Lucene search
K

96 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.7 views

CVE-2021-28380

The aimeos aka Aimeos shop and e-commerce framework extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account...

5.4CVSS5.8AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.10 views

CVE-2024-34355

TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML...

5.4CVSS6.8AI score0.00586EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.9 views

CVE-2022-31048

TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit...

5.4CVSS6.4AI score0.00717EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1272

Malware in sbrugna...

4.9CVSS4.9AI score0.01406EPSS
Exploits3References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0407

Malware in sbrugna...

5.4CVSS5.3AI score0.0054EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-0653

Malware in sbrugna...

5.4CVSS5.3AI score0.00872EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1425

Malware in sbrugna...

5.4CVSS5.4AI score0.00534EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0723

Malware in sbrugna...

5.4CVSS5.3AI score0.00872EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-1865

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00586EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1655

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00502EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 1:13 a.m.4 views

CVE-2022-23504

TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers coul...

5.7CVSS6.5AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:32 p.m.6 views

CVE-2021-21340

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to explo...

5.4CVSS6AI score0.00872EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:32 p.m.4 views

CVE-2021-21357

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework...

8.3CVSS6.9AI score0.01606EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.6 views

CVE-2021-21358

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed...

5.4CVSS6.3AI score0.00872EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:43 p.m.10 views

CVE-2021-31778

The media2click aka 2 Clicks for External Media extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account...

5.4CVSS6AI score0.00534EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 p.m.11 views

CVE-2021-31779

The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...

6.4CVSS6.8AI score0.00474EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:52 p.m.3 views

CVE-2021-43561

An XSS issue was discovered in the googleforjobs aka Google for Jobs extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

5.4CVSS5.8AI score0.00493EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:8 p.m.6 views

CVE-2020-11064

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is need...

5.4CVSS6.2AI score0.0054EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/28 12:0 a.m.10 views

CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...

7.1AI score0.00684EPSS
Exploits1References3
Veracode
Veracode
added 2024/07/05 7:54 p.m.9 views

Insecure Deserialization

TYPO3 is vulnerable to Insecure Deserialization. The vulnerability is due to failing to properly validate incoming data in the suggest wizard, which allows an attacker to exploit insecure unserialize operations. A valid backend user account is required to exploit this vulnerability...

6.9AI score
Exploits0
Rows per page
Query Builder