Vulnerabilities > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-17 | CVE-2019-19849 | Deserialization of Untrusted Data vulnerability in Typo3 An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. | 8.8 |
2019-12-17 | CVE-2019-19848 | Path Traversal vulnerability in Typo3 An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. | 7.2 |
2019-11-26 | CVE-2011-3583 | SQL Injection vulnerability in Typo3 It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. | 9.8 |
2019-11-06 | CVE-2011-4904 | Improper Input Validation vulnerability in Typo3 TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | 6.5 |
2019-11-06 | CVE-2011-4903 | Cross-site Scripting vulnerability in Typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. | 6.1 |
2019-11-06 | CVE-2011-4902 | Improper Input Validation vulnerability in Typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | 6.5 |
2019-11-06 | CVE-2011-4901 | Information Exposure vulnerability in Typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | 6.5 |
2019-11-06 | CVE-2011-4900 | Information Exposure vulnerability in multiple products TYPO3 before 4.5.4 allows Information Disclosure in the backend. | 6.5 |
2019-11-06 | CVE-2011-4632 | Cross-site Scripting vulnerability in Typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | 5.4 |
2019-11-06 | CVE-2011-4631 | Cross-site Scripting vulnerability in Typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | 5.4 |