473 matches found
SQL Injection in extension "News system" (news)
It has been discovered that the extension "News system" news is susceptible to SQL Injection. Release Date: April 10, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 5.3.2 and below Vulnerability Type: SQL...
Remote Code Execution in extension "PHPMailer" (bb_phpmailer)
It has been discovered that the extension "PHPMailer" bbphpmailer is susceptible to Remote Code Execution. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.73.1 and below Vulnerability...
Remote Code Execution in extension "AH Sendmail" (ah_sendmail)
It has been discovered that the extension "AH Sendmail" ahsendmail is susceptible to Remote Code Execution. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.0 and below Vulnerability...
Environment Variable Injection
It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library guzzlehttp/guzzle Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Environment Variable Injection Affected Versions: Versions 8.0.0 to...
Remote Code Execution in third party library swiftmailer
It has been discovered, that the third party package swiftmailer/swiftmailer is vulnerable to Remote Code Execution Component Type: TYPO3 CMS Release Date: January 3, 2017 Vulnerability Type: Remote Code Execution Affected Versions: 6.2.0 to 6.2.29, 7.6.0 to 7.6.14 and 8.0.0 to 8.5.0 Severity: Lo...
Remote Code Execution in extension "Maag Sendmail" (maag_sendmail)
It has been discovered that the extension "Maag Sendmail" maagsendmail is susceptible to Remote Code Execution. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.0 and below Vulnerabili...
Authentication Bypass in TYPO3 Frontend
It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Release Date: February 28, 2017 Vulnerable subcomponent: Frontend Vulnerability Type: Authentication Bypass Affected Versions: Versions 8.2.0 to 8.6.0 Severity: Medium Suggested CVSS v2.0:...
SQL Injection in TYPO3 Frontend Login
It has been discovered, that TYPO3 is susceptible to SQL Injection. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Frontend Login Vulnerability Type: SQL Injection Affected Versions: Versions 6.2.0 to 6.2.25 and 7.6.0 to 7.6.9 Severity: Medium Suggested CVSS v2.0:...
Information Disclosure in extension "Questionnaire" (ke_questionnaire)
It has been discovered that the extension "Questionnaire" kequestionnaire is susceptible to Information Disclosure. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.5.8 and below...
Cross-Site Scripting in news
It has been discovered that the extension "News system" news is susceptible to Cross-Site Scripting Release Date: June 3, 2014 Bulletin update: September 4, 2014 affected version clarification Component Type: Third party extension. This extension is not a part of the TYPO3 default installation...
SQL Injection in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" kesearch is susceptible to SQL Injection. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.4.1 and below Vulnerability Type: SQ...
Cache Flooding in TYPO3 Frontend
It has been discovered, that TYPO3 is vulnerable to Cache Flooding Component Type: TYPO3 CMS Release Date: September 13, 2016 Vulnerability Type: Cache Flooding Affected Versions: 6.2.0 to 6.2.26, 7.6.0 to 7.6.10 and 8.0.0 to 8.3.0 Severity: Low Suggested CVSS v2.0:...
Cross-Site Scripting in extension "Formhandler" (formhandler)
It has been discovered that the extension "Formhandler" formhandler is susceptible to Cross-Site Scripting. Release Date: May 27, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.3.0 and below Vulnerability...
Arbitrary Code Execution in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Arbitrary Code Execution. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Arbitrary Code Execution Affected Versions: 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 Severity: None - High depending on web server configuratio...
SQL Injection in extension "Content Rating Extbase" (content_rating_extbase)
It has been discovered that the extension "Content Rating Extbase" contentratingextbase is susceptible to SQL Injection. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.3 and below...
SQL Injection in extension "Event management and registration" (sf_event_mgt)
It has been discovered that the extension "Event management and registration" sfeventmgt is susceptible to SQL Injection. Release Date: April 10, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.8.0 and below...
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" phpmyadmin has multiple vulnerabilities. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 5.1.6 and below Vulnerability Type: Multiple...
Missing Access Check in extension "Frontend User Registration" (sf_register)
It has been discovered that the extension "Frontend User Registration" sfregister lacks a proper access check. Release Date: May 24, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.7 and below Vulnerability...
Path Traversal in TYPO3 Core
It has been discovered, that TYPO3 is susceptible to Path Traversal. Component Type: TYPO3 CMS Release Date: November 22, 2016 Vulnerable subcomponent: Core Vulnerability Type: Path Traversal Affected Versions: Versions 6.2.0 to 6.2.28, 7.6.0 to 7.6.12 and 8.0.0 to 8.4.0 Severity: Low Suggested...
Non-Persistent Cross-Site Scripting in extension "Static Methods since 2007" (div2007)
It has been discovered that the extension "Static Methods since 2007" div2007 is susceptible to Cross-Site Scripting. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.6.8 and below...
Cross-Site Scripting in TYPO3 CMS
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: February 28, 2017 Vulnerability Type: Cross-Site Scripting Affected Versions: 7.6.0 to 7.6.15 and 8.0.0 to 8.6.0 Severity: Low Suggested CVSS v2.0:...
Information Disclosure in TYPO3 CMS
It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Information Disclosure Affected Versions: 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0:...
Missing Access Check in TYPO3 CMS
It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. Component Type: TYPO3 CMS Release Date: May 24, 2016 Vulnerable subcomponent: Extbase Vulnerability Type: Missing access check Affected Versions: Versions 4.3.0 up to 8.1.0 Severity: Critical Suggested CVSS v2.0:...
SQL Injection in extension "GN Tactics Planner" (sf_gntactics)
It has been discovered that the extension "GN Tactics Planner" sfgntactics is susceptible to SQL Injection. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.2.8 and below...
Cross-Site Scripting in extension "Bootstrap Package" (bootstrap_package)
It has been discovered that the extension "Bootstrap Package" bootstrappackage is susceptible to Cross-Site Scripting. Release Date: June 15, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.15 and below...
Cross-Site Scripting in TYPO3 Backend
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity: Mediu...
Information Disclosure in TYPO3 CMS
It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Information Disclosure Affected Versions: 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0:...
Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)
Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.8 and below Vulnerability Type: Arbitrary Code Execution Severity: High Suggested CVSS v2.0:...
Cross-Site Scripting in TYPO3 CMS Backend
It has been discovered, that TYPO3 CMS is vulnerable to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Cross-Site Scripting Affected Versions: 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C CVE: not...
Insecure Unserialize in TYPO3 Backend
It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: November 22, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.28, 7.6.0 to 7.6.12 and 8.0.0 to 8.4.0 Severity:...
Insecure Unserialize in extension "Page path" (pagepath)
It has been discovered that the extension "Page path" pagepath is susceptible to Insecure Unserialize. Release Date: July 7, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.3 and below Vulnerability Type:...
Path Traversal in extension "Media management" (media)
It has been discovered that the extension "Media management" media is susceptible to Path Traversal. Release Date: May 27, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 4.0.3 and below Vulnerability Type: Pat...
Multiple vulnerabilities in extension "TC Directmail " (tcdirectmail)
It has been discovered that the extension "TC Directmail " tcdirectmail is susceptible to Cross Site-Scripting and SQL Injection. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.1.1...
Insecure Unserialize in TYPO3 Import/Export
It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Import/Export Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity:...
Cross-Site Scripting in extension "CCDebug" (cc_debug)
It has been discovered that the extension "CCDebug" ccdebug is susceptible to Cross-Site Scripting. Release Date: July 7, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.0 and below Vulnerability Type:...
Multiple vulnerabilities in extension "http:BL Blocking" (mh_httpbl)
It has been discovered that the extension "http:BL Blocking" mhhttpbl is susceptible to SQL Injection and Cross-Site Scripting. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 1.1.7 and below...
Cross Site-Scripting in extension "Secure Download Form" (rs_securedownload)
It has been discovered that the extension "Secure Download Form" rssecuredownload is susceptible to Cross Site-Scripting. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.3.2 and bel...
SQL Injection in extension "Member Infosheets" (if_membersheet)
It has been discovered that the extension "Member Infosheets" ifmembersheet is susceptible to SQL Injection. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.1.2 and below...
Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)
It has been discovered that the extension "HTML5 Video Player" html5videoplayer is susceptible to Cross-Site Scripting. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.7.0 and below...
Information Disclosure in "MMC directmail subscription" (mmc_directmail_subscription)
It has been discovered that the extension "MMC directmail subscription" mmcdirectmailsubscription is susceptible to Information Disclosure. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 0.9.6 an...
SQL Injection in extension "Events" (jp_events)
It has been discovered that the extension "Events" jpevents is susceptible to SQL Injection. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.0.2 and below Vulnerability Type: SQL...
Cross-Site Scripting in third party library mso/idna-convert
It has been discovered, that TYPO3 ships example code of mso/idna-convert library that is vulnerable to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Cross-Site Scripting Affected Versions: 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity: Low Suggested...
Denial of Service in extension "Speaking URLs for TYPO3" (realurl)
It has been discovered that the extension "Speaking URLs for TYPO3" realurl is susceptible to Denial of Service. Release Date: September 8, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.0 to 2.0.14...
SQL Injection in extension "Browser - TYPO3 without PHP" (browser)
It has been discovered that the extension "Browser - TYPO3 without PHP" browser is susceptible to SQL Injection. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.4.8 and below Vulnerabili...
Insecure Unserialize and SQL Injection in extension "Code Highlighter" (mh_code_highlighter)
It has been discovered that the extension "Code Highlighter" mhcodehighlighter is susceptible to Insecure Unserialize and SQL Injection. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: versio...
Cross-Site Scripting vulnerability in typolinks
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity: Low Suggested CVSS v2.0:...
SQL Injection in extension "Shibboleth Authentication" (shibboleth_auth)
It has been discovered that the extension "Shibboleth Authentication" shibbolethauth is susceptible to SQL Injection. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.6.3 and below...
Unvalidated Redirect in extension "TC Directmail" (tcdirectmail)
It has been discovered that the extension "TC Directmail" tcdirectmail is susceptible to Unvalidated Redirect. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.1.2 and below...
Cross-Site Scripting in extension "Store Locator" (locator)
It has been discovered that the extension "Store Locator" locator is susceptible to Cross-Site Scripting. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.3.6 and below Vulnerability...
Cross-Site Scripting in TYPO3 Backend
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: September 13, 2016 Vulnerability Type: Cross-Site Scripting Affected Versions: 6.2.0 to 6.2.26, 7.6.0 to 7.6.10 and 8.0.0 to 8.3.0 Severity: Low Suggested CVSS v2.0:...