Vulnerabilities (CVE)

Filtered by vendor Typo3 Subscribe
Total 517 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4953 2 Stefan Geith, Typo3 2 Sg Userdata, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4746 2 Kurt Gusbeth, Typo3 2 Myquizpoll, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7073 1 Typo3 1 Typo3 2025-04-11 4.0 MEDIUM N/A
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
CVE-2010-5103 1 Typo3 1 Typo3 2025-04-11 6.0 MEDIUM N/A
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0343 1 Typo3 2 Pb Clanlist, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1007 2 Chi Hoang, Typo3 2 Ch Lightem, Typo3 2025-04-11 5.0 MEDIUM N/A
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2010-1004 2 Mischa Heimann, Typo3 2 Yatse, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-7080 1 Typo3 1 Typo3 2025-04-11 5.8 MEDIUM N/A
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
CVE-2013-1843 1 Typo3 1 Typo3 2025-04-11 6.4 MEDIUM N/A
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2010-1014 2 Steffen Kamper, Typo3 2 Reports Logview, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0334 2 Francisco Cifuentes, Typo3 2 Vote For Tt News, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1021 2 Mads Brunn, Typo3 2 T3quixplorer, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4701 2 Liviu Mitrofan, Typo3 2 Myth Download, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1218 2 Mm Forum, Typo3 2 Mmforum, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1077 2 Manfred Egger, Typo3 2 Bc Post2facebook, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1083 1 Typo3 2 Terminal, Typo3 2025-04-11 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2010-0797 2 Snowflake, Typo3 2 T3blog, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-5102 1 Typo3 1 Typo3 2025-04-11 5.0 MEDIUM N/A
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.
CVE-2009-3821 2 Apache, Typo3 2 Solr, Typo3 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4660 1 Typo3 2 M1 Intern, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.