Vulnerabilities > Typo3

DATE CVE VULNERABILITY TITLE RISK
2008-06-03 CVE-2008-2526 Cross-Site Scripting vulnerability in Typo3 WT Gallery 2.50
Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
2008-06-03 CVE-2008-2525 Cross-Site Scripting vulnerability in Typo3 Rlmp Eventdb
Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
2008-05-28 CVE-2008-2490 Cross-Site Scripting vulnerability in Typo3 KJ Imagelightbox2
Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."
network
typo3 CWE-79
4.3
2008-05-28 CVE-2008-2489 SQL Injection vulnerability in Typo3 SG Zfelib
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."
network
low complexity
typo3 CWE-89
7.5
2008-05-19 CVE-2008-2345 Code Injection vulnerability in Typo3 AIR Filemanager
Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering."
network
low complexity
typo3 CWE-94
critical
10.0
2008-05-19 CVE-2008-2344 Cross-Site Scripting vulnerability in Typo3 AIR Filemanager 0.6.0
Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
2008-05-16 CVE-2008-2275 Code Injection vulnerability in Typo3 SR Feuser Register Extension
Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors.
network
low complexity
typo3 CWE-94
7.5
2008-05-16 CVE-2008-2274 Cross-Site Scripting vulnerability in Typo3 SR Feuser Register Extension
Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
2007-12-15 CVE-2007-6381 SQL Injection vulnerability in Typo3
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
6.5
2007-02-22 CVE-2007-1081 Unspecified vulnerability in Typo3
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors.
network
low complexity
typo3
7.5