Vulnerabilities > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-06-03 | CVE-2008-2526 | Cross-Site Scripting vulnerability in Typo3 WT Gallery 2.50 Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-06-03 | CVE-2008-2525 | Cross-Site Scripting vulnerability in Typo3 Rlmp Eventdb Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-05-28 | CVE-2008-2490 | Cross-Site Scripting vulnerability in Typo3 KJ Imagelightbox2 Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input." | 4.3 |
2008-05-28 | CVE-2008-2489 | SQL Injection vulnerability in Typo3 SG Zfelib SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input." | 7.5 |
2008-05-19 | CVE-2008-2345 | Code Injection vulnerability in Typo3 AIR Filemanager Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering." | 10.0 |
2008-05-19 | CVE-2008-2344 | Cross-Site Scripting vulnerability in Typo3 AIR Filemanager 0.6.0 Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-05-16 | CVE-2008-2275 | Code Injection vulnerability in Typo3 SR Feuser Register Extension Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors. | 7.5 |
2008-05-16 | CVE-2008-2274 | Cross-Site Scripting vulnerability in Typo3 SR Feuser Register Extension Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-12-15 | CVE-2007-6381 | SQL Injection vulnerability in Typo3 SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2007-02-22 | CVE-2007-1081 | Unspecified vulnerability in Typo3 The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. | 7.5 |