Vulnerabilities > Typo3 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-28 | CVE-2009-3821 | Cross-Site Scripting vulnerability in Apache Solr 1.0.0 Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-06-17 | CVE-2009-2104 | Cross-Site Scripting vulnerability in UDO VON Eynern Modern Guest Book Commenting System Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-04-10 | CVE-2008-6699 | Cross-Site Scripting vulnerability in Typo3 TJS Reslib and Typo3 Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2009-04-10 | CVE-2008-6698 | Cross-Site Scripting vulnerability in Michael Fritz Worldcup Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2009-04-10 | CVE-2008-6688 | Cross-Site Scripting vulnerability in Kevin Renskers Dmmjobcontrol Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2009-04-10 | CVE-2008-6687 | Cross-Site Scripting vulnerability in David Cadu Dcdgooglemap Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2009-04-07 | CVE-2009-1264 | Permissions, Privileges, and Access Controls vulnerability in Stanislas Rolland SR Feuser Register Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | 4.0 |
| 2009-03-05 | CVE-2009-0816 | Cross-Site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. | 4.3 |
| 2009-03-05 | CVE-2009-0815 | Information Exposure vulnerability in Typo3 The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request. | 5.0 |
| 2009-02-27 | CVE-2008-6346 | Cross-Site Scripting vulnerability in Dennis Royer DR Wiki Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |