Filtered by vendor Typo3
Subscribe
Total
517 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1022 | 2 Marcus Krause, Typo3 | 2 T3sec Saltedpw, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
|
|||||
| CVE-2013-4870 | 2 News Search Project, Typo3 | 2 News Search, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1007 | 2 Chi Hoang, Typo3 | 2 Ch Lightem, Typo3 | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
|
|||||
| CVE-2010-0332 | 2 Stefan Tannhaeuser, Typo3 | 2 Tv21 Talkshow, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-5322 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-6144 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-4965 | 2 Thomas Waggershauser, Typo3 | 2 Air Lexicon, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-4711 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
|
|||||
| CVE-2012-6147 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-1014 | 2 Steffen Kamper, Typo3 | 2 Reports Logview, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-3604 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-5080 | 2 Juergen Furrer, Typo3 | 2 Jftcaforms, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-4721 | 2 3ds, Typo3 | 2 Push2rss 3ds, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-1082 | 1 Typo3 | 2 Terminal, Typo3 | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-1153 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.
|
|||||
| CVE-2009-4963 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2025-04-11 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-4719 | 2 Lina Wolf, Typo3 | 2 Seo Pack For Tt News, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1004 | 2 Mischa Heimann, Typo3 | 2 Yatse, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4960 | 2 Martin Hesse, Typo3 | 2 Mh Branchenbuch, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-1079 | 2 Helmut Hummel, Typo3 | 2 Typo3 Webservice, Typo3 | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2013-6288 | 2 Ingo Renner, Typo3 | 2 Apache Solr, Typo3 | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
|
|||||
| CVE-2010-1006 | 1 Typo3 | 2 Brainstorming, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-3605 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-1026 | 2 Mathon Nicolas, Typo3 | 2 Tmsw Cleandb, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-5097 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-0347 | 1 Typo3 | 2 Typo3, Vd Gemomap | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4949 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-5569 | 2 Heiko Sudar, Typo3 | 2 Slideshare, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-5304 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1020 | 2 Sk-typo3, Typo3 | 2 Sk Simplegallery, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4804 | 3 Mario Matzulla, Microsoft, Typo3 | 3 Calendar Base, Internet Explorer, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."
|
|||||
| CVE-2009-4969 | 1 Typo3 | 2 Sbanner, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4956 | 2 Nadine Schwingler, Typo3 | 2 Ke Questionnaire, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-4683 | 2 Christophe Balisky, Typo3 | 2 Meta Feedit, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-7079 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2010-5099 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
|
|||||
| CVE-2010-1019 | 2 Sk-typo3, Typo3 | 2 Sk Simplegallery, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-4871 | 2 Markus Blaschke, Typo3 | 2 Tq Seo, Typo3 | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
|||||
| CVE-2012-1605 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
|
|||||
| CVE-2009-4971 | 2 Typo3, Vincent Tietz | 2 Typo3, Vjchat | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||