Filtered by vendor Typo3
Subscribe
Total
482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4391 | 2 Daniel Regelein, Typo3 | 2 Dr Blob, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4390 | 2 Jochen Rieger, Typo3 | 2 Car, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4389 | 2 Robert Puntigam, Typo3 | 2 Aba Watchdog, Typo3 | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
| CVE-2009-4388 | 2 Frank Krger, Typo3 | 2 Nl Listman, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4346 | 2 Toni Milovan, Typo3 | 2 Fe Rtenews, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4345 | 2 Jonas Renggli, Typo3 | 2 Vshoutbox, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4344 | 2 Tobias Sommer, Typo3 | 2 Zid Linklist, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4343 | 2 Dominic Eckart, Typo3 | 2 Trainincdb, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4342 | 2 Melvin Mach, Typo3 | 2 Jobexchange, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2009-4341 | 2 Mischa Heissmann, Typo3 | 2 No Indexed Search, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2009-4340 | 2 Mischa Heissmann, Typo3 | 2 No Indexed Search, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4339 | 2 Stephan Vits, Typo3 | 2 Mf Subscription, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2009-4338 | 2 Jean-david Gadina, Typo3 | 2 Slideshow, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2009-4337 | 2 Simon Rundell, Typo3 | 2 Pd Calendar Today, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691. | |||||
| CVE-2009-4336 | 2 Simon Rundell, Typo3 | 2 Pd Calendar Today, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4167 | 2 Lukas Taferner, Typo3 | 2 It Basetag, Typo3 | 2024-11-21 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors. | |||||
| CVE-2009-4166 | 2 Michal Hadr, Typo3 | 2 Mchtrips, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4165 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4164 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4163 | 2 Tw Productfinder, Typo3 | 2 Tw Productfinder, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||