Lucene search
K
Typo3Most viewed

473 matches found

Typo3
Typo3
•added 2021/07/20 12:0 a.m.•17 views

Cross-Site Scripting in Backend Grid View

Failing to properly encode settings for backend layouts, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability...

3.5CVSS2.8AI score0.00603EPSS
Exploits0Affected Software1
Typo3
Typo3
•added 2020/07/07 12:0 a.m.•17 views

Broken Access Control in extension "typo3_forum" (typo3_forum)

The ACL check of the extension is broken under certain conditions allowing anonymous users to create forum posts although this feature is disabled for anonymous users in the access control list...

5CVSS4.6AI score0.00847EPSS
Exploits0Affected Software1
Typo3
Typo3
•added 2019/06/25 12:0 a.m.•17 views

Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2016/03/10 12:0 a.m.•17 views

SQL Injection in extension "Another simple gallery" (chgallery)

It has been discovered that the extension "Another simple gallery" chgallery is susceptible to SQL Injection. Release Date: March 10, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.5.3 and below Vulnerabilit...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2015/12/15 12:0 a.m.•17 views

Multiple Cross-Site Scripting vulnerabilities in frontend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: December 15, 2015 Vulnerable subcomponent: Frontend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.15, 7.0.0 to 7.6.0 Severity: Low Suggested CVSS...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2012/06/07 12:0 a.m.•17 views

Cross-site scripting vulnerability in extension Ameos Formidable (ameos_formidable)

It has been discovered that the extension "Ameos Formidable" ameosformidable is vulnerable to cross-site scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.1.373 and below Vulnerability Type: Cross-site...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2011/11/15 12:0 a.m.•17 views

Authentication Bypass and Blind LDAP Injection in extension eu_ldap

It has been discovered that the extension euladap is vulnerable to Authentication Bypass and Blind LDAP Injection Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.8.10 and all versions below Vulnerability Type:...

7.1AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2011/09/28 12:0 a.m.•17 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: mmhutinfo, npindexedsearchstat, rzcolorbox, t3cpodcasts, winninggame, tgmgallery, tgmvgallery, bpsshib, devnullrobots, dhcinflationcal, damfrontend, rtgfiles, mgrooms, gridelements Release Date: September 28,...

7.4AI score
Exploits0Affected Software14
Typo3
Typo3
•added 2011/09/07 12:0 a.m.•17 views

Several Vulnerabilities in extension SmoothGallery for TYPO3 (rgsmoothgallery)

Several vulnerabilities have been found in the following third-party TYPO3 extension: rgsmoothgallery Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.5.1 and below Vulnerability Types: Cross-Site Scripting,...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2011/09/07 12:0 a.m.•17 views

A vulnerability in extension Drag Drop Mass Upload (ameos_dragndropupload)

A vulnerability has been found in the following third-party TYPO3 extension: ameosdragndropupload Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.0.2 and below Vulnerability Types: Arbitrary Code Execution Severit...

7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2010/04/14 12:0 a.m.•17 views

Vulnerabilitiy in extension Frontend User Registration (sr_feuser_register)

It has been discovered that the extension Frontend User Registration srfeuserregister is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extensions is not part of the TYPO3 default installation. Affected Versions: Version 2.5.24 and all versions below...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2010/01/13 12:0 a.m.•17 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: MK-AnydropdownMenu mkanydropdownmenu, Photo Book gooffotoboek, SB Folderdownload sbfolderdownload, Developer log devlog, KJ: Imagelightbox kjimagelightbox2, Unit Converter cs2unitconv, powermail powermail, TV21...

7.2AI score
Exploits0Affected Software24
Typo3
Typo3
•added 2009/12/15 12:0 a.m.•17 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: Car car, TYPO3 Watchdog abawatchdog, File list drblob, ListMan nllistman, XDS Staff List xdsstaff, Document Directorys danpdocumentdirs, Random Prayer Version 2 steprayer2, Diocese of Portsmouth Resources...

7.4AI score
Exploits0Affected Software19
Typo3
Typo3
•added 2009/06/16 12:0 a.m.•17 views

Cross-Site Scripting vulnerability in extension Modern Guestbook / Commenting System (ve_guestbook)

It has been discovered that the extension Modern Guestbook / Commenting system veguestbook is vulnerable to Cross-Site Scripting. Release Date: June 16, 2009 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.7.1 and...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2008/05/27 12:0 a.m.•17 views

Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)

It has been discovered that the extension "KJ: Image Lightbox v2" kjimagelightbox2 is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.4.2 and below, possibly also all...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2008/05/05 12:0 a.m.•17 views

Cross Site Scripting vulnerability in extension powermail

It has been discovered that the extension powermail is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.1.9 and all versions below Vulnerability Type: Cross Site...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2008/05/05 12:0 a.m.•17 views

Multiple vulnerabilities in extension MailformPlus (th_mailformplus)

It has been discovered that the extension MailformPlus thmailformplus is susceptible to Cross Site Scripting XSS attacks and allows Remote Code Execution. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 4.0.3 and belo...

7.5AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2005/11/14 12:0 a.m.•17 views

TYPO3 Security Bulletin

A Cross Site Scripting issue has been found in showpic.php. Component Type: Core Affected Components: showpic.php Versions: TYPO3 3.8.0 and earlier Vulnerability Type: Cross Site Scripting Severity: High Problem Description: A Cross Site Scripting issue has been found in showpic.php. Solution: Th...

6.4AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2005/10/10 12:0 a.m.•17 views

TYPO3 Security Bulletin

A bug has been discovered in the "Front End News Submitter" fenews where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version fertenews is derived from fenews, it is affected as well. Component Type: Third Party Extension...

8.2AI score
Exploits0Affected Software2
Typo3
Typo3
•added 2020/05/12 12:0 a.m.•16 views

Sensitive Data Exposure in extension "Job Fair" (jobfair)

The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files e.g uploads/txjobfair/cv.pdf...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2019/12/17 12:0 a.m.•16 views

Cross-Site Scripting in Form Framework validation handling

It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2019/12/17 12:0 a.m.•16 views

Cross Site Scripting in extension "File List" (file_list)

The extension fails to properly encode user input for output in HTML context...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2019/10/15 12:0 a.m.•16 views

SQL Injection in extension "URL redirect" (url_redirect)

The extension fails to properly sanitize user input and is susceptible to SQL Injection...

7.5CVSS1.7AI score0.00818EPSS
Exploits0Affected Software1
Typo3
Typo3
•added 2019/05/07 12:0 a.m.•16 views

SQL Injection in extension "Event Calender" (pits_wd_calender)

The extension fails to properly sanitize user input and is susceptible to SQL Injection...

7.5AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2019/05/07 12:0 a.m.•16 views

Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)

The extension fails to properly encode user input for output in HTML context...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2019/01/22 12:0 a.m.•16 views

Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Multiple vulnerabilities have been found in the phpMyAdmin component...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2019/01/22 12:0 a.m.•16 views

Object Injection in extension "mkmailer" (mkmailer)

It was discovered that included 3rd party library PHPMailer is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code...

8AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2018/12/11 12:0 a.m.•16 views

Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering .youtube and .vimeo files is vulnerable to cross-site scripting. A valid backend user account or write access on the server system e.g. SFTP is needed in order to exploit this vulnerability...

6.5AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2018/12/11 12:0 a.m.•16 views

Security Misconfiguration in Install Tool Cookie

It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool...

6.4AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2018/08/09 12:0 a.m.•16 views

Cross-site scripting vulnerability in extension "Powermail" (powermail)

The extension uses \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS, which is known to be vulnerable to XSS...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2016/04/12 12:0 a.m.•16 views

Cross-Site Scripting in TYPO3 Backend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0 Severity: Medium...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2015/09/30 12:0 a.m.•16 views

File Disclosure in extension "Zend Framework Integration" (zend_framework)

It has been discovered that the extension "Zend Framework Integration" zendframework is susceptible to File Disclosure. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.7.6 and belo...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2015/07/01 12:0 a.m.•16 views

Access bypass when editing file metadata

It has been discovered, that editors could change, create or delete metadata of files without permission. Component Type: TYPO3 CMS Release Date: July 1, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Broken Access Control Affected Versions: Versions 6.2.0 to 6.2.13, 7.0.0 to 7.3.0...

7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2015/07/01 12:0 a.m.•16 views

Cross-Site Scripting in 3rd party library Flowplayer

It has been discovered, that editors could change, create or delete metadata of files without permission. Component Type: TYPO3 CMS Release Date: July 1, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.13, 7.0.0 to 7.3.0...

7.1AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2015/06/15 12:0 a.m.•16 views

Arbitrary Code Execution in extension Frontend User Upload (feupload)

It has been discovered that the extension "Frontend User Upload" feupload is susceptible to Arbitrary Code Execution Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.5.0 and below...

7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2012/02/02 12:0 a.m.•16 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: cssfilelinks, terminal, beuserswitch, rtgfiles, irfaq, skteurocalc, jftcaforms, bcpost2facebook, aeurltool, mvcooking, toicategory, ajadofacebook Release Date: February 2, 2012 Please read first: This Collectiv...

7.6AI score
Exploits0Affected Software15
Typo3
Typo3
•added 2011/11/15 12:0 a.m.•16 views

Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Local file inclusion. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.11.8 and below Vulnerability Type: Local file inclusion...

7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2011/10/20 12:0 a.m.•16 views

Remote File Disclosure and Cross-Site Scripting vulnerability in extensions pmkshadowbox and pmkslimbox

It has been discovered that the extensions pmkshadowbox and pmkslimbox are vulnerable to Remote File Disclosure and Cross-Site Scripting. Release Date: Oktober 20, 2011 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Extension: pmkshadowbox...

6.3AI score
Exploits0Affected Software2
Typo3
Typo3
•added 2011/07/25 12:0 a.m.•16 views

Several vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting, Local File Inclusion, Code Execution and Session Manipulation. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version...

7.1AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2011/05/23 12:0 a.m.•16 views

Cross-Site Scripting and Open Redirection vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Open Redirection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.10.3 and below Vulnerability Type:...

6AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2010/03/02 12:0 a.m.•16 views

Blind SQL Injection vulnerability in extension Calendar Base (cal)

It has been discovered that the extension Calendar Base cal is vulnerable to Blind SQL Injection. Release Date: March 2, 2010 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.3.1 and all versions below Vulnerabilit...

8AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2008/11/13 12:0 a.m.•16 views

Cross-Site Scripting vulnerability in TYPO3 Core

It has been discovered that the backend module "file" is vulnerable to Cross-Site Scripting XSS. Component Type: TYPO3 Core Affected Version: TYPO3 version 4.2.2 Vulnerability Type: Cross Site Scripting Vulnerability: Backend module "file" is susceptible to Cross-Site Scripting. Severity: Low...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2008/06/11 12:0 a.m.•16 views

Multiple vulnerabilities in TYPO3 Core

It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library feadminlib.inc allows Cross Site Scripting XSS. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 3.x, 4.0 ...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2005/11/14 12:0 a.m.•16 views

TYPO3 Security Bulletin

Situations are imaginable where sensitive information gets stored in the fileadmin/temp/ directory. If misconfigured in your web server, this directory can be browsable and therefore expose that information. Component Type: Core Affected Components: File Editor in Install Tool Versions: TYPO3 3.8...

6.3AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2005/11/14 12:0 a.m.•16 views

TYPO3 Security Bulletin

Various security issues have been reported for PhpMyAdmin see www.securityfocus.com/bid/15196 for details. Component Type: Third Party Product, included with the TYPO3 core Affected Components: PhpMyAdmin Versions: TYPO3 3.8.0 and earlier Vulnerability Type: Various see below Severity: Medium...

7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2005/11/14 12:0 a.m.•16 views

TYPO3 Security Bulletin

The file editor functionality in the TYPO3 Install Tool menu option "Edit files in typo3conf/" has an option that reads "Make backup copy". If set, this will create a backup copy and append a "" to the original file name. This leads to file names that may be delivered as text files by a web serve...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2005/08/22 12:0 a.m.•16 views

TYPO3 Security Bulletin

A bug has been discovered in MOC filemanager v. 0.7.1 and earlier: An offender may gain illegal read access to files on the server. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2019/12/17 12:0 a.m.•15 views

Cross-Site Scripting Vulnerabilities in File Upload Handling

TYPO3 allows to upload files either in the backend user interface as well as in custom developed extensions. To reduce the possibility to upload potential malicious code TYPO3 uses the fileDenyPattern to deny e.g. user submitted PHP scripts from being persisted. Besides that it is possible for an...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2019/06/25 12:0 a.m.•15 views

Security Misconfiguration in Frontend Session Handling

It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
•added 2019/05/07 12:0 a.m.•15 views

SQL Injection in extension "Faceted Search" (ke_search)

The extension fails to properly sanitize user input and is susceptible to SQL Injection...

7.5AI score
Exploits0Affected Software1
Total number of security vulnerabilities473