Search CVE reports
11 – 20 of 126 results
CVE-2020-15099
Unknown priorityIn TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code...
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | Not in release | Not in release | Not in release |
CVE-2020-15098
Unknown priorityIn TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary...
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | Not in release | Not in release | Not in release |
CVE-2011-3584
Medium priorityThe TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | — | — | — |
CVE-2011-3583
Medium priorityIt was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more...
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | — | — | — |
CVE-2011-4904
Medium prioritySome fixes available 1 of 5
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | — | — | — |
CVE-2011-4903
Low prioritySome fixes available 1 of 5
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | — | — | — |
CVE-2011-4902
Medium prioritySome fixes available 1 of 5
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | — | — | — |
CVE-2011-4901
Medium prioritySome fixes available 1 of 5
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | — | — | — |
CVE-2011-4900
Medium prioritySome fixes available 1 of 5
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | — | — | — |
CVE-2011-4632
Medium prioritySome fixes available 1 of 5
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
1 affected package
typo3-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
typo3-src | — | — | — | — | — |