Vulnerabilities > Typo3

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2011-4626 Cross-site Scripting vulnerability in Typo3
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
network
typo3 CWE-79
4.3
4.3
2019-11-05 CVE-2010-3674 Cross-site Scripting vulnerability in multiple products
TYPO3 before 4.4.1 allows XSS in the frontend search box.
network
typo3 debian CWE-79
4.3
4.3
2019-11-05 CVE-2010-3673 Information Exposure vulnerability in Typo3
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
network
low complexity
typo3 CWE-200
5.0
5.0
2019-11-05 CVE-2010-3672 Cross-site Scripting vulnerability in Typo3
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
network
typo3 CWE-79
4.3
4.3
2019-11-05 CVE-2010-3671 Session Fixation vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
network
low complexity
typo3 CWE-384
critical
 9.4
9.4
2019-11-05 CVE-2010-3670 Inadequate Encryption Strength vulnerability in Typo3
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
network
typo3 CWE-326
5.8
5.8
2019-11-04 CVE-2010-3669 Cross-site Scripting vulnerability in Typo3
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
network
typo3 CWE-79
4.9
4.9
2019-11-04 CVE-2010-3668 Injection vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
network
low complexity
typo3 CWE-74
5.0
5.0
2019-11-04 CVE-2010-3667 Improper Input Validation vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
network
low complexity
typo3 CWE-20
5.0
5.0
2019-11-04 CVE-2010-3666 Use of Insufficiently Random Values vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
network
low complexity
typo3 CWE-330
5.0
5.0