Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Typo3 Subscribe
Total 472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4855 1 Typo3 1 Typo3 2017-09-18 7.5 HIGH N/A
** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core."
CVE-2013-7077 1 Typo3 1 Typo3 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7078 1 Typo3 1 Typo3 2017-08-28 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.
CVE-2013-7082 1 Typo3 1 Flow 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
CVE-2013-7074 1 Typo3 1 Typo3 2017-08-28 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
CVE-2013-7076 1 Typo3 1 Typo3 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5569 2 Heiko Sudar, Typo3 2 Slideshare, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5570 2 Axel Jung, Typo3 2 Js Css Optimizer, Typo3 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5322 2 Jan Bednarik, Typo3 2 Cooluri, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4870 2 News Search Project, Typo3 2 News Search, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4749 2 Typo3, Usertask Center Messaging Project 2 Typo3, Usertask Center Messaging 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4871 2 Markus Blaschke, Typo3 2 Tq Seo, Typo3 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-4721 2 3ds, Typo3 2 Push2rss 3ds, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4747 2 Kasper Skarhoj, Typo3 2 Accessible Is Browse Results, Typo3 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4748 2 Georg Ringer, Typo3 2 News, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5302 2 Kennziffer, Typo3 2 Ke Search, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4681 2 Michael Staatz, Typo3 2 Sofortueberweisung2commerce, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4683 2 Christophe Balisky, Typo3 2 Meta Feedit, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4680 2 Typo3, Urs Maag 2 Typo3, Maag Form Captcha 2017-08-28 6.4 MEDIUM N/A
Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-4719 2 Lina Wolf, Typo3 2 Seo Pack For Tt News, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.