Lucene search
K
Typo3Most viewed

473 matches found

Typo3
Typo3
added 2008/04/16 12:0 a.m.18 views

Multiple vulnerabilities in extension de_phpot

It has been discovered that the extension dephpot is vulnerable to multiple SQL Injection flaws and other types of security issues. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: All versions Vulnerability Type: SQL Injectio...

8.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2005/11/14 12:0 a.m.18 views

TYPO3 Security Bulletin

In the past, a "Shift Reload" from the browser AKA a GET request with the "no-cache" pragma set cleared the TYPO3 cache of the requested page. This may be considered a potential target for Denial of Service attacks. Component Type: Core Affected Components: TYPO3 Page Cache Versions: TYPO3 3.8.0...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2005/11/14 12:0 a.m.18 views

TYPO3 Security Bulletin

A Cross Site Scripting issue has been found in showpic.php. Component Type: Core Affected Components: showpic.php Versions: TYPO3 3.8.0 and earlier Vulnerability Type: Cross Site Scripting Severity: High Problem Description: A Cross Site Scripting issue has been found in showpic.php. Solution: Th...

6.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2005/10/10 12:0 a.m.18 views

TYPO3 Security Bulletin

A bug has been discovered in the "Front End News Submitter" fenews where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version fertenews is derived from fenews, it is affected as well. Component Type: Third Party Extension...

8.2AI score
Exploits0Affected Software2
Typo3
Typo3
added 2021/12/16 12:0 a.m.17 views

Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters

TYPO3 core internally uses the TypoScript function typolink to generate links to pages. The typolink property addQueryString can be used to append all query parameters—present in a corresponding HTTP request—to generated links. This typolink behavior does not have any functionality to determine...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2021/07/20 12:0 a.m.17 views

Cross-Site Scripting in Backend Grid View

Failing to properly encode settings for backend layouts, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability...

3.5CVSS2.8AI score0.00603EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2020/07/07 12:0 a.m.17 views

Broken Access Control in extension "typo3_forum" (typo3_forum)

The ACL check of the extension is broken under certain conditions allowing anonymous users to create forum posts although this feature is disabled for anonymous users in the access control list...

5CVSS4.6AI score0.00847EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2019/12/17 12:0 a.m.17 views

Cross Site Scripting in extension "File List" (file_list)

The extension fails to properly encode user input for output in HTML context...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/06/25 12:0 a.m.17 views

Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/08/09 12:0 a.m.17 views

Cross-site scripting vulnerability in extension "Powermail" (powermail)

The extension uses \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS, which is known to be vulnerable to XSS...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/03/10 12:0 a.m.17 views

SQL Injection in extension "Another simple gallery" (chgallery)

It has been discovered that the extension "Another simple gallery" chgallery is susceptible to SQL Injection. Release Date: March 10, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.5.3 and below Vulnerabilit...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/12/15 12:0 a.m.17 views

Multiple Cross-Site Scripting vulnerabilities in frontend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: December 15, 2015 Vulnerable subcomponent: Frontend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.15, 7.0.0 to 7.6.0 Severity: Low Suggested CVSS...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2012/06/07 12:0 a.m.17 views

Cross-site scripting vulnerability in extension Ameos Formidable (ameos_formidable)

It has been discovered that the extension "Ameos Formidable" ameosformidable is vulnerable to cross-site scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.1.373 and below Vulnerability Type: Cross-site...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2011/11/15 12:0 a.m.17 views

Authentication Bypass and Blind LDAP Injection in extension eu_ldap

It has been discovered that the extension euladap is vulnerable to Authentication Bypass and Blind LDAP Injection Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.8.10 and all versions below Vulnerability Type:...

7.1AI score
Exploits0Affected Software1
Typo3
Typo3
added 2011/09/28 12:0 a.m.17 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: mmhutinfo, npindexedsearchstat, rzcolorbox, t3cpodcasts, winninggame, tgmgallery, tgmvgallery, bpsshib, devnullrobots, dhcinflationcal, damfrontend, rtgfiles, mgrooms, gridelements Release Date: September 28,...

7.4AI score
Exploits0Affected Software14
Typo3
Typo3
added 2011/09/07 12:0 a.m.17 views

Several Vulnerabilities in extension SmoothGallery for TYPO3 (rgsmoothgallery)

Several vulnerabilities have been found in the following third-party TYPO3 extension: rgsmoothgallery Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.5.1 and below Vulnerability Types: Cross-Site Scripting,...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2011/09/07 12:0 a.m.17 views

A vulnerability in extension Drag Drop Mass Upload (ameos_dragndropupload)

A vulnerability has been found in the following third-party TYPO3 extension: ameosdragndropupload Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.0.2 and below Vulnerability Types: Arbitrary Code Execution Severit...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2010/04/14 12:0 a.m.17 views

Vulnerabilitiy in extension Frontend User Registration (sr_feuser_register)

It has been discovered that the extension Frontend User Registration srfeuserregister is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extensions is not part of the TYPO3 default installation. Affected Versions: Version 2.5.24 and all versions below...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2010/01/13 12:0 a.m.17 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: MK-AnydropdownMenu mkanydropdownmenu, Photo Book gooffotoboek, SB Folderdownload sbfolderdownload, Developer log devlog, KJ: Imagelightbox kjimagelightbox2, Unit Converter cs2unitconv, powermail powermail, TV21...

7.2AI score
Exploits0Affected Software24
Typo3
Typo3
added 2008/05/27 12:0 a.m.17 views

Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)

It has been discovered that the extension "KJ: Image Lightbox v2" kjimagelightbox2 is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.4.2 and below, possibly also all...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/05/05 12:0 a.m.17 views

Multiple vulnerabilities in extension MailformPlus (th_mailformplus)

It has been discovered that the extension MailformPlus thmailformplus is susceptible to Cross Site Scripting XSS attacks and allows Remote Code Execution. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 4.0.3 and belo...

7.5AI score
Exploits0Affected Software1
Typo3
Typo3
added 2005/11/14 12:0 a.m.17 views

TYPO3 Security Bulletin

Various security issues have been reported for PhpMyAdmin see www.securityfocus.com/bid/15196 for details. Component Type: Third Party Product, included with the TYPO3 core Affected Components: PhpMyAdmin Versions: TYPO3 3.8.0 and earlier Vulnerability Type: Various see below Severity: Medium...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2005/11/14 12:0 a.m.17 views

TYPO3 Security Bulletin

The file editor functionality in the TYPO3 Install Tool menu option "Edit files in typo3conf/" has an option that reads "Make backup copy". If set, this will create a backup copy and append a "" to the original file name. This leads to file names that may be delivered as text files by a web serve...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2005/11/14 12:0 a.m.17 views

TYPO3 Security Bulletin

Situations are imaginable where sensitive information gets stored in the fileadmin/temp/ directory. If misconfigured in your web server, this directory can be browsable and therefore expose that information. Component Type: Core Affected Components: File Editor in Install Tool Versions: TYPO3 3.8...

6.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2020/05/12 12:0 a.m.16 views

Sensitive Data Exposure in extension "Job Fair" (jobfair)

The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files e.g uploads/txjobfair/cv.pdf...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/12/17 12:0 a.m.16 views

Cross-Site Scripting in Form Framework validation handling

It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/10/15 12:0 a.m.16 views

SQL Injection in extension "URL redirect" (url_redirect)

The extension fails to properly sanitize user input and is susceptible to SQL Injection...

7.5CVSS1.7AI score0.00818EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2019/05/07 12:0 a.m.16 views

SQL Injection in extension "Faceted Search" (ke_search)

The extension fails to properly sanitize user input and is susceptible to SQL Injection...

7.5AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/05/07 12:0 a.m.16 views

SQL Injection in extension "Event Calender" (pits_wd_calender)

The extension fails to properly sanitize user input and is susceptible to SQL Injection...

7.5AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/05/07 12:0 a.m.16 views

Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)

The extension fails to properly encode user input for output in HTML context...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/01/22 12:0 a.m.16 views

Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Multiple vulnerabilities have been found in the phpMyAdmin component...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/01/22 12:0 a.m.16 views

Object Injection in extension "mkmailer" (mkmailer)

It was discovered that included 3rd party library PHPMailer is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code...

8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/12/11 12:0 a.m.16 views

Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering .youtube and .vimeo files is vulnerable to cross-site scripting. A valid backend user account or write access on the server system e.g. SFTP is needed in order to exploit this vulnerability...

6.5AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/12/11 12:0 a.m.16 views

Security Misconfiguration in Install Tool Cookie

It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool...

6.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/04/12 12:0 a.m.16 views

Cross-Site Scripting in TYPO3 Backend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0 Severity: Medium...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/09/30 12:0 a.m.16 views

File Disclosure in extension "Zend Framework Integration" (zend_framework)

It has been discovered that the extension "Zend Framework Integration" zendframework is susceptible to File Disclosure. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.7.6 and belo...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/07/01 12:0 a.m.16 views

Cross-Site Scripting in 3rd party library Flowplayer

It has been discovered, that editors could change, create or delete metadata of files without permission. Component Type: TYPO3 CMS Release Date: July 1, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.13, 7.0.0 to 7.3.0...

7.1AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/07/01 12:0 a.m.16 views

Access bypass when editing file metadata

It has been discovered, that editors could change, create or delete metadata of files without permission. Component Type: TYPO3 CMS Release Date: July 1, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Broken Access Control Affected Versions: Versions 6.2.0 to 6.2.13, 7.0.0 to 7.3.0...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/06/15 12:0 a.m.16 views

Arbitrary Code Execution in extension Frontend User Upload (feupload)

It has been discovered that the extension "Frontend User Upload" feupload is susceptible to Arbitrary Code Execution Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.5.0 and below...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2012/02/02 12:0 a.m.16 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: cssfilelinks, terminal, beuserswitch, rtgfiles, irfaq, skteurocalc, jftcaforms, bcpost2facebook, aeurltool, mvcooking, toicategory, ajadofacebook Release Date: February 2, 2012 Please read first: This Collectiv...

7.6AI score
Exploits0Affected Software15
Typo3
Typo3
added 2011/11/15 12:0 a.m.16 views

Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Local file inclusion. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.11.8 and below Vulnerability Type: Local file inclusion...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2011/10/20 12:0 a.m.16 views

Remote File Disclosure and Cross-Site Scripting vulnerability in extensions pmkshadowbox and pmkslimbox

It has been discovered that the extensions pmkshadowbox and pmkslimbox are vulnerable to Remote File Disclosure and Cross-Site Scripting. Release Date: Oktober 20, 2011 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Extension: pmkshadowbox...

6.3AI score
Exploits0Affected Software2
Typo3
Typo3
added 2011/07/25 12:0 a.m.16 views

Several vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting, Local File Inclusion, Code Execution and Session Manipulation. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version...

7.1AI score
Exploits0Affected Software1
Typo3
Typo3
added 2011/05/23 12:0 a.m.16 views

Cross-Site Scripting and Open Redirection vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Open Redirection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.10.3 and below Vulnerability Type:...

6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2010/03/02 12:0 a.m.16 views

Blind SQL Injection vulnerability in extension Calendar Base (cal)

It has been discovered that the extension Calendar Base cal is vulnerable to Blind SQL Injection. Release Date: March 2, 2010 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.3.1 and all versions below Vulnerabilit...

8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2009/12/01 12:0 a.m.16 views

Blind SQL Injection vulnerability in extension Calendar Base (cal)

It has been discovered that the extension Calendar Base cal is vulnerable to Blind SQL Injection. Release Date: December 1, 2009 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.2.0 and all versions below...

8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/12/22 12:0 a.m.16 views

TYPO3 Security Bulletin

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to SQL injections via XSRF. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.1.1 and all versions below Vulnerability Type: SQL injectio...

7.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/11/13 12:0 a.m.16 views

Cross-Site Scripting vulnerability in TYPO3 Core

It has been discovered that the backend module "file" is vulnerable to Cross-Site Scripting XSS. Component Type: TYPO3 Core Affected Version: TYPO3 version 4.2.2 Vulnerability Type: Cross Site Scripting Vulnerability: Backend module "file" is susceptible to Cross-Site Scripting. Severity: Low...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/07/01 12:0 a.m.16 views

Multiple vulnerabilities in extension WEC Discussion Forum (wec_discussion)

It has been discovered that the extension WEC Discussion Forum wecdiscussion is open to multiple security issues. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.6.2 and all versions below Vulnerability Type:...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/06/11 12:0 a.m.16 views

Multiple vulnerabilities in TYPO3 Core

It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library feadminlib.inc allows Cross Site Scripting XSS. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 3.x, 4.0 ...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities473