Filtered by vendor Typo3
Subscriptions
Filtered by product Typo3
Subscriptions
Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4400 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-4655 | 1 Typo3 | 2 Simplesurvey, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-1264 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2025-04-09 | N/A |
| Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | ||||
| CVE-2008-5609 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-5795 | 1 Typo3 | 2 Eluna Page Comments Extension, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6340 | 2 Mathieu Vidal, Typo3 | 2 Mv Vox Populi, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6342 | 2 Lobacher Patrick, Typo3 | 2 Simplefilebrowser, Typo3 | 2025-04-09 | N/A |
| Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| CVE-2008-6459 | 1 Typo3 | 2 Autobeuser, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6461 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6630 | 1 Typo3 | 2 Typo3, Wt Gallery | 2025-04-09 | N/A |
| Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors. | ||||
| CVE-2008-6689 | 2 Kevin Renskers, Typo3 | 2 Dmmjobcontrol, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2006-5069 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2009-3821 | 2 Apache, Typo3 | 2 Solr, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-5096 | 1 Typo3 | 2 File List Extension, Typo3 | 2025-04-09 | N/A |
| Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| CVE-2009-0258 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. | ||||
| CVE-2009-3629 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3818 | 2 Stanislas Rolland, Typo3 | 2 Sr Freecap, Typo3 | 2025-04-09 | N/A |
| Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors. | ||||
| CVE-2009-4345 | 2 Jonas Renggli, Typo3 | 2 Vshoutbox, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4343 | 2 Dominic Eckart, Typo3 | 2 Trainincdb, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3634 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||