Filtered by vendor Typo3
Subscribe
Total
517 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4166 | 2 Michal Hadr, Typo3 | 2 Mchtrips, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4399 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4396 | 2 Fr.simon Rundell, Typo3 | 2 Pd Resources, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6685 | 2 Thomas Waggershauser, Typo3 | 2 Air Filemanager, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2009-0257 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. | |||||
| CVE-2009-3628 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 4.0 MEDIUM | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element. | |||||
| CVE-2010-0324 | 2 Patrick Bauerochse, Typo3 | 2 Ref List, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2717 | 2 Apache, Typo3 | 2 Apache Webserver, Typo3 | 2025-04-09 | 6.5 MEDIUM | N/A |
| TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. | |||||
| CVE-2009-4389 | 2 Robert Puntigam, Typo3 | 2 Aba Watchdog, Typo3 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
| CVE-2008-6687 | 2 David Cadu, Typo3 | 2 Dcdgooglemap, Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2008-6688 | 2 Kevin Renskers, Typo3 | 2 Dmmjobcontrol, Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2009-3633 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. | |||||
| CVE-2008-4657 | 1 Typo3 | 2 Econda Plugin, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5069 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2008-2490 | 1 Typo3 | 1 Kj Imagelightbox2 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input." | |||||
| CVE-2008-5800 | 1 Typo3 | 2 Fsmi People, Wir Ber Uns Extension | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6696 | 2 Manu Oehler, Typo3 | 2 Toto, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-3029 | 1 Typo3 | 1 Wec Discussion Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3632 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2008-3038 | 1 Typo3 | 1 Address Directory | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||