CVE-2020-11063
- EPSS 1.19%
- Veröffentlicht 13.05.2020 23:15:11
- Zuletzt bearbeitet 03.12.2024 20:15:13
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backen...
CVE-2020-11064
- EPSS 0.54%
- Veröffentlicht 13.05.2020 23:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:42
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site ...
CVE-2020-11065
- EPSS 0.54%
- Veröffentlicht 13.05.2020 23:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:42
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties ...
CVE-2020-8091
- EPSS 5.21%
- Veröffentlicht 27.01.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:38:17
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
CVE-2019-19850
- EPSS 0.87%
- Veröffentlicht 17.12.2019 17:15:18
- Zuletzt bearbeitet 21.11.2024 04:35:31
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system exte...
CVE-2019-19848
- EPSS 1.45%
- Veröffentlicht 17.12.2019 17:15:17
- Zuletzt bearbeitet 21.11.2024 04:35:31
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are re...
CVE-2019-19849
- EPSS 1.27%
- Veröffentlicht 17.12.2019 17:15:17
- Zuletzt bearbeitet 21.11.2024 04:35:31
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the s...
CVE-2011-3583
- EPSS 1.37%
- Veröffentlicht 26.11.2019 00:15:11
- Zuletzt bearbeitet 21.11.2024 01:30:47
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to...
CVE-2011-4632
- EPSS 0.68%
- Veröffentlicht 06.11.2019 17:15:11
- Zuletzt bearbeitet 21.11.2024 01:32:42
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
CVE-2011-4900
- EPSS 0.95%
- Veröffentlicht 06.11.2019 17:15:11
- Zuletzt bearbeitet 21.11.2024 01:33:15
TYPO3 before 4.5.4 allows Information Disclosure in the backend.