| CVE-2017-14251 |
high |
8.8 |
8.8 |
9y ago |
TYPO3 Arbitrary Code Execution |
|
| CVE-2014-9509 |
high |
— |
7.5 |
12y ago |
Typo3 Vulnerable to Cache Poisoning |
|
| CVE-2013-4701 |
high |
— |
7.5 |
13y ago |
PHP OpenID Library Denial of Service vulnerability |
|
| CVE-2010-3714 |
high |
— |
7.1 |
16y ago |
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism |
|
| CVE-2010-5099 |
medium |
— |
6.8 |
14y ago |
TYPO3 Path Traversal vulnerability |
|
| CVE-2010-1153 |
medium |
— |
6.8 |
16y ago |
TYPO3 PHP remote file inclusion vulnerability |
|
| CVE-2013-4321 |
medium |
— |
6.5 |
12y ago |
TYPO3 vulnerable to remote authenticated arbitrary code execution |
|
| CVE-2013-4250 |
medium |
— |
6.5 |
12y ago |
TYPO3 doesn't properly check file extensions |
|
| CVE-2013-7075 |
medium |
— |
6.5 |
13y ago |
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component |
|
| CVE-2012-6144 |
medium |
— |
6.5 |
13y ago |
Typo3 Backend History Module Vulnerable to SQL Injection |
|
| CVE-2016-4056 |
medium |
6.1 |
6.1 |
10y ago |
TYPO3 Backend component Cross-site scripting (XSS) vulnerability |
|
| CVE-2015-8760 |
medium |
6.1 |
6.1 |
11y ago |
TYPO3 allows remote attackers to embed Flash videos from external domain |
|
| CVE-2014-3942 |
medium |
— |
6.0 |
12y ago |
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code |
|
| CVE-2010-5103 |
medium |
— |
6.0 |
14y ago |
TYPO3 SQL Injection vulnerability |
|
| CVE-2014-3944 |
medium |
— |
5.8 |
12y ago |
TYPO3 Improper Session Invalidation |
|
| CVE-2015-8759 |
medium |
5.4 |
5.4 |
11y ago |
TYPO3 Cross-site Scripting vulnerability |
|
| CVE-2015-8756 |
medium |
5.4 |
5.4 |
11y ago |
TYPO3 CMS indexed search Cross-site Scripting vulnerability |
|
| CVE-2015-8755 |
medium |
5.4 |
5.4 |
11y ago |
Typo3 XSS Vulnerability |
|
| CVE-2017-6370 |
medium |
5.3 |
5.3 |
9y ago |
TYPO3 Information Disclosure Vulnerability |
|
| CVE-2014-3941 |
medium |
— |
5.0 |
12y ago |
Typo3 Host Header Spoofing Vulnerability |
|
| CVE-2012-1608 |
medium |
— |
5.0 |
14y ago |
Typo3 API XSS Vulnerabilities |
|
| CVE-2012-1607 |
medium |
— |
5.0 |
14y ago |
TYPO3 allows remote attackers to obtain the database name via a direct request |
|
| CVE-2012-1605 |
medium |
— |
5.0 |
14y ago |
Typo3 Extbase Framework Unsafe Deserialization |
|
| CVE-2012-3527 |
medium |
— |
4.6 |
14y ago |
TYPO3 allows remote authenticated backend users to unserialize arbitrary objects |
|
| CVE-2014-9508 |
medium |
— |
4.3 |
12y ago |
Typo3 Open Redirect In Frontend Rendering |
|
| CVE-2013-7341 |
medium |
— |
4.3 |
12y ago |
Moodle cross-site scripting (XSS) vulnerabilities |
|
| CVE-2012-3531 |
medium |
— |
4.3 |
14y ago |
Typo3 Install Tool XSS Vulnerability |
|
| CVE-2012-3530 |
medium |
— |
4.3 |
14y ago |
Typo3 API XSS Vulnerability |
|
| CVE-2012-2112 |
medium |
— |
4.3 |
14y ago |
Typo3 Exception Handler XSS |
|
| CVE-2014-3946 |
medium |
— |
4.0 |
12y ago |
Typo3 Information Disclosure |
|
| CVE-2014-3945 |
medium |
— |
4.0 |
12y ago |
TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash |
|
| CVE-2012-6146 |
medium |
— |
4.0 |
12y ago |
Typo3 Backend History Module Vulnerable to XSS |
|
| CVE-2013-7073 |
medium |
— |
4.0 |
13y ago |
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component |
|
| CVE-2010-5101 |
medium |
— |
4.0 |
14y ago |
TYPO3 Directory Traversal vulnerability |
|