Packagist (Composer) package
typo3/cms-frontend
pkg:composer/typo3/cms-frontend
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-3670 | — | < 4.3.4 | 4.3.4 | Nov 5, 2019 | TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | ||
| CVE-2010-3667 | — | < 4.1.14 | 4.1.14 | Nov 4, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. | ||
| CVE-2010-5098 | — | >= 4.2.0, < 4.2.16 | 4.2.16 | May 21, 2012 | Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2010-5097 | — | >= 4.3.0, < 4.3.9 | 4.3.9 | May 21, 2012 | Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- CVE-2010-3670Nov 5, 2019affected < 4.3.4fixed 4.3.4
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
- CVE-2010-3667Nov 4, 2019affected < 4.1.14fixed 4.1.14
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
- CVE-2010-5098May 21, 2012affected >= 4.2.0, < 4.2.16fixed 4.2.16
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-5097May 21, 2012affected >= 4.3.0, < 4.3.9fixed 4.3.9
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.