Vulnerabilities > Typo3 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-04-20 | CVE-2010-1153 | Code Injection vulnerability in Typo3 4.3.0/4.3.1/4.3.2 PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. | 6.8 |
| 2010-03-30 | CVE-2010-1218 | Cross-Site Scripting vulnerability in MM Forum Mmforum Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-19 | CVE-2010-1025 | Cross-Site Scripting vulnerability in Chris Wederka TGM Newsletter 0.0.2 Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-19 | CVE-2010-1021 | Cross-Site Scripting vulnerability in Mads Brunn T3Quixplorer Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-19 | CVE-2010-1020 | Cross-Site Scripting vulnerability in Sk-Typo3 SK Simplegallery 0.0.1 Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-19 | CVE-2010-1014 | Cross-Site Scripting vulnerability in Steffen Kamper Reports Logview Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-19 | CVE-2010-1011 | Cross-Site Scripting vulnerability in TIM Lochmueller Mydashboard Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-19 | CVE-2010-1008 | Cross-Site Scripting vulnerability in Christian Hennecke Chsellector 0.1.0 Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-19 | CVE-2010-1007 | Information Exposure vulnerability in CHI Hoang CH Lightem Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |
| 2010-03-19 | CVE-2010-1005 | Cross-Site Scripting vulnerability in Mischa Heimann Yatse Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |