Vulnerabilities (CVE)

Filtered by vendor Typo3 Subscribe
Total 483 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-6289 2 Ingo Renner, Typo3 2 Apache Solr, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0797 2 Snowflake, Typo3 2 T3blog, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4746 2 Kurt Gusbeth, Typo3 2 Myquizpoll, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1021 2 Mads Brunn, Typo3 2 T3quixplorer, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4657 1 Typo3 2 Econda Plugin, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-3043 1 Typo3 1 Wec Discussion Forum 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."
CVE-2008-6459 1 Typo3 2 Autobeuser, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3636 1 Typo3 1 Typo3 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2009-0258 1 Typo3 1 Typo3 2025-04-09 10.0 HIGH N/A
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
CVE-2008-3040 1 Typo3 1 Dam Frontend Extension 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2007-1081 1 Typo3 1 Typo3 2025-04-09 7.5 HIGH N/A
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
CVE-2009-3631 1 Typo3 1 Typo3 2025-04-09 8.5 HIGH N/A
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
CVE-2009-4339 2 Stephan Vits, Typo3 2 Mf Subscription, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2008-6346 2 Dennis Royer, Typo3 2 Dr Wiki, Typo3 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2106 2 Projektseminar Proservice Wwu, Typo3 2 Virtual Civil Services, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-6381 1 Typo3 1 Typo3 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5799 1 Typo3 2 Typo3, Wir Ber Uns Extension 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3819 2 Typo3, Urs Maag 2 Typo3, Maag Randomimage 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.
CVE-2008-3044 1 Typo3 1 News Calendar Extension 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6460 2 Mirko Werner, Typo3 2 Mw Random Objects, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.