Typo3

Typo3

219 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2013-4321

  • EPSS 0.49%
  • Veröffentlicht 20.05.2014 14:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exi...

2.6

CVE-2013-7078

  • EPSS 0.49%
  • Veröffentlicht 19.01.2014 18:55:05
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Prop...

4

CVE-2013-7073

  • EPSS 0.28%
  • Veröffentlicht 23.12.2013 23:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via u...

6.5

CVE-2013-7075

  • EPSS 0.41%
  • Veröffentlicht 23.12.2013 23:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possi...

5.8

CVE-2013-7079

  • EPSS 0.29%
  • Veröffentlicht 23.12.2013 23:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via u...

5.8

CVE-2013-7080

  • EPSS 0.27%
  • Veröffentlicht 23.12.2013 23:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration ...

4.9

CVE-2013-7081

  • EPSS 0.17%
  • Veröffentlicht 23.12.2013 23:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restricti...

3.5

CVE-2013-7074

  • EPSS 0.34%
  • Veröffentlicht 21.12.2013 00:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject ...

4.3

CVE-2013-7076

  • EPSS 0.48%
  • Veröffentlicht 21.12.2013 00:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2013-7077

  • EPSS 0.33%
  • Veröffentlicht 21.12.2013 00:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.