Lucene search
+L
Typo3Most viewed

473 matches found

typo3
typo3
added 2018/08/09 12:0 a.m.13 views

Cross-Site Scripting in extension "Frontend Treeview" (mh_treeview)

The extension fails to properly encode user input for output in HTML context...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2016/03/03 12:0 a.m.13 views

Multiple vulnerabilities in extension "Fe user statistic" (festat)

It has been discovered that the extension "Fe user statistic" festat is susceptible to Cross-Site Scripting, Insecure Unserialize and Information Disclosure. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affecte...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2016/02/16 12:0 a.m.13 views

Cross-Site Scripting in legacy form component

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: February 16, 2016 Vulnerable subcomponent: legacy form component Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.17 Severity: Low Suggested CVSS v2.0...

6.9AI score
Exploits0Affected Software1
typo3
typo3
added 2015/06/18 12:0 a.m.13 views

SQL Injection in extension "Akronymmanager" (sb_akronymmanager)

It has been discovered that the extension "Akronymmanager" sbakronymmanager is susceptible to SQL Injection Release Date: June 18, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.5.0 and below Vulnerability...

7.3AI score
Exploits0Affected Software1
typo3
typo3
added 2014/12/15 12:0 a.m.13 views

Multiple vulnerabilities in Drag Drop Mass Upload (ameos_dragndropupload)

It has been discovered that the extension "Drag Drop Mass Upload" ameosdragndropupload is susceptible to Cross-Site Scripting, Cross-Site Request Forgery and Improper Access Control. Release Date: December 15, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2013/08/05 12:0 a.m.13 views

Several vulnerabilities in extension Formhandler (formhandler)

It has been discovered that the extension "Formhandler" Formhandler is vulnerable to SQL-Injection, Arbitrary Code Execution and Authentication Bypass. Release Date: August 05, 2013 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...

7.1AI score
Exploits0Affected Software1
typo3
typo3
added 2012/10/25 12:0 a.m.13 views

Several Vulnerabilities in extension Formhandler (formhandler)

It has been discovered that the extension Formhandler formhandler is vulnerable to SQL-Injection and Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.4.0 and below Vulnerability Types: SQL...

7.2AI score
Exploits0Affected Software1
typo3
typo3
added 2012/07/03 12:0 a.m.13 views

Cross-site scripting vulnerability in extension Seminars (seminars)

It has been discovered that the extension "Seminars" seminars is vulnerable to cross-site scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.9.3 and below Vulnerability Type: Cross-site scripting Severity:...

6.4AI score
Exploits0Affected Software1
typo3
typo3
added 2011/09/27 12:0 a.m.13 views

Cross-Site scripting vulnerability in extension t3blog (t3blog)

It has been discovered that the extension "T3Blog" t3blog is vulnerable to Cross-Site Scripting. Release Date: September 27, 2011 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.1.1 and all versions below...

6.1AI score
Exploits0Affected Software1
typo3
typo3
added 2011/09/07 12:0 a.m.13 views

Several Vulnerabilities in extension Direct Mail Subscription (direct_mail_subscription)

Several vulnerabilities have been found in the following third-party TYPO3 extension: directmailsubscription Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.1.0 and below Vulnerability Types: SQL Injection,...

7.4AI score
Exploits0Affected Software1
typo3
typo3
added 2011/08/25 12:0 a.m.13 views

Cross Site Scripting Vulnerability in extension Questionaire (pbsurvey)

It has been discovered that the extension "Questionaire" pbsurvey is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.3.0 and below Vulnerability Types: Cross-Site Scripting...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2010/03/16 12:0 a.m.13 views

Cross-Site Scripting vulnerability in extension mm_forum (mm_forum)

It has been discovered that the extension mmforum mmforum is vulnerable to Cross-Site Scripting. Release Date: March 16, 2010 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.8.2 and all versions below Vulnerabilit...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2009/12/01 12:0 a.m.13 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: AN Search it! ansearchit, Simple download-system with counter and categories kkdownloader, Automatic Base Tags for RealUrl ltbasetag, Trips mchtrips, simple Glossar simpleglossar, TW Productfinder...

7.4AI score
Exploits0Affected Software7
typo3
typo3
added 2009/04/06 12:0 a.m.13 views

Information Disclosure in third party extension "Frontend User registration"

It has been discovered that the TYPO3 extension "Frontend User Registration" srfeuserregister is susceptible to Information Disclosure. Release Date: April 6, 2009 Component Type: Third party extension. This extension is not a part of a TYPO3 default installation. Affected Versions: 2.5.20 and al...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2008/12/22 12:0 a.m.13 views

TYPO3 Security Bulletin

Several vulnerabilities have been found in the following third party TYPO3 extensions: "Vox populi" mvvoxpopuli, "SB Universal Plugin" SBuniplug, "Simple File Browser" simplefilebrowser, "TU-Clausthal ODIN" tucodin, "TU-Clausthal Staff" tucstaff, "WEBERkommunal Facilities" wesfacilities Please re...

7.5AI score
Exploits0Affected Software6
typo3
typo3
added 2008/10/20 12:0 a.m.13 views

TYPO3 Security Bulletin

Several vulnerabilities have been found in the following third party TYPO3 extensions: JobControl dmmjobcontrol, Econda Plugin econda, Frontend Users View feusersview, Mannschaftsliste kiddogplayerlist, M1 Intern m1intern, Simple survey simplesurvey, Page Improvements smpageimprovements Please re...

7.3AI score
Exploits0Affected Software7
typo3
typo3
added 2008/09/19 12:0 a.m.13 views

TYPO3 Security Bulletin

Several vulnerabilities have been found in TYPO3 third party extensions. Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant download numbers, nor other special importance amongst the TYPO3 Community. The intention of CSBs is to...

8.3AI score
Exploits0Affected Software11
typo3
typo3
added 2007/06/12 12:0 a.m.13 views

Information disclosure in w4x_backup

It has been discovered that the extension w4xbackup has several security related issues, which may disclosure confidential information. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 0.9.1 and all versions below...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2007/06/08 12:0 a.m.13 views

SQL injection in macina_banners / ric_rotation

It has been discovered that the extensions macinabanners and its descendant ricrotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation Affecte...

8AI score
Exploits0Affected Software2
typo3
typo3
added 2006/12/20 12:0 a.m.13 views

Remote Command Execution

A critical problem has been discovered in plugin class.txrtehtmlareapi1.php that is used for spell-checking in the rtehtmlarea extension. Component Type: System Extension TYPO3 Versions 4.0-4.0.3, 4.1beta Third Party Extension TYPO3 Versions up to 3.8.1. Since TYPO3 Version 4.0 the extension is...

7.5AI score
Exploits0Affected Software2
typo3
typo3
added 2006/09/02 12:0 a.m.13 views

tip-a-friend

A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting XSS Component Type: Third Party Extension. The extension is not part of the TYPO3 default installation Affected Components: tipafriend Versions: 1.2.1 and earlier Vulnerability Type: Cross Site Scripting...

6.3AI score
Exploits0Affected Software1
typo3
typo3
added 2006/05/12 12:0 a.m.13 views

TYPO3 Security Bulletin

Two problems path traversal and SQL injection have been discovered in the extension damdownloads Component Type: Third Party Extension. The extension is not part of the TYPO3 default installation Affected Components: damdownloads Versions: 1.0.1 and earlier Vulnerability Type: Path traversal and...

8AI score
Exploits0Affected Software1
typo3
typo3
added 2006/05/01 12:0 a.m.13 views

TYPO3 Security Bulletin

A weakness in the display of forum messages of chcforum has been discovered that may be used to execute arbitrary SQL Component Type: Third Party Extension. The extension is not part of the TYPO3 default installation Affected Components: chcforum Versions: 1.4.4 and earlier Vulnerability Type: SQ...

8AI score
Exploits0Affected Software1
typo3
typo3
added 2005/08/12 12:0 a.m.13 views

TYPO3 Security Bulletin

Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. Successful exploitation results in the execution of arbitrary commands with permissions of the web service. This may compromise systems using extensions providing AWStats...

8AI score
Exploits0Affected Software1
typo3
typo3
added 2022/02/15 12:0 a.m.12 views

File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)

The extension fails to verify the filename of saved language files which results in File Content Injection. An authenticated user with editor permissions can use the vulnerability to inject predefined content into any file the webserver has access to resulting in affected files being corrupted...

6.7AI score
Exploits0Affected Software1
typo3
typo3
added 2019/12/17 12:0 a.m.12 views

CSRF in extension "Change password for frontend users" (fe_change_pwd)

The extension fails to implement a CSRF protection for update password action...

7AI score
Exploits0Affected Software1
typo3
typo3
added 2019/12/17 12:0 a.m.12 views

CSRF in extension "femanager" (femanager)

The extension fails to implement a CSRF protection for edit and delete actions...

6.9AI score
Exploits0Affected Software1
typo3
typo3
added 2019/05/07 12:0 a.m.12 views

Security Misconfiguration in User Session Handling

When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability...

7AI score
Exploits0Affected Software1
typo3
typo3
added 2019/05/07 12:0 a.m.12 views

SQL Injection in extension "comsolit Suggest" (comsolit_suggest)

The extension fails to properly sanitize user input and is susceptible to SQL Injection...

7.5AI score
Exploits0Affected Software1
typo3
typo3
added 2019/05/07 12:0 a.m.12 views

Remote Code Execution in extension "ImageOptimizer" (imageoptimizer)

The extension fails to validate arguments passed to a shell command resulting in Remote Code Execution. The issue is only exploitable, if an attacker is able to upload files directly e.g. SFTP or FTP to the filesystem...

7.4AI score
Exploits0Affected Software1
typo3
typo3
added 2019/05/07 12:0 a.m.12 views

Cross Site Scripting in extension "Instagram" (ws_instagram)

The extension fails to properly encode user input for output in HTML context...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2019/01/22 12:0 a.m.12 views

Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions...

6.4AI score
Exploits0Affected Software1
typo3
typo3
added 2018/11/20 12:0 a.m.12 views

Cross-Site Scripting in extension "libconnect" (libconnect)

The extension fails to properly encode user input for output in HTML context...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2018/08/09 12:0 a.m.12 views

Cross-Site Scripting in extension "Heise Shariff" (rx_shariff)

The extension fails to properly encode user input for output in HTML context...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2016/02/16 12:0 a.m.12 views

Cross-Site Scripting in form component

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: February 16, 2016 Vulnerable subcomponent: form component Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.17 Severity: Low Suggested CVSS v2.0:...

7.1AI score
Exploits0Affected Software1
typo3
typo3
added 2015/12/15 12:0 a.m.12 views

Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: December 15, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.15, 7.0.0 to 7.6.0 Severity: Low Suggested CVSS...

6.9AI score
Exploits0Affected Software1
typo3
typo3
added 2015/09/08 12:0 a.m.12 views

Unauthenticated Path Disclosure

It has been discovered, that TYPO3 is susceptible to unauthenticated path disclosure. Component Type: TYPO3 CMS Release Date: September 8, 2015 Vulnerable subcomponent: Frontend Vulnerability Type: Information Disclosure Affected Versions: Versions 6.2.0 to 6.2.14, 7.0.0 to 7.3.1 Severity: Low...

7.2AI score
Exploits0Affected Software1
typo3
typo3
added 2015/02/17 12:0 a.m.12 views

Important Security-Bulletin Pre-Announcement

A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET. The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core. The following branches are affected by the vulnerability: TYPO3 4.3...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2012/03/28 12:0 a.m.12 views

Cross-Site Scripting vulnerability in extension Basic SEO Features (seo_basics)

It has been discovered that the extension "Basic SEO Features" seobasics is vulnerable to Cross-Site Scripting Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.8.1 and below Vulnerability Type: Cross-Site Scripting...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2011/09/15 12:0 a.m.12 views

Multiple XSS vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.11.4 and below Vulnerability Type: Multiple Cross-Site Scripti...

6.3AI score
Exploits0Affected Software1
typo3
typo3
added 2011/07/06 12:0 a.m.12 views

Directory Traversal and Code Injection vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Directory Traversal and Code Injection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.11.1 and below Vulnerability Type: Directory...

7.4AI score
Exploits0Affected Software1
typo3
typo3
added 2010/07/28 12:0 a.m.12 views

Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting XSS, Open Redirection, SQL Injection, Broken Authentication and Session Management, Insecure Randomness, Information Disclosure, Arbitrary Code Execution Component Type: TYPO3 Core Affected Versions: 4.1.13 and below,...

7.2AI score
Exploits0Affected Software1
typo3
typo3
added 2007/07/16 12:0 a.m.12 views

Cross Site Scripting vulnerability in faq

It has been discovered that the extension faq is susceptible to cross site scripting XSS attacks, making it possible to execute arbitrary JavaScript. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 0.0.7 and all versio...

6.5AI score
Exploits0Affected Software1
typo3
typo3
added 2005/11/07 12:0 a.m.12 views

chc_forum

A bug has been discovered in the "CHC Forum" chcforum extension where some Javascript expressions are not properly caught when entered in forms. Thus, specially crafted entries may be used to inject malicious code. Component Type: Third Party Extension. This extension is third party code that has...

6.9AI score
Exploits0Affected Software1
typo3
typo3
added 2005/07/25 12:0 a.m.12 views

TYPO3 Security Bulletin

A debug script exposes system information provided by phpinfo. By default, the script can be executed by a remote user. Component Type: Core Affected Component: Debug Script Version: 3.8.0 and earlier Vulnerability Type: Information Disclosure Severity: Low Problem Description: A debug script...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2019/05/07 12:0 a.m.11 views

Information Disclosure in User Authentication

It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user credentials...

7.1AI score
Exploits0Affected Software1
typo3
typo3
added 2019/01/22 12:0 a.m.11 views

Security Misconfiguration for Backend User Accounts

When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in orde...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2018/12/11 12:0 a.m.11 views

Denial of Service in Online Media Asset Handling

Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2018/08/09 12:0 a.m.11 views

Missing Access Check in extension "Register to tt_address" (registeraddress)

Due to a missing access check, it is possible to delete certain ttaddress records...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2015/01/16 12:0 a.m.11 views

Information Disclosure in Direct Mail Subscription (direct_mail_subscription)

It has been discovered that the extension "Direct Mail Subscription" directmailsubscription is susceptible to Information Disclosure. Release Date: January 16, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.1...

6.7AI score
Exploits0Affected Software1
Total number of security vulnerabilities473