Vulnerabilities > Typo3 > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-26229 | XXE vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 3.6 |
| 2020-05-13 | CVE-2020-11064 | Cross-site Scripting vulnerability in Typo3 In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. | 3.5 |
| 2020-05-13 | CVE-2020-11065 | Cross-site Scripting vulnerability in Typo3 In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. | 3.5 |
| 2020-05-13 | CVE-2020-11070 | Cross-site Scripting vulnerability in Typo3 SVG Sanitizer 1.0.0/1.0.1/1.0.2 The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. | 3.5 |
| 2019-11-06 | CVE-2011-4629 | Cross-site Scripting vulnerability in Typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | 3.5 |
| 2019-11-06 | CVE-2011-4630 | Cross-site Scripting vulnerability in Typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | 3.5 |
| 2019-11-06 | CVE-2011-4631 | Cross-site Scripting vulnerability in Typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | 3.5 |
| 2019-11-06 | CVE-2011-4632 | Cross-site Scripting vulnerability in Typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | 3.5 |
| 2019-11-04 | CVE-2010-3665 | Cross-site Scripting vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | 3.5 |
| 2019-11-01 | CVE-2010-3660 | Cross-site Scripting vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | 3.5 |