Vendor CVEs
TYPO3
All CVEs
539 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-4903 | 0.00 | — | 0.01 | Nov 6, 2019 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. | |||
| CVE-2011-4902 | 0.00 | — | 0.01 | Nov 6, 2019 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | |||
| CVE-2011-4901 | 0.00 | — | 0.01 | Nov 6, 2019 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | |||
| CVE-2011-4900 | 0.00 | — | 0.01 | Nov 6, 2019 | TYPO3 before 4.5.4 allows Information Disclosure in the backend. | |||
| CVE-2011-4632 | 0.00 | — | 0.01 | Nov 6, 2019 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | |||
| CVE-2011-4631 | 0.00 | — | 0.01 | Nov 6, 2019 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | |||
| CVE-2011-4630 | 0.00 | — | 0.01 | Nov 6, 2019 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | |||
| CVE-2011-4629 | 0.00 | — | 0.01 | Nov 6, 2019 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | |||
| CVE-2011-4628 | 0.00 | — | 0.02 | Nov 6, 2019 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | |||
| CVE-2011-4627 | 0.00 | — | 0.01 | Nov 6, 2019 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | |||
| CVE-2011-4626 | 0.00 | — | 0.01 | Nov 6, 2019 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | |||
| CVE-2010-3674 | 0.00 | — | 0.01 | Nov 5, 2019 | TYPO3 before 4.4.1 allows XSS in the frontend search box. | |||
| CVE-2010-3669 | 0.00 | — | 0.01 | Nov 4, 2019 | TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. | |||
| CVE-2010-3668 | 0.00 | — | 0.01 | Nov 4, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | |||
| CVE-2010-3665 | 0.00 | — | 0.01 | Nov 4, 2019 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | |||
| CVE-2015-5956 | 0.00 | — | 0.02 | Sep 16, 2015 | The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter… | |||
| CVE-2015-4613 | 0.00 | — | 0.01 | Jun 16, 2015 | SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4612 | 0.00 | — | 0.01 | Jun 16, 2015 | SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4611 | 0.00 | — | 0.01 | Jun 16, 2015 | SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4609 | 0.00 | — | 0.01 | Jun 16, 2015 | SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4608 | 0.00 | — | 0.01 | Jun 16, 2015 | Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4607 | 0.00 | — | 0.02 | Jun 16, 2015 | Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to… | |||
| CVE-2015-4606 | 0.00 | — | 0.03 | Jun 16, 2015 | Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the… | |||
| CVE-2015-2821 | 0.00 | — | 0.01 | Apr 1, 2015 | TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. | |||
| CVE-2015-2047 | 0.00 | — | 0.02 | Feb 23, 2015 | The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value. | |||
| CVE-2015-1405 | 0.00 | — | 0.01 | Feb 3, 2015 | SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1404 | 0.00 | — | 0.01 | Feb 3, 2015 | Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1403 | 0.00 | — | 0.01 | Feb 3, 2015 | SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1402 | 0.00 | — | 0.01 | Feb 3, 2015 | Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-9509 | 0.00 | — | 0.01 | Jan 4, 2015 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache… | |||
| CVE-2014-9508 | 0.00 | — | 0.02 | Jan 4, 2015 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for… | |||
| CVE-2014-8874 | 0.00 | — | 0.01 | Dec 2, 2014 | The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | |||
| CVE-2014-8325 | 0.00 | — | 0.02 | Oct 22, 2014 | The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library. | |||
| CVE-2014-6299 | 0.00 | — | 0.01 | Oct 3, 2014 | Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | |||
| CVE-2014-6298 | 0.00 | — | 0.02 | Oct 3, 2014 | Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||
| CVE-2014-6297 | 0.00 | — | 0.01 | Oct 3, 2014 | Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6294 | 0.00 | — | 0.01 | Oct 3, 2014 | Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6293 | 0.00 | — | 0.02 | Oct 3, 2014 | SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. | |||
| CVE-2014-6291 | 0.00 | — | 0.01 | Oct 3, 2014 | Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6290 | 0.00 | — | 0.01 | Oct 3, 2014 | The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. | |||
| CVE-2014-6241 | 0.00 | — | 0.01 | Sep 11, 2014 | SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6240 | 0.00 | — | 0.01 | Sep 11, 2014 | Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6239 | 0.00 | — | 0.01 | Sep 11, 2014 | SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6238 | 0.00 | — | 0.01 | Sep 11, 2014 | Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6237 | 0.00 | — | 0.01 | Sep 11, 2014 | Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6236 | 0.00 | — | 0.03 | Sep 11, 2014 | Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links. | |||
| CVE-2014-6234 | 0.00 | — | 0.01 | Sep 11, 2014 | Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6233 | 0.00 | — | 0.01 | Sep 11, 2014 | SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6232 | 0.00 | — | 0.01 | Sep 11, 2014 | Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||
| CVE-2014-6231 | 0.00 | — | 0.03 | Sep 11, 2014 | Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. |
- CVE-2011-4903Nov 6, 2019risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
- CVE-2011-4902Nov 6, 2019risk 0.00cvss —epss 0.01
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
- CVE-2011-4901Nov 6, 2019risk 0.00cvss —epss 0.01
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
- CVE-2011-4900Nov 6, 2019risk 0.00cvss —epss 0.01
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
- CVE-2011-4632Nov 6, 2019risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
- CVE-2011-4631Nov 6, 2019risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
- CVE-2011-4630Nov 6, 2019risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.
- CVE-2011-4629Nov 6, 2019risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.
- CVE-2011-4628Nov 6, 2019risk 0.00cvss —epss 0.02
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
- CVE-2011-4627Nov 6, 2019risk 0.00cvss —epss 0.01
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
- CVE-2011-4626Nov 6, 2019risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
- CVE-2010-3674Nov 5, 2019risk 0.00cvss —epss 0.01
TYPO3 before 4.4.1 allows XSS in the frontend search box.
- CVE-2010-3669Nov 4, 2019risk 0.00cvss —epss 0.01
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
- CVE-2010-3668Nov 4, 2019risk 0.00cvss —epss 0.01
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
- CVE-2010-3665Nov 4, 2019risk 0.00cvss —epss 0.01
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
- CVE-2015-5956Sep 16, 2015risk 0.00cvss —epss 0.02
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter…
- CVE-2015-4613Jun 16, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.
- CVE-2015-4612Jun 16, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- CVE-2015-4611Jun 16, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- CVE-2015-4609Jun 16, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- CVE-2015-4608Jun 16, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-4607Jun 16, 2015risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to…
- CVE-2015-4606Jun 16, 2015risk 0.00cvss —epss 0.03
Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the…
- CVE-2015-2821Apr 1, 2015risk 0.00cvss —epss 0.01
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.
- CVE-2015-2047Feb 23, 2015risk 0.00cvss —epss 0.02
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
- CVE-2015-1405Feb 3, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2015-1404Feb 3, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-1403Feb 3, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2015-1402Feb 3, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-9509Jan 4, 2015risk 0.00cvss —epss 0.01
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache…
- CVE-2014-9508Jan 4, 2015risk 0.00cvss —epss 0.02
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for…
- CVE-2014-8874Dec 2, 2014risk 0.00cvss —epss 0.01
The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request.
- CVE-2014-8325Oct 22, 2014risk 0.00cvss —epss 0.02
The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library.
- CVE-2014-6299Oct 3, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors.
- CVE-2014-6298Oct 3, 2014risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
- CVE-2014-6297Oct 3, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-6294Oct 3, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-6293Oct 3, 2014risk 0.00cvss —epss 0.02
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.
- CVE-2014-6291Oct 3, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-6290Oct 3, 2014risk 0.00cvss —epss 0.01
The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.
- CVE-2014-6241Sep 11, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-6240Sep 11, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-6239Sep 11, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-6238Sep 11, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-6237Sep 11, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-6236Sep 11, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links.
- CVE-2014-6234Sep 11, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-6233Sep 11, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-6232Sep 11, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors.
- CVE-2014-6231Sep 11, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
Page 4 of 11