VYPR

Packagist (Composer) package

typo3/cms

pkg:composer/typo3/cms

Vulnerabilities (116)

  • CVE-2014-3943Jun 3, 2014
    affected >= 4.5.0, < 4.5.34fixed 4.5.34

    Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via u

  • CVE-2014-3942Jun 3, 2014
    affected >= 4.5.0, < 4.5.34fixed 4.5.34

    The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.

  • CVE-2014-3941Jun 3, 2014
    affected >= 4.5.0, < 4.5.34fixed 4.5.34

    TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."

  • CVE-2013-4321May 20, 2014
    affected >= 6.0.0, < 6.0.9fixed 6.0.9

    The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete f

  • CVE-2013-4250May 20, 2014
    affected >= 6.0.0, < 6.0.8fixed 6.0.8

    The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

  • CVE-2012-6146May 20, 2014
    affected >= 4.5, < 4.5.21fixed 4.5.21

    The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

  • CVE-2013-7341Mar 24, 2014
    affected >= 6.2.0, < 6.2.14fixed 6.2.14

    Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted player

  • CVE-2013-7075Dec 23, 2013
    affected >= 4.5.0, < 4.5.32fixed 4.5.32

    The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified imp

  • CVE-2013-7073Dec 23, 2013
    affected >= 4.5.0, < 4.5.32fixed 4.5.32

    The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

  • CVE-2013-7074Dec 21, 2013
    affected >= 4.5.0, < 4.5.32fixed 4.5.32

    Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML v

  • CVE-2013-4701Aug 21, 2013
    affected >= 6.2.0, < 6.2.6fixed 6.2.6

    Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction wit

  • CVE-2012-6148Jul 1, 2013
    affected >= 4.5.0, < 4.5.21fixed 4.5.21

    Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-6147Jul 1, 2013
    affected >= 4.5.0, < 4.5.21fixed 4.5.21

    Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-6145Jul 1, 2013
    affected >= 4.5.0, < 4.5.21fixed 4.5.21

    Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-6144Jul 1, 2013
    affected >= 4.5.0, < 4.5.21fixed 4.5.21

    SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2012-3531Sep 5, 2012
    affected >= 4.5, < 4.5.19fixed 4.5.19

    Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-3530Sep 5, 2012
    affected >= 4.5, < 4.5.19fixed 4.5.19

    Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.

  • CVE-2012-3529Sep 5, 2012
    affected >= 4.5, < 4.5.19fixed 4.5.19

    The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.

  • CVE-2012-3528Sep 5, 2012
    affected >= 4.5, < 4.5.19fixed 4.5.19

    Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-3527Sep 5, 2012
    affected >= 4.5.0, < 4.5.19fixed 4.5.19

    view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing

Page 5 of 6