Total
472 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4885 | 2 Peter Proell, Typo3 | 2 Xing, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0338 | 1 Typo3 | 2 Ttpedit, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-1087 | 2 Bluechip, Typo3 | 2 Bc Post2facebook, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4711 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686. | |||||
| CVE-2010-0342 | 1 Typo3 | 2 Job Reports, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-3530 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events. | |||||
| CVE-2010-0343 | 1 Typo3 | 2 Pb Clanlist, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-1007 | 2 Chi Hoang, Typo3 | 2 Ch Lightem, Typo3 | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2009-4955 | 2 Thomas Hempel, Typo3 | 2 Th Ultracards, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4951 | 2 Hans Olthoff, Typo3 | 2 Alternet Csa Out, Typo3 | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2009-4956 | 2 Typo3, Wapplersystems | 2 Typo3, Ws Stats | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1015 | 2 Laurent Foulloy, Typo3 | 2 Sav Filter Abc, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-7079 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-4746 | 2 Kurt Gusbeth, Typo3 | 2 Myquizpoll, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1022 | 2 Marcus Krause, Typo3 | 2 T3sec Saltedpw, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2013-5323 | 2 Stanislas Rolland, Typo3 | 2 Static Info Tables, Typo3 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0336 | 1 Typo3 | 2 Kiddog Mysqldumper, Typo3 | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
| CVE-2009-4959 | 2 Stefan Koch, Typo3 | 2 T3m, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-1071 | 2 Mathieu Vidal, Typo3 | 2 Mv Cooking, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012. | |||||
| CVE-2012-1608 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters. | |||||