27 matches found
Information Disclosure in TYPO3 CMS
It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Information Disclosure Affected Versions: 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0:...
Cross-Site Scripting in TYPO3 CMS Backend
It has been discovered, that TYPO3 CMS is vulnerable to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Cross-Site Scripting Affected Versions: 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C CVE: not...
Remote Code Execution in third party library swiftmailer
It has been discovered, that the third party package swiftmailer/swiftmailer is vulnerable to Remote Code Execution Component Type: TYPO3 CMS Release Date: January 3, 2017 Vulnerability Type: Remote Code Execution Affected Versions: 6.2.0 to 6.2.29, 7.6.0 to 7.6.14 and 8.0.0 to 8.5.0 Severity: Lo...
Insecure Unserialize in TYPO3 Import/Export
It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Import/Export Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity:...
SQL Injection in extension "Browser - TYPO3 without PHP" (browser)
It has been discovered that the extension "Browser - TYPO3 without PHP" browser is susceptible to SQL Injection. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.4.8 and below Vulnerabili...
Cross-Site Scripting in TYPO3 component CSS styled content
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: February 23, 2016 Vulnerable subcomponent: CSS styled content Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3 Severity: Medium...
Denial of Service attack possibility in TYPO3 component Indexed Search
It has been discovered, that TYPO3 is susceptible to a Denial of Service attack. Component Type: TYPO3 CMS Release Date: February 23, 2016 Vulnerable subcomponent: Indexed Search Vulnerability Type: Denial of Service attack Affected Versions: Versions 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3 Severity:...
XML External Entity (XXE) Processing in TYPO3 Core
It has been discovered, that TYPO3 is susceptible to XML External Entity Processing Component Type: TYPO3 CMS Release Date: February 23, 2016 Vulnerable subcomponent: TYPO3 CMS Vulnerability Type: XML External Entity Processing Affected Versions: Versions 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3...
Information Disclosure in extension "Adminer" (t3adminer)
It has been discovered that the extension "Adminer" t3adminer is susceptible to Information Disclosure. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.0.1 and below Vulnerability...
Authentication Bypass in TYPO3 CMS 4.5
It has been discovered that TYPO3 CMS 4.5.x is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Vulnerability Types: Authentication Bypass Overall Severity: Critical Release Date: February 19, 2015 Bulletin Update: February 23, 2015 added CVE Vulnerable subcomponent: rsaauth system...
Multiple vulnerabilities in Content Rating Extbase (content_rating_extbase)
It has been discovered that the extension "Content Rating Extbase" contentratingextbase is susceptible to Cross-Site Scripting and SQL Injection. Release Date: January 9, 2015 Bulletin Update: February 23, 2015 added CVEs Component Type: Third party extension. This extension is not a part of the...
Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to Cross-Site Scripting, Denial of Service and Local File Inclusion. Release Date: December 8, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...
Information Disclosure vulnerability in Dynamic Content Elements (dce)
It has been discovered that the extension "Dynamic Content Elements" dce is susceptible to Information Disclosure. Release Date: October 17, 2014 Bulletin Update: October 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation...
Captcha Bypass in extension "powermail" (powermail)
It has been discovered that the extension "powermail" powermail is susceptible to Captcha Bypass Release Date: April 10, 2014 Bulletin update: September 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions:...
Cross-Site Request Forgery Protection in TYPO3 CMS 6.2
TYPO3 CMS 6.2 will get CSRF Protection throughout all modules and parts that manipulate data. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Request Forgery CSRF Overall Severity: Low Release Date: January 31, 2014 Affected Versions: All versions below 6.2 CVE: Will be requested. Probl...
Several vulnerabilities in extension AWStats (cc_awstats)
It has been discovered that the extension "AWStats" ccawstats contains an unspecific vulnerability in the bundled AWStats version. Release Date: September 25, 2013 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version...
SQL Injection vulnerability in extension RealURL: speaking paths for TYPO3 (realurl)
It has been discovered that the extension "RealURL: speaking paths for TYPO3" realurl is vulnerable to SQL-Injection. Release Date: September 25, 2013 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.12.6 and below...
Cross-Site Scripting Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting. Component Type: TYPO3 Core Affected Versions: 4.4.0 up to 4.4.14, 4.5.0 up to 4.5.14, 4.6.0 up to 4.6.7 and development releases of the 4.7 branch. Vulnerable subcomponent: Exception Handler Vulnerability Type: Cross-Si...
Improper error handling could lead to cache flooding in TYPO3 Core
It has been discovered that TYPO3 is susceptible to Cache Flooding Component Type: TYPO3 Core Affected Versions: 4.2.0 - 4.2.17, 4.3.0 - 4.3.13, 4.4.0 - 4.4.10 and 4.5.0 - 4.5.5 Release Date: September 14, 2011 Vulnerable subcomponent: Caching System Vulnerability Type: Improper error handling...
Several Vulnerabilities in extension Formhandler (formhandler)
It has been discovered that the extension Formhandler formhandler is vulnerable to SQL-Injection and Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.9.14 and below Vulnerability Types: SQL...