Typo3

Typo3

214 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2018-6905

Exploit
  • EPSS 2.27%
  • Veröffentlicht 08.04.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:23

The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.

5.4

CVE-2010-3659

  • EPSS 0.26%
  • Veröffentlicht 20.10.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified para...

8.8

CVE-2017-14251

Exploit
  • EPSS 3.54%
  • Veröffentlicht 11.09.2017 09:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequentl...

5.3

CVE-2017-6370

Exploit
  • EPSS 0.11%
  • Veröffentlicht 17.03.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

6.1

CVE-2016-4056

Exploit
  • EPSS 0.31%
  • Veröffentlicht 23.01.2017 21:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.

8.1

CVE-2016-5091

  • EPSS 2.37%
  • Veröffentlicht 23.01.2017 21:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

6.1

CVE-2015-8760

  • EPSS 0.27%
  • Veröffentlicht 08.01.2016 19:59:26
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."

5.4

CVE-2015-8759

  • EPSS 0.19%
  • Veröffentlicht 08.01.2016 19:59:25
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.

5.4

CVE-2015-8758

  • EPSS 0.22%
  • Veröffentlicht 08.01.2016 19:59:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

6.1

CVE-2015-8757

  • EPSS 0.3%
  • Veröffentlicht 08.01.2016 19:59:23
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension i...