Filtered by vendor Typo3
Subscriptions
Total
522 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5890 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2025-04-11 | N/A |
| The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. | ||||
| CVE-2013-7075 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature." | ||||
| CVE-2012-1070 | 2 Netcreators, Typo3 | 2 Irfaq, Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter." | ||||
| CVE-2012-1074 | 1 Typo3 | 2 Mm Whtppr, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1075 | 2 Robert Gonda, Typo3 | 2 Rtg Files, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1076 | 2 Robert Gonda, Typo3 | 2 Rtg Files, Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-1077 | 2 Manfred Egger, Typo3 | 2 Bc Post2facebook, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1078 | 2 Claus Due, Typo3 | 2 Sysutils, Typo3 | 2025-04-11 | N/A |
| The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." | ||||
| CVE-2012-1079 | 2 Helmut Hummel, Typo3 | 2 Typo3 Webservice, Typo3 | 2025-04-11 | N/A |
| Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | ||||
| CVE-2012-1087 | 2 Bluechip, Typo3 | 2 Bc Post2facebook, Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-1606 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4747 | 2 Kasper Skarhoj, Typo3 | 2 Accessible Is Browse Results, Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4749 | 2 Typo3, Usertask Center Messaging Project | 2 Typo3, Usertask Center Messaging | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-7082 | 1 Typo3 | 1 Flow | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. | ||||
| CVE-2012-3528 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-6148 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-4614 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter. | ||||
| CVE-2012-3529 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors. | ||||
| CVE-2008-6696 | 2 Manu Oehler, Typo3 | 2 Toto, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2009-4338 | 2 Jean-david Gadina, Typo3 | 2 Slideshow, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||