Filtered by vendor Typo3
Subscriptions
Total
521 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-6686 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2025-04-09 | N/A |
SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
CVE-2008-6687 | 2 David Cadu, Typo3 | 2 Dcdgooglemap, Typo3 | 2025-04-09 | N/A |
Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
CVE-2009-4336 | 2 Simon Rundell, Typo3 | 2 Pd Calendar Today, Typo3 | 2025-04-09 | N/A |
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4337 | 2 Simon Rundell, Typo3 | 2 Pd Calendar Today, Typo3 | 2025-04-09 | N/A |
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691. | ||||
CVE-2008-4188 | 1 Typo3 | 1 Secure Directory | 2025-04-09 | N/A |
Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters." | ||||
CVE-2008-5799 | 1 Typo3 | 2 Typo3, Wir Ber Uns Extension | 2025-04-09 | N/A |
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-5801 | 1 Typo3 | 1 Dictionary Extension | 2025-04-09 | N/A |
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. | ||||
CVE-2009-0815 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request. | ||||
CVE-2008-2489 | 1 Typo3 | 1 Sg Zfelib | 2025-04-09 | N/A |
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input." | ||||
CVE-2008-6144 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2025-04-09 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. | ||||
CVE-2008-6685 | 2 Thomas Waggershauser, Typo3 | 2 Air Filemanager, Typo3 | 2025-04-09 | N/A |
Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
CVE-2008-6688 | 2 Kevin Renskers, Typo3 | 2 Dmmjobcontrol, Typo3 | 2025-04-09 | N/A |
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
CVE-2008-6691 | 2 Diocese Of Portsmouth, Typo3 | 2 Pd Calendar Today, Typo3 | 2025-04-09 | N/A |
SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
CVE-2008-6696 | 2 Manu Oehler, Typo3 | 2 Toto, Typo3 | 2025-04-09 | N/A |
SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
CVE-2008-6697 | 2 Michael Fritz, Typo3 | 2 Worldcup, Typo3 | 2025-04-09 | N/A |
SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
CVE-2008-6698 | 2 Michael Fritz, Typo3 | 2 Worldcup, Typo3 | 2025-04-09 | N/A |
Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
CVE-2008-6699 | 1 Typo3 | 2 Tjs Reslib, Typo3 | 2025-04-09 | N/A |
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
CVE-2008-4661 | 1 Typo3 | 2 Page Improvements, Typo3 | 2025-04-09 | N/A |
Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-6344 | 1 Typo3 | 2 Tu-clausthal Staff, Typo3 | 2025-04-09 | N/A |
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-0257 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. |