Vulnerabilities > Typo3

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2011-4631 Cross-site Scripting vulnerability in Typo3
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
network
low complexity
typo3 CWE-79
5.4
5.4
2019-11-06 CVE-2011-4630 Cross-site Scripting vulnerability in Typo3
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.
network
low complexity
typo3 CWE-79
5.4
5.4
2019-11-06 CVE-2011-4629 Cross-site Scripting vulnerability in Typo3
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.
network
low complexity
typo3 CWE-79
5.4
5.4
2019-11-06 CVE-2011-4628 Improper Authentication vulnerability in Typo3
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
network
low complexity
typo3 CWE-287
critical
 9.8
9.8
2019-11-06 CVE-2011-4627 Information Exposure vulnerability in Typo3
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
network
low complexity
typo3 CWE-200
6.5
6.5
2019-11-06 CVE-2011-4626 Cross-site Scripting vulnerability in Typo3
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
network
low complexity
typo3 CWE-79
6.1
6.1
2019-11-05 CVE-2010-3674 Cross-site Scripting vulnerability in multiple products
TYPO3 before 4.4.1 allows XSS in the frontend search box.
network
low complexity
typo3 debian CWE-79
6.1
6.1
2019-11-05 CVE-2010-3673 Information Exposure vulnerability in Typo3
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
network
low complexity
typo3 CWE-200
5.3
5.3
2019-11-05 CVE-2010-3672 Cross-site Scripting vulnerability in Typo3
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
network
low complexity
typo3 CWE-79
6.1
6.1
2019-11-05 CVE-2010-3671 Session Fixation vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
network
low complexity
typo3 CWE-384
6.5
6.5