Vulnerabilities > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-02-14 | CVE-2012-1084 | Cross-Site Scripting vulnerability in Typo3 Beuserswitch 0.0.1 Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-02-14 | CVE-2012-1083 | Cross-Site Request Forgery (CSRF) vulnerability in Typo3 Terminal Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2012-02-14 | CVE-2012-1082 | Cross-Site Scripting vulnerability in Typo3 Terminal Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2012-02-14 | CVE-2012-1081 | Cross-Site Scripting vulnerability in Roderick Braun YA Googlesearch Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-02-14 | CVE-2012-1080 | Cross-Site Scripting vulnerability in Typo3 SKT Eurocalc 0.0.1 Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-02-14 | CVE-2012-1079 | Remote Code Execution vulnerability in TYPO3 Webservices Extension Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | 6.5 |
2012-02-14 | CVE-2012-1078 | Permissions, Privileges, and Access Controls vulnerability in Claus DUE Sysutils The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." | 5.0 |
2012-02-14 | CVE-2012-1077 | SQL Injection vulnerability in Manfred Egger BC Post2Facebook 0.2.0 SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-02-14 | CVE-2012-1076 | Cross-Site Scripting vulnerability in Robert Gonda RTG Files Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-02-14 | CVE-2012-1075 | SQL Injection vulnerability in Robert Gonda RTG Files SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |