Typo3

Typo3

218 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2009-3636

  • EPSS 0.44%
  • Veröffentlicht 02.11.2009 15:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified ...

4.3

CVE-2008-6699

  • EPSS 0.29%
  • Veröffentlicht 10.04.2009 22:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

5

CVE-2009-0815

  • EPSS 49.8%
  • Veröffentlicht 05.03.2009 02:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by...

4.3

CVE-2009-0816

  • EPSS 0.29%
  • Veröffentlicht 05.03.2009 02:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via un...

7.5

CVE-2009-0256

  • EPSS 0.91%
  • Veröffentlicht 22.01.2009 23:30:04
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend aut...

4.3

CVE-2009-0257

  • EPSS 0.71%
  • Veröffentlicht 22.01.2009 23:30:04
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) ...

10

CVE-2009-0258

  • EPSS 3.39%
  • Veröffentlicht 22.01.2009 23:30:04
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which...

7.5

CVE-2009-0255

  • EPSS 5.11%
  • Veröffentlicht 22.01.2009 23:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

4.3

CVE-2008-5656

  • EPSS 0.25%
  • Veröffentlicht 17.12.2008 20:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3

CVE-2008-5644

  • EPSS 0.36%
  • Veröffentlicht 17.12.2008 18:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.