Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Typo3 Subscribe
Total 472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4701 2 Liviu Mitrofan, Typo3 2 Myth Download, Typo3 2010-03-15 7.5 HIGH N/A
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4705 2 Thomas Loeffler, Typo3 2 Twittersearch, Typo3 2010-03-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0798 2 Snowflake, Typo3 2 T3blog, Typo3 2010-03-02 7.5 HIGH N/A
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0797 2 Snowflake, Typo3 2 T3blog, Typo3 2010-03-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0327 2 Julian Kleinhans, Typo3 2 Kj Imagelightbox2, Typo3 2010-01-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490.
CVE-2010-0322 2 Matthias Karr, Typo3 2 Mk Anydropdownmenu, Typo3 2010-01-18 7.5 HIGH N/A
SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0323 2 Arco Van Geest, Typo3 2 Goof Fotoboek, Typo3 2010-01-17 7.8 HIGH N/A
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2010-0328 2 Rastislav Birka, Typo3 2 Cs2 Unitconv, Typo3 2010-01-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0326 3 Francois Suter, Rene Fritz, Typo3 3 Devlog, Devlog, Typo3 2010-01-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0330 2 Julian Fries, Typo3 2 Jf Easymaps, Typo3 2010-01-17 7.5 HIGH N/A
SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0325 2 Sebastian Baumann, Typo3 2 Sb Folderdownload, Typo3 2010-01-17 5.0 MEDIUM N/A
Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2010-0345 1 Typo3 2 Majordomo, Typo3 2010-01-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0324 2 Patrick Bauerochse, Typo3 2 Ref List, Typo3 2010-01-17 7.5 HIGH N/A
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4392 1 Typo3 2 Typo3, Xds Staff 2010-01-07 7.5 HIGH N/A
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4393 2 Daniel Ptzinger, Typo3 2 Danp Documentdirs, Typo3 2010-01-06 7.5 HIGH N/A
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4397 2 Fr.simon Rundell, Typo3 2 Pd Resources, Typo3 2009-12-27 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4391 2 Daniel Regelein, Typo3 2 Dr Blob, Typo3 2009-12-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4390 2 Jochen Rieger, Typo3 2 Car, Typo3 2009-12-23 7.5 HIGH N/A
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4389 2 Robert Puntigam, Typo3 2 Aba Watchdog, Typo3 2009-12-23 5.0 MEDIUM N/A
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2009-4388 2 Frank Krger, Typo3 2 Nl Listman, Typo3 2009-12-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.