Vulnerabilities > Typo3 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-27 | CVE-2008-6343 | Cross-Site Scripting vulnerability in Typo3 Tu-Clausthal Odin Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-02-27 | CVE-2008-6342 | Information Exposure vulnerability in Lobacher Patrick Simplefilebrowser 1.0.0/1.0.1 Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | 5.0 |
| 2009-02-27 | CVE-2008-6341 | Cross-Site Scripting vulnerability in Typo3 SB Universal Plugin Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-02-27 | CVE-2008-6340 | Cross-Site Scripting vulnerability in Mathieu Vidal MV VOX Populi 0.1.0/0.2.0 Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-02-16 | CVE-2008-6144 | Cross-Site Scripting vulnerability in Typo3 WEC Discussion Forum Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. | 4.3 |
| 2009-01-28 | CVE-2008-5995 | Cross-Site Scripting vulnerability in Typo3 Freecap Captcha Extension 1.0.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-01-22 | CVE-2009-0257 | Cross-Site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. | 4.3 |
| 2008-12-31 | CVE-2008-5799 | Cross-Site Scripting vulnerability in Typo3 WIR BER UNS Extension 0.0.23 Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-12-31 | CVE-2008-5795 | Cross-Site Scripting vulnerability in Typo3 Eluna Page Comments Extension Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-12-17 | CVE-2008-5656 | Cross-Site Scripting vulnerability in Typo3 4.2.0/4.2.1/4.2.2 Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |