Search CVE reports


Toggle filters

11 – 20 of 126 results


CVE-2020-15099

Unknown priority
Ignored

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code...

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src Not in release Not in release Not in release
Show less packages

CVE-2020-15098

Unknown priority
Ignored

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary...

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src Not in release Not in release Not in release
Show less packages

CVE-2011-3584

Medium priority
Ignored

The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src
Show less packages

CVE-2011-3583

Medium priority
Ignored

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more...

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src
Show less packages

CVE-2011-4904

Medium priority

Some fixes available 1 of 5

TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src
Show less packages

CVE-2011-4903

Low priority

Some fixes available 1 of 5

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src
Show less packages

CVE-2011-4902

Medium priority

Some fixes available 1 of 5

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src
Show less packages

CVE-2011-4901

Medium priority

Some fixes available 1 of 5

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src
Show less packages

CVE-2011-4900

Medium priority

Some fixes available 1 of 5

TYPO3 before 4.5.4 allows Information Disclosure in the backend.

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src
Show less packages

CVE-2011-4632

Medium priority

Some fixes available 1 of 5

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.

1 affected package

typo3-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
typo3-src
Show less packages