Filtered by vendor Typo3
Subscriptions
Filtered by product Typo3
Subscriptions
Total
435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-1020 | 2 Sk-typo3, Typo3 | 2 Sk Simplegallery, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-0338 | 1 Typo3 | 2 Ttpedit, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-1009 | 2 Joachim-ruhs, Typo3 | 2 Educator, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2008-6340 | 2 Mathieu Vidal, Typo3 | 2 Mv Vox Populi, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4400 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2015-8757 | 1 Typo3 | 1 Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation. | ||||
CVE-2009-4963 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4968 | 2 Christian Ehmann, Typo3 | 2 Event Registr, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4165 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-3604 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-3820 | 2 Flagbit, Typo3 | 2 Fb Filebase, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-4885 | 2 Peter Proell, Typo3 | 2 Xing, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-1022 | 2 Marcus Krause, Typo3 | 2 T3sec Saltedpw, Typo3 | 2024-09-16 | N/A |
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. | ||||
CVE-2011-5079 | 2 Netcreators, Typo3 | 2 Irfaq, Typo3 | 2024-09-16 | N/A |
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter." | ||||
CVE-2009-4709 | 2 Dirk Maiwert, Typo3 | 2 Datamints Newsticker, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2008-5087 | 1 Typo3 | 2 Another Backend Login, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-0324 | 2 Patrick Bauerochse, Typo3 | 2 Ref List, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4160 | 2 Kurt Kunig, Typo3 | 2 Kk Downloader, Typo3 | 2024-09-16 | N/A |
Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
CVE-2010-0329 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript." | ||||
CVE-2009-4707 | 2 Maximo Cuadros, Typo3 | 2 Gb Fenewssubmit, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |