Vulnerabilities > Typo3 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-25 | CVE-2010-4068 | Improper Input Validation vulnerability in Typo3 Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. | 4.9 |
| 2010-10-25 | CVE-2010-3717 | Permissions, Privileges, and Access Controls vulnerability in Typo3 The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | 5.0 |
| 2010-10-25 | CVE-2010-3716 | Improper Input Validation vulnerability in Typo3 The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. | 6.0 |
| 2010-10-25 | CVE-2010-3715 | Cross-Site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend. | 4.3 |
| 2010-09-29 | CVE-2010-3687 | Security Bypass vulnerability in Powermail Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonstrated using the (1) Email and (2) URL fields. | 5.0 |
| 2010-09-24 | CVE-2010-3605 | Cross-Site Scripting vulnerability in Alex Kellner Powermail Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-07-22 | CVE-2009-4956 | Cross-Site Scripting vulnerability in Wapplersystems WS Stats 0.0.13/0.0.15/0.1.0 Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-07-22 | CVE-2009-4953 | Cross-Site Scripting vulnerability in Stefan Geith SG Userdata Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-07-22 | CVE-2009-4951 | Information Exposure vulnerability in Hans Olthoff Alternet CSA OUT Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |
| 2010-07-22 | CVE-2009-4948 | Cross-Site Scripting vulnerability in Joachim Ruhs Locator Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |