Lucene search
K

24 matches found

Typo3
Typo3
added 2016/11/11 12:0 a.m.486 views

Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)

It has been discovered that the extension "HTML5 Video Player" html5videoplayer is susceptible to Cross-Site Scripting. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.7.0 and below...

6.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/09/12 12:0 a.m.497 views

Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)

Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.8 and below Vulnerability Type: Arbitrary Code Execution Severity: High Suggested CVSS v2.0:...

7.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/05/31 12:0 a.m.485 views

SQL Injection in extension "Browser - TYPO3 without PHP" (browser)

It has been discovered that the extension "Browser - TYPO3 without PHP" browser is susceptible to SQL Injection. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.4.8 and below Vulnerabili...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/05/31 12:0 a.m.487 views

Information Disclosure in "MMC directmail subscription" (mmc_directmail_subscription)

It has been discovered that the extension "MMC directmail subscription" mmcdirectmailsubscription is susceptible to Information Disclosure. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 0.9.6 an...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/03/10 12:0 a.m.15 views

SQL Injection in extension "Another simple gallery" (chgallery)

It has been discovered that the extension "Another simple gallery" chgallery is susceptible to SQL Injection. Release Date: March 10, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.5.3 and below Vulnerabilit...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/03/03 12:0 a.m.20 views

Cross-Site Scripting in extension "List frontend users" (listfeusers)

It has been discovered that the extension "List frontend users" listfeusers is susceptible to Cross-Site Scripting. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.9.9 and below...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/03/03 12:0 a.m.37 views

Cross-Site Scripting in extension "Apache Solr for TYPO3" (solr)

It has been discovered that the extension "Apache Solr for TYPO3" solr is susceptible to Cross-Site Scripting. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.8.3 and below, 3.0.0 to...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/03/03 12:0 a.m.11 views

Multiple vulnerabilities in extension "Fe user statistic" (festat)

It has been discovered that the extension "Fe user statistic" festat is susceptible to Cross-Site Scripting, Insecure Unserialize and Information Disclosure. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affecte...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/09/30 12:0 a.m.20 views

Information Disclosure in extension "Adminer" (t3adminer)

It has been discovered that the extension "Adminer" t3adminer is susceptible to Information Disclosure. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.0.1 and below Vulnerability...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/06/15 12:0 a.m.8 views

SQL Injection vulnerability in extension Store Locator (locator)

It has been discovered that the extension "Store Locator" locator is susceptible to SQL Injection Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.3.0 and below Vulnerability Type: SQL...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2014/10/17 12:0 a.m.46 views

Denial of Service vulnerability in extension Calendar Base (cal)

It has been discovered that the extension "Calendar Base" cal is susceptible to Denial of Service. Release Date: October 17, 2014 Bulletin Update: October 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: a...

7.8CVSS6.3AI score0.01819EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/10/17 12:0 a.m.93 views

Improper Access Control vulnerability in extension fal_sftp (fal_sftp)

It has been discovered that the extension "falsftp" falsftp is susceptible to Improper Access Control. Release Date: October 17, 2014 Bulletin Update: October 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Version...

4CVSS6.2AI score0.01082EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/05/27 12:0 a.m.90 views

Cross-Site Scripting in gridelements

It has been discovered that the extension "Grid Elements" gridelements is susceptible to Cross-Site Scripting Release Date: May 27, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.2 and below, 1.5.0 and below...

3.5CVSS6AI score0.00946EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/02/12 12:0 a.m.137 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: alphasitemap, femanager kestats, outstats, pxphpids, smarty, wecmap Release Date: February 12, 2014 Bulletin update: September 18, 2014 added CVEs Please read first: This Collective Security Bulletin CSB is a...

7.5CVSS7.3AI score0.01688EPSS
Exploits0Affected Software6
Typo3
Typo3
added 2014/02/12 12:0 a.m.177 views

Mass Assignment in extension Direct Mail Subscription (direct_mail_subscription)

It has been discovered that the extension "Direct Mail Subscription" directmailsubscription is susceptible to Mass Assignment. Release Date: February 12, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.0.0 an...

6.5CVSS0.1AI score0.01272EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/01/28 12:0 a.m.18 views

Cross-Site Request Forgery Protection in TYPO3 CMS 6.2

TYPO3 CMS 6.2 will get CSRF Protection throughout all modules and parts that manipulate data. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Request Forgery CSRF Overall Severity: Low Release Date: January 31, 2014 Affected Versions: All versions below 6.2 CVE: Will be requested. Probl...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2013/09/25 12:0 a.m.27 views

SQL Injection vulnerability in extension RealURL: speaking paths for TYPO3 (realurl)

It has been discovered that the extension "RealURL: speaking paths for TYPO3" realurl is vulnerable to SQL-Injection. Release Date: September 25, 2013 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.12.6 and below...

7.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2013/09/25 12:0 a.m.120 views

Several vulnerabilities in extension Apache Solr for TYPO3 (solr)

It has been discovered that the extension "Apache Solr for TYPO3" solr is vulnerable to Cross-Site Scripting and Insecure Unserialize. Release Date: September 25, 2013 Bulletin Update: November 06, 2014 added CVEs Component Type: Third party extension. This extension is not a part of the TYPO3...

10CVSS5.7AI score0.02234EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2013/02/19 12:0 a.m.46 views

SQL Injection vulnerability in extension CoolURI (cooluri)

It has been discovered that the extension "CoolURI" cooluri is vulnerable to SQL Injection. Release Date: February 19, 2012 Bulletin Update: November 06, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Versio...

7.5CVSS6.9AI score0.01352EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2012/12/21 12:0 a.m.12 views

Several Vulnerabilities in extension commerce (commerce)

It has been discovered that the extension commerce commerce is vulnerable to Cross Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.12.7 and below Vulnerability Types: Cross Site Scripting Severity:...

6.6AI score
Exploits0Affected Software1
Rows per page
Query Builder