| CVE-2017-14251 |
high |
8.8 |
8.8 |
9y ago |
TYPO3 Arbitrary Code Execution |
|
| CVE-2014-9509 |
high |
— |
7.5 |
12y ago |
Typo3 Vulnerable to Cache Poisoning |
|
| CVE-2013-4701 |
high |
— |
7.5 |
13y ago |
PHP OpenID Library Denial of Service vulnerability |
|
| CVE-2010-3714 |
high |
— |
7.1 |
16y ago |
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism |
|
| CVE-2010-5099 |
medium |
— |
6.8 |
14y ago |
TYPO3 Path Traversal vulnerability |
|
| CVE-2010-1153 |
medium |
— |
6.8 |
16y ago |
TYPO3 PHP remote file inclusion vulnerability |
|
| CVE-2013-4321 |
medium |
— |
6.5 |
12y ago |
TYPO3 vulnerable to remote authenticated arbitrary code execution |
|
| CVE-2013-4250 |
medium |
— |
6.5 |
12y ago |
TYPO3 doesn't properly check file extensions |
|
| CVE-2013-7075 |
medium |
— |
6.5 |
13y ago |
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component |
|
| CVE-2012-6144 |
medium |
— |
6.5 |
13y ago |
Typo3 Backend History Module Vulnerable to SQL Injection |
|
| CVE-2016-4056 |
medium |
6.1 |
6.1 |
10y ago |
TYPO3 Backend component Cross-site scripting (XSS) vulnerability |
|
| CVE-2015-8760 |
medium |
6.1 |
6.1 |
11y ago |
TYPO3 allows remote attackers to embed Flash videos from external domain |
|
| CVE-2014-3942 |
medium |
— |
6.0 |
12y ago |
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code |
|
| CVE-2010-5103 |
medium |
— |
6.0 |
14y ago |
TYPO3 SQL Injection vulnerability |
|
| CVE-2014-3944 |
medium |
— |
5.8 |
12y ago |
TYPO3 Improper Session Invalidation |
|
| CVE-2015-8759 |
medium |
5.4 |
5.4 |
11y ago |
TYPO3 Cross-site Scripting vulnerability |
|
| CVE-2015-8756 |
medium |
5.4 |
5.4 |
11y ago |
TYPO3 CMS indexed search Cross-site Scripting vulnerability |
|
| CVE-2015-8755 |
medium |
5.4 |
5.4 |
11y ago |
Typo3 XSS Vulnerability |
|
| CVE-2017-6370 |
medium |
5.3 |
5.3 |
9y ago |
TYPO3 Information Disclosure Vulnerability |
|
| CVE-2014-3941 |
medium |
— |
5.0 |
12y ago |
Typo3 Host Header Spoofing Vulnerability |
|
| CVE-2012-1608 |
medium |
— |
5.0 |
14y ago |
Typo3 API XSS Vulnerabilities |
|
| CVE-2012-1607 |
medium |
— |
5.0 |
14y ago |
TYPO3 allows remote attackers to obtain the database name via a direct request |
|
| CVE-2012-1605 |
medium |
— |
5.0 |
14y ago |
Typo3 Extbase Framework Unsafe Deserialization |
|
| CVE-2012-3527 |
medium |
— |
4.6 |
14y ago |
TYPO3 allows remote authenticated backend users to unserialize arbitrary objects |
|
| CVE-2014-9508 |
medium |
— |
4.3 |
12y ago |
Typo3 Open Redirect In Frontend Rendering |
|
| CVE-2013-7341 |
medium |
— |
4.3 |
12y ago |
Moodle cross-site scripting (XSS) vulnerabilities |
|
| CVE-2012-3531 |
medium |
— |
4.3 |
14y ago |
Typo3 Install Tool XSS Vulnerability |
|
| CVE-2012-3530 |
medium |
— |
4.3 |
14y ago |
Typo3 API XSS Vulnerability |
|
| CVE-2012-2112 |
medium |
— |
4.3 |
14y ago |
Typo3 Exception Handler XSS |
|
| CVE-2014-3946 |
medium |
— |
4.0 |
12y ago |
Typo3 Information Disclosure |
|
| CVE-2014-3945 |
medium |
— |
4.0 |
12y ago |
TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash |
|
| CVE-2012-6146 |
medium |
— |
4.0 |
12y ago |
Typo3 Backend History Module Vulnerable to XSS |
|
| CVE-2013-7073 |
medium |
— |
4.0 |
13y ago |
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component |
|
| CVE-2010-5101 |
medium |
— |
4.0 |
14y ago |
TYPO3 Directory Traversal vulnerability |
|
| CVE-2015-5956 |
low |
— |
3.5 |
11y ago |
TYPO3 cross-site scripting (XSS) |
|
| CVE-2014-3943 |
low |
— |
3.5 |
12y ago |
Typo3 XSS Vulnerabilities |
|
| CVE-2013-7074 |
low |
— |
3.5 |
13y ago |
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component |
|
| CVE-2012-6148 |
low |
— |
3.5 |
13y ago |
Typo3 Function Menu API XSS Vulnerability |
|
| CVE-2012-6147 |
low |
— |
3.5 |
13y ago |
Typo3 Backend API XSS Vulnerability |
|
| CVE-2012-6145 |
low |
— |
3.5 |
13y ago |
Typo3 Backend History Module Vulnerable to XSS |
|
| CVE-2012-3529 |
low |
— |
3.5 |
14y ago |
Typo3 Backend Configuration XSS Vulnerability |
|
| CVE-2012-3528 |
low |
— |
3.5 |
14y ago |
Typo3 Backend XSS Vulnerability |
|
| CVE-2012-1606 |
low |
— |
3.5 |
14y ago |
Typo3 Backend XSS Vulnerabilities |
|
| CVE-2023-24814 |
unknown |
— |
— |
3y ago |
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering |
|
| CVE-2022-47406 |
unknown |
— |
— |
4y ago |
TYPO3 vulnerable to Insufficient Session Expiration |
|
| CVE-2022-23504 |
unknown |
— |
— |
4y ago |
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration |
|
| CVE-2022-23503 |
unknown |
— |
— |
4y ago |
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework |
|
| CVE-2022-23502 |
unknown |
— |
— |
4y ago |
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset |
|
| CVE-2022-23501 |
unknown |
— |
— |
4y ago |
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login |
|
| CVE-2022-23500 |
unknown |
— |
— |
4y ago |
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling |
|
| CVE-2022-23499 |
unknown |
— |
— |
4y ago |
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting |
|
| CVE-2022-36020 |
unknown |
— |
— |
4y ago |
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection |
|
| CVE-2022-36104 |
unknown |
— |
— |
4y ago |
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling |
|
| CVE-2022-36105 |
unknown |
— |
— |
4y ago |
TYPO3 CMS vulnerable to User Enumeration via Response Timing |
|
| CVE-2022-36106 |
unknown |
— |
— |
4y ago |
TYPO3 CMS missing check for expiration time of password reset token for backend users |
|
| CVE-2022-36107 |
unknown |
— |
— |
4y ago |
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController |
|
| CVE-2022-36108 |
unknown |
— |
— |
4y ago |
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper |
|
| CVE-2022-31050 |
unknown |
— |
— |
4y ago |
Insufficient Session Expiration in TYPO3's Admin Tool |
|
| CVE-2022-31049 |
unknown |
— |
— |
4y ago |
Cross-Site Scripting in TYPO3's Frontend Login Mailer |
|
| CVE-2022-31048 |
unknown |
— |
— |
4y ago |
Cross-Site Scripting in TYPO3's Form Framework |
|
| CVE-2022-31047 |
unknown |
— |
— |
4y ago |
Insertion of Sensitive Information into Log File in typo3/cms-core |
|
| CVE-2022-31046 |
unknown |
— |
— |
4y ago |
Information Disclosure via Export Module |
|
| CVE-2019-12747 |
unknown |
— |
— |
4y ago |
TYPO3 Vulnerable to Insecure Deserialization |
|
| CVE-2019-12748 |
unknown |
— |
— |
4y ago |
Typo3 Cross-Site Scripting in Link Handling |
|
| CVE-2019-11832 |
unknown |
— |
— |
4y ago |
TYPO3 Image Processing susceptible to Code Execution |
|
| CVE-2020-8091 |
unknown |
— |
— |
4y ago |
Typo3 Cross-Site Scripting in Flash component (ELTS) |
|
| CVE-2019-19850 |
unknown |
— |
— |
4y ago |
TYPO3 SQL Injection in low-level Query Generator |
|
| CVE-2019-19849 |
unknown |
— |
— |
4y ago |
TYPO3 Insecure Deserialization in Query Generator & Query View |
|
| CVE-2019-19848 |
unknown |
— |
— |
4y ago |
TYPO3 Directory Traversal on ZIP extraction |
|
| CVE-2018-6905 |
unknown |
— |
— |
4y ago |
Typo3 XSS Vulnerability |
|
| CVE-2009-3635 |
unknown |
— |
— |
4y ago |
TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential |
|
| CVE-2009-0816 |
unknown |
— |
— |
4y ago |
Typo3 Backend XSS Vulnerability |
|
| CVE-2009-0815 |
unknown |
— |
— |
4y ago |
TYPO3 leaks a hash secret in an error message |
|
| CVE-2009-0258 |
unknown |
— |
— |
4y ago |
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection |
|
| CVE-2009-0256 |
unknown |
— |
— |
4y ago |
Authentication library in TYPO3 vulnerable to session fixation |
|
| CVE-2005-4875 |
unknown |
— |
— |
4y ago |
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/` |
|
| CVE-2011-3583 |
unknown |
— |
— |
4y ago |
Typo3 SQL injection due to faulty prepared statements |
|
| CVE-2011-4900 |
unknown |
— |
— |
4y ago |
Typo3 Information Disclosure |
|
| CVE-2011-4904 |
unknown |
— |
— |
4y ago |
Typo3 Improper Access Control |
|
| CVE-2011-4902 |
unknown |
— |
— |
4y ago |
Typo3 Arbitrary File Delete |
|
| CVE-2011-4632 |
unknown |
— |
— |
4y ago |
Typo3 XSS Vulnerabilities |
|
| CVE-2011-4903 |
unknown |
— |
— |
4y ago |
Typo3 XSS in RemoveXSS function |
|
| CVE-2011-4901 |
unknown |
— |
— |
4y ago |
Typo3 Arbitrary Information Disclosure |
|
| CVE-2011-4630 |
unknown |
— |
— |
4y ago |
Typo3 XSS Vulnerability |
|
| CVE-2011-4628 |
unknown |
— |
— |
4y ago |
Typo3 Authentication Bypass |
|
| CVE-2011-4627 |
unknown |
— |
— |
4y ago |
Typo3 Information Disclosure |
|
| CVE-2021-41113 |
unknown |
— |
— |
5y ago |
Cross-Site-Request-Forgery in Backend |
|
| CVE-2021-41114 |
unknown |
— |
— |
5y ago |
HTTP Host Header Injection |
|
| CVE-2021-32768 |
unknown |
— |
— |
5y ago |
Cross-Site Scripting via Rich-Text Content |
|
| CVE-2021-32767 |
unknown |
— |
— |
5y ago |
Information Disclosure in User Authentication |
|
| CVE-2021-32669 |
unknown |
— |
— |
5y ago |
Cross-Site Scripting in Backend Grid View |
|
| CVE-2021-32668 |
unknown |
— |
— |
5y ago |
Cross-Site Scripting in Query Generator & Query View |
|
| CVE-2021-32667 |
unknown |
— |
— |
5y ago |
Cross-Site Scripting in Page Preview |
|
| CVE-2021-21370 |
unknown |
— |
— |
5y ago |
Cross-Site Scripting in Content Preview (CType menu) |
|
| CVE-2021-21359 |
unknown |
— |
— |
5y ago |
Denial of Service in Page Error Handling |
|
| CVE-2021-21358 |
unknown |
— |
— |
5y ago |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form |
|
| CVE-2021-21357 |
unknown |
— |
— |
5y ago |
Broken Access Control in Form Framework |
|
| CVE-2021-21355 |
unknown |
— |
— |
5y ago |
Unrestricted File Upload in Form Framework |
|
| CVE-2021-21340 |
unknown |
— |
— |
5y ago |
Cross-Site Scripting in Content Preview |
|
| CVE-2021-21339 |
unknown |
— |
— |
5y ago |
Cleartext storage of session identifier |
|