Vulnerabilities (CVE)

Filtered by vendor Typo3 Subscribe
Filtered by product Typo3
Total 417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4629 1 Typo3 1 Typo3 2019-11-08 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.
CVE-2011-4630 1 Typo3 1 Typo3 2019-11-08 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.
CVE-2011-4631 1 Typo3 1 Typo3 2019-11-08 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
CVE-2010-3670 1 Typo3 1 Typo3 2019-11-08 5.8 MEDIUM 4.8 MEDIUM
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
CVE-2011-4628 1 Typo3 1 Typo3 2019-11-08 7.5 HIGH 9.8 CRITICAL
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
CVE-2011-4626 1 Typo3 1 Typo3 2019-11-08 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
CVE-2011-4901 1 Typo3 1 Typo3 2019-11-08 4.0 MEDIUM 6.5 MEDIUM
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
CVE-2011-4632 1 Typo3 1 Typo3 2019-11-08 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
CVE-2011-4627 1 Typo3 1 Typo3 2019-11-08 4.0 MEDIUM 6.5 MEDIUM
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
CVE-2011-4902 1 Typo3 1 Typo3 2019-11-08 5.5 MEDIUM 6.5 MEDIUM
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
CVE-2011-4904 1 Typo3 1 Typo3 2019-11-08 4.0 MEDIUM 6.5 MEDIUM
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
CVE-2011-4903 1 Typo3 1 Typo3 2019-11-07 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
CVE-2011-4900 2 Debian, Typo3 2 Debian Linux, Typo3 2019-11-07 4.0 MEDIUM 6.5 MEDIUM
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
CVE-2010-3669 1 Typo3 1 Typo3 2019-11-07 4.9 MEDIUM 5.4 MEDIUM
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
CVE-2010-3673 1 Typo3 1 Typo3 2019-11-07 5.0 MEDIUM 5.3 MEDIUM
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
CVE-2010-3672 1 Typo3 1 Typo3 2019-11-07 4.3 MEDIUM 6.1 MEDIUM
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
CVE-2010-3674 2 Debian, Typo3 2 Debian Linux, Typo3 2019-11-06 4.3 MEDIUM 6.1 MEDIUM
TYPO3 before 4.4.1 allows XSS in the frontend search box.
CVE-2010-3660 1 Typo3 1 Typo3 2019-11-05 3.5 LOW 5.4 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
CVE-2010-3666 1 Typo3 1 Typo3 2019-11-05 5.0 MEDIUM 5.3 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
CVE-2010-3665 1 Typo3 1 Typo3 2019-11-05 3.5 LOW 5.4 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.