Typo3

Typo3

222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.61%
  • Veröffentlicht 02.11.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:03

SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute...

  • EPSS 0.95%
  • Veröffentlicht 02.11.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:03

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via u...

  • EPSS 1.96%
  • Veröffentlicht 02.11.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:03

Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • EPSS 2.06%
  • Veröffentlicht 02.11.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:03

The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.

  • EPSS 1.96%
  • Veröffentlicht 02.11.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:04

Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified ...

  • EPSS 1.03%
  • Veröffentlicht 10.04.2009 22:00:00
  • Zuletzt bearbeitet 16.06.2026 23:02:47

Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • EPSS 42.23%
  • Veröffentlicht 05.03.2009 02:30:00
  • Zuletzt bearbeitet 16.06.2026 23:05:52

The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by...

  • EPSS 1.06%
  • Veröffentlicht 05.03.2009 02:30:00
  • Zuletzt bearbeitet 16.06.2026 23:05:52

Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via un...

  • EPSS 1.79%
  • Veröffentlicht 22.01.2009 23:30:04
  • Zuletzt bearbeitet 16.06.2026 23:04:36

Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend aut...

  • EPSS 1.56%
  • Veröffentlicht 22.01.2009 23:30:04
  • Zuletzt bearbeitet 16.06.2026 23:04:36

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) ...