ReportizFlow
Filtered by vendor Typo3
Subscriptions
Filtered by product Typo3
Subscriptions
Total
491 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1086 | 1 Typo3 | 2 Aeurltool, Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-1085 | 1 Typo3 | 2 Beuserswitch, Typo3 | 2025-04-11 | N/A |
| Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2012-1083 | 1 Typo3 | 2 Terminal, Typo3 | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-1075 | 2 Robert Gonda, Typo3 | 2 Rtg Files, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1074 | 1 Typo3 | 2 Mm Whtppr, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1072 | 1 Typo3 | 2 Toi Category, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1071 | 2 Mathieu Vidal, Typo3 | 2 Mv Cooking, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012. | ||||
| CVE-2012-1070 | 2 Netcreators, Typo3 | 2 Irfaq, Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter." | ||||
| CVE-2011-5080 | 2 Juergen Furrer, Typo3 | 2 Jftcaforms, Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-1606 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-1608 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters. | ||||
| CVE-2012-3527 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2025-04-11 | N/A |
| view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)." | ||||
| CVE-2012-3528 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-3529 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors. | ||||
| CVE-2012-3530 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events. | ||||
| CVE-2012-3531 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-1004 | 2 Mischa Heimann, Typo3 | 2 Yatse, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-1005 | 2 Mischa Heimann, Typo3 | 2 Yatse, Typo3 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-1006 | 1 Typo3 | 2 Brainstorming, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-1007 | 2 Chi Hoang, Typo3 | 2 Ch Lightem, Typo3 | 2025-04-11 | N/A |
| Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||