Vulnerabilities > Typo3 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-22 | CVE-2009-4391 | Cross-Site Scripting vulnerability in Daniel Regelein DR Blob 2.1.1 Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-22 | CVE-2009-4389 | Information Disclosure vulnerability in Aba Watchdog 2.0.0/2.0.1 Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | 5.0 |
| 2009-12-22 | CVE-2009-4388 | Cross-Site Scripting vulnerability in Frank Krger NL Listman 1.2.1 Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-17 | CVE-2009-4346 | Cross-Site Scripting vulnerability in Toni Milovan FE Rtenews 1.4.1 Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-17 | CVE-2009-4345 | Cross-Site Scripting vulnerability in Jonas Renggli Vshoutbox 0.0.1 Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-17 | CVE-2009-4344 | Cross-Site Scripting vulnerability in Tobias Sommer ZID Linklist 1.0.0 Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-17 | CVE-2009-4343 | Cross-Site Scripting vulnerability in Dominic Eckart Trainincdb 0.4.7 Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-17 | CVE-2009-4340 | Cross-Site Scripting vulnerability in Mischa Heissmann NO Indexed Search 0.2.0 Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-17 | CVE-2009-4336 | Cross-Site Scripting vulnerability in Simon Rundell PD Calendar Today 0.0.3 Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-02 | CVE-2009-4167 | Unspecified vulnerability in Lukas Taferner IT Basetag 1.0.0 Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors. | 6.4 |