Vulnerabilities > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-08-16 | CVE-2013-5305 | Cross-Site Scripting vulnerability in Joachim Ruhs Locator Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-08-16 | CVE-2013-5304 | SQL Injection vulnerability in Joachim Ruhs Locator SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-08-16 | CVE-2013-5303 | Security vulnerability in TYPO3 Store Locator Extension Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." | 10.0 |
2013-08-16 | CVE-2013-5302 | SQL Injection vulnerability in Kennziffer KE Search SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-07-20 | CVE-2013-4871 | Cross-Site Request Forgery (CSRF) vulnerability in Markus Blaschke TQ SEO 5.0.0 Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2013-07-20 | CVE-2013-4870 | SQL Injection vulnerability in News Search Project News Search 0.1.0 SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-07-01 | CVE-2013-4749 | Cross-Site Scripting vulnerability in Usertask Center Messaging Project Usertask Center Messaging Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-07-01 | CVE-2013-4748 | SQL Injection vulnerability in Georg Ringer News SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-07-01 | CVE-2013-4747 | Cross-Site Scripting vulnerability in Kasper Skarhoj Accessible IS Browse Results 1.2.1 Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-07-01 | CVE-2013-4746 | Cross-Site Scripting vulnerability in Kurt Gusbeth Myquizpoll Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |