Typo3 CVEs and Security Vulnerabilities

Filtered by vendor Typo3 Subscriptions

Filtered by product Typo3 Subscriptions

Search

Switch to Advanced Search (Beta)

Total 478 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2009-2106	2 Projektseminar Proservice Wwu, Typo3	2 Virtual Civil Services, Typo3	2026-04-23	N/A
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6344	1 Typo3	2 Tu-clausthal Staff, Typo3	2026-04-23	N/A
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6144	1 Typo3	2 Typo3, Wec Discussion Forum	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029.
CVE-2008-5087	1 Typo3	2 Another Backend Login, Typo3	2026-04-23	N/A
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6340	2 Mathieu Vidal, Typo3	2 Mv Vox Populi, Typo3	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6338	2 Typo3, Weber-ebusiness	2 Typo3, Wes Facilities	2026-04-23	N/A
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6145	1 Typo3	2 Typo3, Wec Discussion Forum	2026-04-23	N/A
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0324	2 Patrick Bauerochse, Typo3	2 Ref List, Typo3	2026-04-23	N/A
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3820	2 Flagbit, Typo3	2 Fb Filebase, Typo3	2026-04-23	N/A
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6346	2 Dennis Royer, Typo3	2 Dr Wiki, Typo3	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0330	2 Julian Fries, Typo3	2 Jf Easymaps, Typo3	2026-04-23	N/A
SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0327	2 Julian Kleinhans, Typo3	2 Kj Imagelightbox2, Typo3	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490.
CVE-2009-0256	1 Typo3	1 Typo3	2026-04-23	N/A
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
CVE-2009-4397	2 Fr.simon Rundell, Typo3	2 Pd Resources, Typo3	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6456	2 Martin Helmich, Typo3	2 Hbook, Typo3	2026-04-23	N/A
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0339	1 Typo3	2 Typo3, Vm19 Userlinks	2026-04-23	N/A
SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3821	2 Apache, Typo3	2 Solr, Typo3	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0340	1 Typo3	2 Mjseventpro, Typo3	2026-04-23	N/A
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4339	2 Stephan Vits, Typo3	2 Mf Subscription, Typo3	2026-04-23	N/A
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-3634	1 Typo3	1 Typo3	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

« first previous Page 4 of 24. next last »