Total
472 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7080 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
|
|||||
| CVE-2010-1015 | 2 Laurent Foulloy, Typo3 | 2 Sav Filter Abc, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-4967 | 2 Jochen Rieger, Typo3 | 2 Car, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-6577 | 2 Typo3, Typoheads | 2 Typo3, Formhandler | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4953 | 2 Jw Calendar, Typo3 | 2 Jw Calendar, Typo3 | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2010-4885 | 2 Peter Proell, Typo3 | 2 Xing, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-3529 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 3.5 LOW | N/A |
|
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.
|
|||||
| CVE-2009-4954 | 2 Typo3, Websedit | 2 Typo3, Sk Calendar | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-0331 | 2 Stefan Tannhaeuser, Typo3 | 2 Tv21 Talkshow, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-1074 | 1 Typo3 | 2 Mm Whtppr, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-5310 | 2 Mauro Lorenzutti, Typo3 | 2 Wfqbe, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4892 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-1073 | 1 Typo3 | 2 Toi Category, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4953 | 2 Stefan Geith, Typo3 | 2 Sg Userdata, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4802 | 2 Joachim Ruhs, Typo3 | 2 Flat Manager, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-0350 | 2 Arco Van Geest, Typo3 | 2 Goof Fotoboek, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.
|
|||||
| CVE-2013-4634 | 2 Raphael Zschorsch, Typo3 | 2 Rzautocomplete, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1016 | 2 Laurent Foulloy, Typo3 | 2 Sav Filter Selectors, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-0341 | 1 Typo3 | 2 Bb Simplejobs, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-7073 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
|
|||||
| CVE-2012-1606 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-3530 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.
|
|||||
| CVE-2012-1071 | 2 Mathieu Vidal, Typo3 | 2 Mv Cooking, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012.
|
|||||
| CVE-2012-1076 | 2 Robert Gonda, Typo3 | 2 Rtg Files, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4709 | 2 Dirk Maiwert, Typo3 | 2 Datamints Newsticker, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-4706 | 2 Sebastian Winterhalder, Typo3 | 2 Mailform, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-1011 | 2 Tim Lochmueller, Typo3 | 2 Mydashboard, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-0798 | 2 Snowflake, Typo3 | 2 T3blog, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-0286 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication.
|
|||||
| CVE-2010-1005 | 2 Mischa Heimann, Typo3 | 2 Yatse, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4855 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.
|
|||||
| CVE-2011-3980 | 2 Jerome Schneider, Typo3 | 2 Ameos Dragndropupload, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors.
|
|||||
| CVE-2010-3714 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 7.1 HIGH | N/A |
|
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2010-0342 | 1 Typo3 | 2 Job Reports, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4890 | 2 Andreas Kiefer, Typo3 | 2 Ke Yac, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-4956 | 2 Typo3, Wapplersystems | 2 Typo3, Ws Stats | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-4951 | 2 Thomas Mammitzsch, Typo3 | 2 Vx Xajax Shoutbox, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-0340 | 1 Typo3 | 2 Mjseventpro, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-1070 | 2 Netcreators, Typo3 | 2 Irfaq, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter."
|
|||||
| CVE-2010-5100 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||