Vulnerabilities > Typo3

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2016-4056 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.
network
low complexity
typo3 CWE-79
6.1
2016-01-08 CVE-2015-8760 Improper Input Validation vulnerability in Typo3
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
network
low complexity
typo3 CWE-20
6.1
2016-01-08 CVE-2015-8759 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
network
low complexity
typo3 CWE-79
5.4
2016-01-08 CVE-2015-8758 Cross-site Scripting vulnerability in Typo3
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
network
low complexity
typo3 CWE-79
5.4
2016-01-08 CVE-2015-8757 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.
network
low complexity
typo3 CWE-79
6.1
2016-01-08 CVE-2015-8756 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
typo3 CWE-79
5.4
2016-01-08 CVE-2015-8755 Cross-site Scripting vulnerability in Typo3
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
network
low complexity
typo3 CWE-79
5.4
2009-01-22 CVE-2009-0255 Use of Insufficiently Random Values vulnerability in multiple products
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
network
low complexity
typo3 debian CWE-330
7.5