Vulnerabilities > Typo3 > Medium

DATE CVE VULNERABILITY TITLE RISK
2008-06-16 CVE-2008-2718 Cross-Site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-06-16 CVE-2008-2717 Permissions, Privileges, and Access Controls vulnerability in multiple products
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
network
low complexity
apache typo3 CWE-264
6.5
6.5
2008-06-03 CVE-2008-2526 Cross-Site Scripting vulnerability in Typo3 WT Gallery 2.50
Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-06-03 CVE-2008-2525 Cross-Site Scripting vulnerability in Typo3 Rlmp Eventdb
Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-05-28 CVE-2008-2490 Cross-Site Scripting vulnerability in Typo3 KJ Imagelightbox2
Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."
network
typo3 CWE-79
4.3
4.3
2008-05-19 CVE-2008-2344 Cross-Site Scripting vulnerability in Typo3 AIR Filemanager 0.6.0
Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-05-16 CVE-2008-2274 Cross-Site Scripting vulnerability in Typo3 SR Feuser Register Extension
Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2007-12-15 CVE-2007-6381 SQL Injection vulnerability in Typo3
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
6.5
6.5
2006-01-21 CVE-2006-0327 Information Disclosure vulnerability in Typo3 3.7.1/3.8.1
TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.
network
low complexity
typo3
5.0
5.0