Lucene search
K
Typo3Most viewed

473 matches found

Typo3
Typo3
added 2016/07/19 12:0 a.m.477 views

Information Disclosure in TYPO3 Backend

It has been discovered, that TYPO3 is susceptible to Information Disclosure. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Information Disclosure Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity: L...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/09/30 12:0 a.m.320 views

Cross-Site Scripting in extension "News system" (news)

It has been discovered that the extension "News system" news is susceptible to Cross-Site Scripting. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.2.1 and below Vulnerability Typ...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/02/19 12:0 a.m.255 views

Authentication Bypass in TYPO3 CMS 4.5

It has been discovered that TYPO3 CMS 4.5.x is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Vulnerability Types: Authentication Bypass Overall Severity: Critical Release Date: February 19, 2015 Bulletin Update: February 23, 2015 added CVE Vulnerable subcomponent: rsaauth system...

2.6CVSS0.7AI score0.0152EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2013/08/05 12:0 a.m.235 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: browser, kesearch, locator, realurlmanagement, wfqbe Release Date: August 05, 2013 Bulletin update: September 5, 2014 added CVEs Please read first: This Collective Security Bulletin CSB is a listing of vulnerab...

10CVSS7.3AI score0.01872EPSS
Exploits0Affected Software5
Typo3
Typo3
added 2021/03/16 12:0 a.m.224 views

Unrestricted File Upload in Form Framework

Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default fileDenyPattern successfully blocked files like .htaccess or malicious.php...

7.5CVSS3.9AI score0.01631EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2008/05/13 12:0 a.m.189 views

Cross Site Scripting vulnerability in extension Questionaire (pbsurvey)

It has been discovered that the extension Questionaire pbsurvey is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.2.0 and below Vulnerability Type: Cross Site...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2014/05/22 12:0 a.m.179 views

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...

6CVSS6AI score0.04465EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/02/12 12:0 a.m.177 views

Mass Assignment in extension Direct Mail Subscription (direct_mail_subscription)

It has been discovered that the extension "Direct Mail Subscription" directmailsubscription is susceptible to Mass Assignment. Release Date: February 12, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.0.0 an...

6.5CVSS0.1AI score0.01272EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2013/09/04 12:0 a.m.168 views

Incomplete Access Management and Remote Code Execution Vulnerability in TYPO3 Core

It has been discovered that TYPO3 Core has Incomplete Access Management and is vulnerable to Remote Code Execution Component Type: TYPO3 Core Vulnerability Types: Cross-Site Scripting, Remote Code Execution Overall Severity: Critical Release Date: September 4, 2013 Vulnerable subcomponent: File...

6.5CVSS6.6AI score0.01118EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/02/12 12:0 a.m.161 views

Access Bypass in extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase)

It has been discovered that the extensions "Yet Another Gallery" yag and "Tools for Extbase development" ptextbase are susceptible to Access Bypass Release Date: February 12, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...

7.5CVSS6.5AI score0.01523EPSS
Exploits0Affected Software2
Typo3
Typo3
added 2010/12/16 12:0 a.m.149 views

Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Arbitrary Code Execution, Path Traversal, Cross-Site Scripting XSS, SQL injection and Information Disclosure. Component Type: TYPO3 Core Affected Versions: 4.2.15 and below, 4.3.8 and below, 4.4.4 and below Vulnerability Types: Arbitrary Cod...

6.8CVSS7.1AI score0.03117EPSS
Exploits1Affected Software1
Typo3
Typo3
added 2021/03/16 12:0 a.m.146 views

Cross-Site Scripting in Content Preview

It has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability...

3.5CVSS2.1AI score0.00872EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/10/22 12:0 a.m.145 views

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Denial of Service and Arbitrary Shell Execution! Component Type: TYPO3 CMS Vulnerability Types: Denial of Service, Arbitrary Shell Execution Overall Severity: Medium Release Date: October 22, 2014 Vulnerable subcomponent: OpenID System...

7.5CVSS0.5AI score0.02997EPSS
Exploits1Affected Software1
Typo3
Typo3
added 2015/01/09 12:0 a.m.142 views

Multiple vulnerabilities in Content Rating Extbase (content_rating_extbase)

It has been discovered that the extension "Content Rating Extbase" contentratingextbase is susceptible to Cross-Site Scripting and SQL Injection. Release Date: January 9, 2015 Bulletin Update: February 23, 2015 added CVEs Component Type: Third party extension. This extension is not a part of the...

7.5CVSS6.2AI score0.01262EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/09/25 12:0 a.m.142 views

Several vulnerabilities in extension JobControl (dmmjobcontrol)

It has been discovered that the extension "JobControl" dmmjobcontrol is susceptible to Cross-Site Scripting and SQL Injection. Release Date: September 25, 2014 Bulletin update: October 6, 2014 added CVEs Component Type: Third party extension. This extension is not a part of the TYPO3 default...

7.5CVSS6.2AI score0.03236EPSS
Exploits2Affected Software1
Typo3
Typo3
added 2014/02/12 12:0 a.m.137 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: alphasitemap, femanager kestats, outstats, pxphpids, smarty, wecmap Release Date: February 12, 2014 Bulletin update: September 18, 2014 added CVEs Please read first: This Collective Security Bulletin CSB is a...

7.5CVSS7.3AI score0.01688EPSS
Exploits0Affected Software6
Typo3
Typo3
added 2021/12/16 12:0 a.m.136 views

Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

The critical vulnerability that was recently exposed in the log4j Java library is currently going through the media and some TYPO3 users are unsure whether TYPO3 CMS or TYPO3 extensions are affected by this vulnerability too...

9.3CVSS4.1AI score0.99999EPSS
Exploits353
Typo3
Typo3
added 2014/04/10 12:0 a.m.136 views

Captcha Bypass in extension "powermail" (powermail)

It has been discovered that the extension "powermail" powermail is susceptible to Captcha Bypass Release Date: April 10, 2014 Bulletin update: September 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions:...

7.5CVSS6.3AI score0.01912EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2013/01/28 12:0 a.m.136 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: attacalendar, attacpetition, eusubscribe, exinitjoboffer, fefilebrowser, jscssoptimizer, kkcsv2table, lonewsseo, mnmysql2json, newssearch, tipafriendplus, twitterauth, sofortueberweisung2commerce, sysmessages...

4.3CVSS7.4AI score0.01161EPSS
Exploits0Affected Software14
Typo3
Typo3
added 2011/05/11 12:0 a.m.132 views

Blind SQL Injection vulnerability in extension "powermail" (powermail)

It has been discovered that the extension powermail powermail is vulnerable to Blind SQL Injection. Release Date: May 11, 2011 Version 1 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.6.0, 1.6.1 and 1.6.2...

8.1AI score
Exploits0Affected Software1
Typo3
Typo3
added 2013/07/30 12:0 a.m.129 views

Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution Component Type: TYPO3 Core Vulnerability Types: Cross-Site Scripting, Remote Code Execution Overall Severity: Critical Release Date: July 30, 2013 Vulnerable subcomponent: Third Party Libraries...

6.5CVSS2.1AI score0.07263EPSS
Exploits2Affected Software1
Typo3
Typo3
added 2010/01/14 12:0 a.m.125 views

Vulnerability in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to authentication bypass. Component Type: TYPO3 Core Affected Versions: TYPO3 version 4.3.0 with enabled system extension "openid" Vulnerability Types: Authentication Bypass Overall Severity: High Release Date: January 14, 2010 Vulnerable...

5.1CVSS6.5AI score0.01303EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2021/03/16 12:0 a.m.124 views

SQL Injection in extension "VHS: Fluid ViewHelpers" (vhs)

It has been discovered that the extension is susceptible to blind SQL Injection when user input is passed to the isLanguageViewHelper...

7.5CVSS3.5AI score0.01039EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2016/03/24 12:0 a.m.123 views

Multiple vulnerabilities in extension "Ajax mail subscription" (ods_ajaxmailsubscription)

It has been discovered that the extension "Ajax mail subscription" odsajaxmailsubscription is susceptible to Insecure Authentication and Session Handling. Release Date: March 24, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...

7.1AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/07/12 12:0 a.m.120 views

Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2014/12/08 12:0 a.m.120 views

Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to Cross-Site Scripting, Denial of Service and Local File Inclusion. Release Date: December 8, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...

6.5CVSS0.6AI score0.11055EPSS
Exploits6Affected Software1
Typo3
Typo3
added 2013/09/25 12:0 a.m.120 views

Several vulnerabilities in extension Apache Solr for TYPO3 (solr)

It has been discovered that the extension "Apache Solr for TYPO3" solr is vulnerable to Cross-Site Scripting and Insecure Unserialize. Release Date: September 25, 2013 Bulletin Update: November 06, 2014 added CVEs Component Type: Third party extension. This extension is not a part of the TYPO3...

10CVSS5.7AI score0.02234EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2015/09/08 12:0 a.m.119 views

Non-Persistent Cross-Site Scripting

It has been discovered, that TYPO3 is susceptible to Non-Persistent Cross-Site Scripting Component Type: TYPO3 CMS Release Date: September 8, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.14, 7.0.0 to 7.3.0 Severity: Low...

3.5CVSS6.2AI score0.02006EPSS
Exploits3Affected Software1
Typo3
Typo3
added 2013/09/25 12:0 a.m.119 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: booking, cronmmratsinfo, icsawstats, iflowgallery, keuserregister, metabeawstatsind, powermailoptin, smarty, youtubevideos Release Date: September 25, 2013 Please read first: This Collective Security Bulletin C...

4.3CVSS6.9AI score0.05796EPSS
Exploits1Affected Software8
Typo3
Typo3
added 2014/12/09 12:0 a.m.115 views

Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Link Spoofing and Cache Poisoning. Component Type: TYPO3 CMS Vulnerability Types: Link Spoofing, Cache Poisoning Overall Severity: Medium Release Date: December 10, 2014 Vulnerable subcomponent: Frontend Rendering Vulnerability Type: Link...

4.3CVSS6.2AI score0.01724EPSS
Exploits1Affected Software1
Typo3
Typo3
added 2019/05/07 12:0 a.m.113 views

Cross-Site Scripting in jQuery before 3.4.0

jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

4.3CVSS1.2AI score0.87218EPSS
Exploits4Affected Software1
Typo3
Typo3
added 2013/12/10 12:0 a.m.113 views

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Information Disclosure, Mass Assignment, Open Redirection and Insecure Unserialize. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Information Disclosure, Mass Assignment, Open Redirection and...

6.5CVSS6AI score0.0164EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/09/02 12:0 a.m.110 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: cwtfeedit, euldap, flatmgr, jhopengraphprotocol, kedompdf, lumophpinclude, newspack, sbakronymmanager, staddressma, weeaargooglesitemap,. wtdirectory Release Date: September 02, 2014 Bulletin update: September ...

7.5CVSS7.2AI score0.05573EPSS
Exploits4Affected Software11
Typo3
Typo3
added 2019/01/22 12:0 a.m.108 views

Cross-Site Scripting in Bootstrap CSS toolkit

It has been discovered that the third party library Bootstrap CSS toolkit is vulnerable to cross-site scripting. Details are mentioned in a dedicated vulnerability report at...

4.3CVSS5.9AI score0.04293EPSS
Exploits1Affected Software1
Typo3
Typo3
added 2020/07/29 12:0 a.m.105 views

Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)

The extension fails to properly encode user input for output in HTML context. In addition, the extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting...

4.3CVSS0.4AI score0.99019EPSS
Exploits11Affected Software1
Typo3
Typo3
added 2020/03/10 12:0 a.m.105 views

SQL Injection in extension "phpmyadmin" (phpmyadmin)

Multiple vulnerabilities have been found in the phpMyAdmin component...

7.5CVSS2AI score0.38778EPSS
Exploits4Affected Software1
Typo3
Typo3
added 2016/03/10 12:0 a.m.105 views

Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to unsafe comparison of XSRF/CSRF token, multiple full path disclosure vulnerabilities, multiple XSS vulnerabilities, insecure password generation in JavaScript. Release Date: March 10, 2016 Component Type: Third par...

5CVSS0.2AI score0.02688EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2018/08/09 12:0 a.m.104 views

Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...

5.1CVSS3.5AI score0.50427EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/11/05 12:0 a.m.104 views

Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to Cross-Site Scripting. Release Date: November 5, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 4.18.0, 4.18.1, 4.18.2 and 4.18.3...

3.5CVSS6.1AI score0.01617EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2021/10/05 12:0 a.m.102 views

HTTP Host Header Injection in Request Handling

It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can b...

5CVSS0.6AI score0.02662EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2015/01/09 12:0 a.m.100 views

Multiple vulnerabilities in Content Rating (content_rating)

It has been discovered that the extension "Content Rating" contentrating is susceptible to Cross-Site Scripting and SQL Injection. Release Date: January 9, 2015 Bulletin Update: February 23, 2015 added CVEs Component Type: Third party extension. This extension is not a part of the TYPO3 default...

7.5CVSS6.2AI score0.01288EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2012/04/17 12:0 a.m.100 views

Cross-Site Scripting Vulnerability in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting. Component Type: TYPO3 Core Affected Versions: 4.4.0 up to 4.4.14, 4.5.0 up to 4.5.14, 4.6.0 up to 4.6.7 and development releases of the 4.7 branch. Vulnerable subcomponent: Exception Handler Vulnerability Type: Cross-Si...

4.3CVSS0.2AI score0.01387EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2010/08/23 12:0 a.m.98 views

TYPO3 Security Bulletin

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.8.1 and below Vulnerability Type: Cross-Site Scripting Severit...

4.3CVSS1.6AI score0.0268EPSS
Exploits1Affected Software1
Typo3
Typo3
added 2014/10/17 12:0 a.m.95 views

Improper Access Control vulnerability in extension fal_sftp (fal_sftp)

It has been discovered that the extension "falsftp" falsftp is susceptible to Improper Access Control. Release Date: October 17, 2014 Bulletin Update: October 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Version...

4CVSS6.2AI score0.01082EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2009/01/23 12:0 a.m.93 views

XSS and SQL injection vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to XSS and SQL injections. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.3.0 and all versions below Vulnerability Type: Cross-Site...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2014/02/12 12:0 a.m.92 views

Insecure Unserialize in extension News (tt_news)

It has been discovered that the extension "News" ttnews is susceptible to Insecure Unserialize. Release Date: February 12, 2014 Bulletin update: September 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions:...

7.5CVSS6.3AI score0.01309EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2020/05/12 12:0 a.m.92 views

Cross-Site Scripting in Link Handling

It has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting - properties being assigned as HTML attributes have not been parsed correctly...

3.5CVSS1.1AI score0.0054EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2010/07/29 12:0 a.m.91 views

TYPO3 Security Bulletin

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Broken Access Control. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.1.0 till 4.8.0 including Vulnerability Type: Broken Access...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2014/05/27 12:0 a.m.90 views

Cross-Site Scripting in gridelements

It has been discovered that the extension "Grid Elements" gridelements is susceptible to Cross-Site Scripting Release Date: May 27, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.2 and below, 1.5.0 and below...

3.5CVSS6AI score0.00946EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2009/08/18 12:0 a.m.87 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: "AIRware Lexicon" airlexicon, "AST ZipCodeSearch" astaddresszipsearch, "Car" car, "Event Registration" eventregistr, "Solidbase Bannermanagement" SBbanner, "t3maffiliate" t3maffiliate, "AJAX Chat" vjchat Releas...

7.8AI score
Exploits0Affected Software7
Total number of security vulnerabilities473