Typo3 CVEs and Security Vulnerabilities

Filtered by vendor Typo3 Subscriptions

Filtered by product Typo3 Subscriptions

Search

Switch to Advanced Search (Beta)

Total 472 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2010-2131	2 Mario Matzulla, Typo3	2 Cal, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.
CVE-2013-6289	2 Ingo Renner, Typo3	2 Apache Solr, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-3980	2 Jerome Schneider, Typo3	2 Ameos Dragndropupload, Typo3	2025-04-11	N/A
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors.
CVE-2013-4746	2 Kurt Gusbeth, Typo3	2 Myquizpoll, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7077	1 Typo3	1 Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4968	2 Christian Ehmann, Typo3	2 Event Registr, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4963	1 Typo3	2 Commerce Extension, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5305	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4954	2 Typo3, Websedit	2 Typo3, Sk Calendar	2025-04-11	N/A
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4953	2 Stefan Geith, Typo3	2 Sg Userdata, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6288	2 Ingo Renner, Typo3	2 Apache Solr, Typo3	2025-04-11	N/A
Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
CVE-2013-5307	2 Kennziffer, Typo3	2 Ke Search, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4951	2 Hans Olthoff, Typo3	2 Alternet Csa Out, Typo3	2025-04-11	N/A
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2009-4949	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5303	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
CVE-2009-4803	2 Andreas Schwarzkopf, Typo3	2 Accessibility Glossary, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4802	2 Joachim Ruhs, Typo3	2 Flat Manager, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4871	2 Markus Blaschke, Typo3	2 Tq Seo, Typo3	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-5304	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5308	2 Juralsulek, Typo3	2 Realurlmanagement, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

« first previous Page 7 of 24. next last »