 2 Fr.simon Rundell, Typo3 2 Pd Churchsearch, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-0257 1 Typo3 1 Typo3 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.
CVE-2008-6696 2 Manu Oehler, Typo3 2 Toto, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2008-5644 1 Typo3 1 Typo3 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-6461 2 Fr.simon Rundell, Typo3 2 Ste Prayer2, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-0816 1 Typo3 1 Typo3 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
CVE-2008-6343 1 Typo3 2 Tu-clausthal Odin, Typo3 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6462 2 Kurt Gusbeth, Typo3 2 Myquizpoll, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3631 1 Typo3 1 Typo3 2023-12-10 8.5 HIGH N/A
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
CVE-2008-6686 2 Jan Bednarik, Typo3 2 Cooluri, Typo3 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.