EUVD-2026-35397

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2010-1009

SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2010-0345

Cross-site scripting XSS vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2021-36785

The miniorangesaml aka Miniorange Saml extension before 1.4.3 for TYPO3 allows XSS...

CVE-2021-28380

The aimeos aka Aimeos shop and e-commerce framework extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account...

CVE-2020-25025

The l10nmgr aka Localization Manager extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure translatable fields...

CVE-2020-15514

The jhcaptcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS...

TYPO3 CMS cross-site scripting vulnerability (CNVD-2017-34699)

TYPO3 CMS is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. Multiple cross-site scripting vulnerabilities exist in TYPO3 CMS. The vulnerabilities can be exploited by remote attackers to inject arbitrary web script or HTML by sending...

CVE-2009-0257

Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 content of indexed files to the a Indexed Search Engine indexedsearch system extension; b...