VYPR

Typo3

by TYPO3

Source repositories

CVEs (206)

  • CVE-2021-21358Mar 23, 2021
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the…

  • CVE-2021-21338Mar 23, 2021
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and…

  • CVE-2020-26229Nov 23, 2020
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually…

  • CVE-2020-26228Nov 23, 2020
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly…

  • CVE-2020-26227Nov 23, 2020
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers.…

  • CVE-2020-15098Jul 29, 2020
    risk 0.00cvss epss 0.02

    In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a…

  • CVE-2020-15099Jul 29, 2020
    risk 0.00cvss epss 0.02

    In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing…

  • CVE-2020-11069May 13, 2020
    risk 0.00cvss epss 0.01

    In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously…

  • CVE-2020-11067May 13, 2020
    risk 0.00cvss epss 0.02

    In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A…

  • CVE-2020-11066May 13, 2020
    risk 0.00cvss epss 0.01

    In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering…

  • CVE-2020-11065May 13, 2020
    risk 0.00cvss epss 0.01

    In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML…

  • CVE-2020-11064May 13, 2020
    risk 0.00cvss epss 0.01

    In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend…

  • CVE-2020-11063May 13, 2020
    risk 0.00cvss epss 0.01

    In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has…

  • CVE-2011-4904Nov 6, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.

  • CVE-2011-4903Nov 6, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.

  • CVE-2011-4902Nov 6, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.

  • CVE-2011-4901Nov 6, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.

  • CVE-2011-4900Nov 6, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.5.4 allows Information Disclosure in the backend.

  • CVE-2011-4632Nov 6, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.

  • CVE-2011-4631Nov 6, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.

Page 6 of 11