VYPR

Vendor CVEs

TYPO3

All CVEs

539 total · sorted by risk
  • CVE-2011-4903Nov 6, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.

  • CVE-2011-4902Nov 6, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.

  • CVE-2011-4901Nov 6, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.

  • CVE-2011-4900Nov 6, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.5.4 allows Information Disclosure in the backend.

  • CVE-2011-4632Nov 6, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.

  • CVE-2011-4631Nov 6, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.

  • CVE-2011-4630Nov 6, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.

  • CVE-2011-4629Nov 6, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.

  • CVE-2011-4628Nov 6, 2019
    risk 0.00cvss epss 0.02

    TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.

  • CVE-2011-4627Nov 6, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.

  • CVE-2011-4626Nov 6, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.

  • CVE-2010-3674Nov 5, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.4.1 allows XSS in the frontend search box.

  • CVE-2010-3669Nov 4, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.

  • CVE-2010-3668Nov 4, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.

  • CVE-2010-3665Nov 4, 2019
    risk 0.00cvss epss 0.01

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.

  • CVE-2015-5956Sep 16, 2015
    risk 0.00cvss epss 0.02

    The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter…

  • CVE-2015-4613Jun 16, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-4612Jun 16, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-4611Jun 16, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-4609Jun 16, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-4608Jun 16, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-4607Jun 16, 2015
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to…

  • CVE-2015-4606Jun 16, 2015
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the…

  • CVE-2015-2821Apr 1, 2015
    risk 0.00cvss epss 0.01

    TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.

  • CVE-2015-2047Feb 23, 2015
    risk 0.00cvss epss 0.02

    The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

  • CVE-2015-1405Feb 3, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-1404Feb 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-1403Feb 3, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-1402Feb 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-9509Jan 4, 2015
    risk 0.00cvss epss 0.01

    The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache…

  • CVE-2014-9508Jan 4, 2015
    risk 0.00cvss epss 0.02

    The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for…

  • CVE-2014-8874Dec 2, 2014
    risk 0.00cvss epss 0.01

    The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request.

  • CVE-2014-8325Oct 22, 2014
    risk 0.00cvss epss 0.02

    The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library.

  • CVE-2014-6299Oct 3, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors.

  • CVE-2014-6298Oct 3, 2014
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.

  • CVE-2014-6297Oct 3, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-6294Oct 3, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-6293Oct 3, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.

  • CVE-2014-6291Oct 3, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-6290Oct 3, 2014
    risk 0.00cvss epss 0.01

    The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.

  • CVE-2014-6241Sep 11, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-6240Sep 11, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-6239Sep 11, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-6238Sep 11, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-6237Sep 11, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-6236Sep 11, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links.

  • CVE-2014-6234Sep 11, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-6233Sep 11, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-6232Sep 11, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors.

  • CVE-2014-6231Sep 11, 2014
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.

Page 4 of 11