24 matches found
Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)
It has been discovered that the extension "HTML5 Video Player" html5videoplayer is susceptible to Cross-Site Scripting. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.7.0 and below...
Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)
Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.8 and below Vulnerability Type: Arbitrary Code Execution Severity: High Suggested CVSS v2.0:...
SQL Injection in extension "Browser - TYPO3 without PHP" (browser)
It has been discovered that the extension "Browser - TYPO3 without PHP" browser is susceptible to SQL Injection. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.4.8 and below Vulnerabili...
Information Disclosure in "MMC directmail subscription" (mmc_directmail_subscription)
It has been discovered that the extension "MMC directmail subscription" mmcdirectmailsubscription is susceptible to Information Disclosure. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 0.9.6 an...
SQL Injection in extension "Another simple gallery" (chgallery)
It has been discovered that the extension "Another simple gallery" chgallery is susceptible to SQL Injection. Release Date: March 10, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.5.3 and below Vulnerabilit...
Cross-Site Scripting in extension "List frontend users" (listfeusers)
It has been discovered that the extension "List frontend users" listfeusers is susceptible to Cross-Site Scripting. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.9.9 and below...
Cross-Site Scripting in extension "Apache Solr for TYPO3" (solr)
It has been discovered that the extension "Apache Solr for TYPO3" solr is susceptible to Cross-Site Scripting. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.8.3 and below, 3.0.0 to...
Multiple vulnerabilities in extension "Fe user statistic" (festat)
It has been discovered that the extension "Fe user statistic" festat is susceptible to Cross-Site Scripting, Insecure Unserialize and Information Disclosure. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affecte...
Information Disclosure in extension "Adminer" (t3adminer)
It has been discovered that the extension "Adminer" t3adminer is susceptible to Information Disclosure. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.0.1 and below Vulnerability...
SQL Injection vulnerability in extension Store Locator (locator)
It has been discovered that the extension "Store Locator" locator is susceptible to SQL Injection Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.3.0 and below Vulnerability Type: SQL...
Denial of Service vulnerability in extension Calendar Base (cal)
It has been discovered that the extension "Calendar Base" cal is susceptible to Denial of Service. Release Date: October 17, 2014 Bulletin Update: October 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: a...
Improper Access Control vulnerability in extension fal_sftp (fal_sftp)
It has been discovered that the extension "falsftp" falsftp is susceptible to Improper Access Control. Release Date: October 17, 2014 Bulletin Update: October 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Version...
Cross-Site Scripting in gridelements
It has been discovered that the extension "Grid Elements" gridelements is susceptible to Cross-Site Scripting Release Date: May 27, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.2 and below, 1.5.0 and below...
Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: alphasitemap, femanager kestats, outstats, pxphpids, smarty, wecmap Release Date: February 12, 2014 Bulletin update: September 18, 2014 added CVEs Please read first: This Collective Security Bulletin CSB is a...
Mass Assignment in extension Direct Mail Subscription (direct_mail_subscription)
It has been discovered that the extension "Direct Mail Subscription" directmailsubscription is susceptible to Mass Assignment. Release Date: February 12, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.0.0 an...
Cross-Site Request Forgery Protection in TYPO3 CMS 6.2
TYPO3 CMS 6.2 will get CSRF Protection throughout all modules and parts that manipulate data. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Request Forgery CSRF Overall Severity: Low Release Date: January 31, 2014 Affected Versions: All versions below 6.2 CVE: Will be requested. Probl...
SQL Injection vulnerability in extension RealURL: speaking paths for TYPO3 (realurl)
It has been discovered that the extension "RealURL: speaking paths for TYPO3" realurl is vulnerable to SQL-Injection. Release Date: September 25, 2013 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.12.6 and below...
Several vulnerabilities in extension Apache Solr for TYPO3 (solr)
It has been discovered that the extension "Apache Solr for TYPO3" solr is vulnerable to Cross-Site Scripting and Insecure Unserialize. Release Date: September 25, 2013 Bulletin Update: November 06, 2014 added CVEs Component Type: Third party extension. This extension is not a part of the TYPO3...
SQL Injection vulnerability in extension CoolURI (cooluri)
It has been discovered that the extension "CoolURI" cooluri is vulnerable to SQL Injection. Release Date: February 19, 2012 Bulletin Update: November 06, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Versio...
Several Vulnerabilities in extension commerce (commerce)
It has been discovered that the extension commerce commerce is vulnerable to Cross Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.12.7 and below Vulnerability Types: Cross Site Scripting Severity:...