Vulnerabilities > Typo3 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-02-14 | CVE-2012-1086 | Cross-Site Scripting vulnerability in Typo3 Aeurltool 0.1.0 Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-02-14 | CVE-2012-1085 | Cross-Site Scripting and Information Disclosure vulnerability in Typo3 Beuserswitch 0.0.1 Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |
| 2012-02-14 | CVE-2012-1084 | Cross-Site Scripting vulnerability in Typo3 Beuserswitch 0.0.1 Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-02-14 | CVE-2012-1083 | Cross-Site Request Forgery (CSRF) vulnerability in Typo3 Terminal Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2012-02-14 | CVE-2012-1081 | Cross-Site Scripting vulnerability in Roderick Braun YA Googlesearch Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-02-14 | CVE-2012-1080 | Cross-Site Scripting vulnerability in Typo3 SKT Eurocalc 0.0.1 Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-02-14 | CVE-2012-1079 | Remote Code Execution vulnerability in TYPO3 Webservices Extension Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | 6.5 |
| 2012-02-14 | CVE-2012-1078 | Permissions, Privileges, and Access Controls vulnerability in Claus DUE Sysutils The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." | 5.0 |
| 2012-02-14 | CVE-2012-1076 | Cross-Site Scripting vulnerability in Robert Gonda RTG Files Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-02-14 | CVE-2012-1073 | Cross-Site Scripting vulnerability in Typo3 TOI Category Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |