Typo3 CVEs and Security Vulnerabilities

Filtered by vendor Typo3 Subscriptions

Filtered by product Typo3 Subscriptions

Search

Switch to Advanced Search (Beta)

Total 477 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2013-5304	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5323	2 Stanislas Rolland, Typo3	2 Static Info Tables, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5305	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2112	1 Typo3	1 Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.
CVE-2012-1077	2 Manfred Egger, Typo3	2 Bc Post2facebook, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5303	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
CVE-2013-5307	2 Kennziffer, Typo3	2 Ke Search, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7074	1 Typo3	1 Typo3	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
CVE-2013-4721	2 3ds, Typo3	2 Push2rss 3ds, Typo3	2025-04-11	N/A
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1086	1 Typo3	2 Aeurltool, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4747	2 Kasper Skarhoj, Typo3	2 Accessible Is Browse Results, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5306	2 Die-netzmacher, Typo3	2 Browser, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1083	1 Typo3	2 Terminal, Typo3	2025-04-11	N/A
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-1084	1 Typo3	2 Beuserswitch, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1605	1 Typo3	1 Typo3	2025-04-11	N/A
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
CVE-2012-1085	1 Typo3	2 Beuserswitch, Typo3	2025-04-11	N/A
Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2011-5079	2 Netcreators, Typo3	2 Irfaq, Typo3	2025-04-11	N/A
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."
CVE-2011-5080	2 Juergen Furrer, Typo3	2 Jftcaforms, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4720	2 Typo3, Webempoweredchurch	2 Typo3, Wec Discussion	2025-04-11	N/A
SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4749	2 Typo3, Usertask Center Messaging Project	2 Typo3, Usertask Center Messaging	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

« first previous Page 8 of 24. next last »