Filtered by vendor Typo3
Subscriptions
Total
480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3714 | 1 Typo3 | 1 Typo3 | 2024-08-07 | N/A |
| The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2010-3663 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 8.8 High |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | ||||
| CVE-2010-3674 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-08-07 | 6.1 Medium |
| TYPO3 before 4.4.1 allows XSS in the frontend search box. | ||||
| CVE-2010-3667 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 5.3 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. | ||||
| CVE-2010-3668 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 7.5 High |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | ||||
| CVE-2010-3672 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 6.1 Medium |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. | ||||
| CVE-2010-3665 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 5.4 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | ||||
| CVE-2010-3673 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 5.3 Medium |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | ||||
| CVE-2010-3661 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 6.1 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | ||||
| CVE-2010-3670 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 4.8 Medium |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | ||||
| CVE-2010-3671 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 6.5 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | ||||
| CVE-2010-3666 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 5.3 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | ||||
| CVE-2010-3660 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 5.4 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | ||||
| CVE-2010-3669 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 5.4 Medium |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. | ||||
| CVE-2010-3659 | 1 Typo3 | 1 Typo3 | 2024-08-07 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms. | ||||
| CVE-2010-1218 | 2 Mm Forum, Typo3 | 2 Mmforum, Typo3 | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-1026 | 2 Mathon Nicolas, Typo3 | 2 Tmsw Cleandb, Typo3 | 2024-08-07 | N/A |
| SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-1024 | 2 Chris Wederka, Typo3 | 2 Tgm Newsletter, Typo3 | 2024-08-07 | N/A |
| SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-1027 | 2 Dietmar Schffer, Typo3 | 2 Travelmate, Typo3 | 2024-08-07 | N/A |
| SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-1025 | 2 Chris Wederka, Typo3 | 2 Tgm Newsletter, Typo3 | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||