Vulnerabilities > Typo3 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-15 | CVE-2009-4707 | Cross-Site Scripting vulnerability in Maximo Cuadros GB Fenewssubmit Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-15 | CVE-2009-4706 | Cross-Site Scripting vulnerability in Sebastian Winterhalder Mailform Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-15 | CVE-2009-4705 | Cross-Site Scripting vulnerability in Thomas Loeffler Twittersearch 0.0.1/0.0.2 Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-03-15 | CVE-2009-4704 | Information Disclosure vulnerability in Ws Ecard Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |
| 2010-03-02 | CVE-2010-0797 | Cross-Site Scripting vulnerability in Snowflake T3Blog 0.5.0/0.6.0/0.6.1 Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-02-22 | CVE-2010-0286 | Security Bypass vulnerability in Typo3 4.3.0 Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication. | 5.1 |
| 2010-01-15 | CVE-2010-0347 | Cross-Site Scripting vulnerability in Typo3 VD Gemomap Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-01-15 | CVE-2010-0346 | Cross-Site Scripting vulnerability in Typo3 Mimi Tipfriends Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-01-15 | CVE-2010-0345 | Cross-Site Scripting vulnerability in Typo3 Majordomo Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-01-15 | CVE-2010-0336 | Information Disclosure vulnerability in kiddog_mysqldumper Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | 5.0 |