Total
437 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3943 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters. | |||||
CVE-2014-3942 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.0 MEDIUM | N/A |
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object. | |||||
CVE-2014-3941 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.0 MEDIUM | N/A |
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing." | |||||
CVE-2013-7081 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.9 MEDIUM | N/A |
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors. | |||||
CVE-2013-7080 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.8 MEDIUM | N/A |
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment." | |||||
CVE-2013-7079 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2013-7078 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072. | |||||
CVE-2013-7077 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-7076 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-7075 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 MEDIUM | N/A |
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature." | |||||
CVE-2013-7074 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2013-7073 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.0 MEDIUM | N/A |
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters. | |||||
CVE-2013-6289 | 2 Ingo Renner, Typo3 | 2 Apache Solr, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-6288 | 2 Ingo Renner, Typo3 | 2 Apache Solr, Typo3 | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." | |||||
CVE-2013-5570 | 2 Axel Jung, Typo3 | 2 Js Css Optimizer, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-5569 | 2 Heiko Sudar, Typo3 | 2 Slideshare, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-5323 | 2 Stanislas Rolland, Typo3 | 2 Static Info Tables, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-5322 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-5310 | 2 Mauro Lorenzutti, Typo3 | 2 Wfqbe, Typo3 | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-5308 | 2 Juralsulek, Typo3 | 2 Realurlmanagement, Typo3 | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |