Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Typo3 Subscribe
Filtered by product Typo3
Total 438 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4627 1 Typo3 1 Typo3 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
CVE-2011-4626 1 Typo3 1 Typo3 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
CVE-2011-3583 1 Typo3 1 Typo3 2024-11-21 7.5 HIGH 9.8 CRITICAL
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
CVE-2010-3674 2 Debian, Typo3 2 Debian Linux, Typo3 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
TYPO3 before 4.4.1 allows XSS in the frontend search box.
CVE-2010-3673 1 Typo3 1 Typo3 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
CVE-2010-3672 1 Typo3 1 Typo3 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
CVE-2010-3671 1 Typo3 1 Typo3 2024-11-21 9.4 HIGH 6.5 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
CVE-2010-3670 1 Typo3 1 Typo3 2024-11-21 5.8 MEDIUM 4.8 MEDIUM
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
CVE-2010-3669 1 Typo3 1 Typo3 2024-11-21 4.9 MEDIUM 5.4 MEDIUM
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
CVE-2010-3668 1 Typo3 1 Typo3 2024-11-21 5.0 MEDIUM 7.5 HIGH
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
CVE-2010-3667 1 Typo3 1 Typo3 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
CVE-2010-3666 1 Typo3 1 Typo3 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
CVE-2010-3665 1 Typo3 1 Typo3 2024-11-21 3.5 LOW 5.4 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
CVE-2010-3664 1 Typo3 1 Typo3 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
CVE-2010-3663 1 Typo3 1 Typo3 2024-11-21 6.5 MEDIUM 8.8 HIGH
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
CVE-2010-3662 1 Typo3 1 Typo3 2024-11-21 6.5 MEDIUM 8.8 HIGH
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
CVE-2010-3661 1 Typo3 1 Typo3 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.
CVE-2010-3660 1 Typo3 1 Typo3 2024-11-21 3.5 LOW 5.4 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.