Vulnerabilities > Typo3 > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-21370 Cross-site Scripting vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3 CWE-79
5.4
2021-03-23 CVE-2021-21358 Cross-site Scripting vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3 CWE-79
5.4
2021-03-23 CVE-2021-21340 Cross-site Scripting vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3 CWE-79
5.4
2021-03-23 CVE-2021-21338 Open Redirect vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3 CWE-601
6.1
2020-11-23 CVE-2020-26227 Cross-site Scripting vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3 CWE-79
6.1
2020-11-17 CVE-2020-26216 Cross-site Scripting vulnerability in Typo3 Fluid
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting.
network
low complexity
typo3 CWE-79
6.1
2020-10-08 CVE-2020-15241 Cross-site Scripting vulnerability in Typo3 Fluid Engine and Typo3
TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`.
network
low complexity
typo3 CWE-79
6.1
2020-05-13 CVE-2020-11065 Cross-site Scripting vulnerability in Typo3
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly.
network
low complexity
typo3 CWE-79
5.4
2020-05-13 CVE-2020-11064 Cross-site Scripting vulnerability in Typo3
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting.
network
low complexity
typo3 CWE-79
5.4
2020-05-13 CVE-2020-11070 Cross-site Scripting vulnerability in Typo3 SVG Sanitizer 1.0.0/1.0.1/1.0.2
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3.
network
low complexity
typo3 CWE-79
5.4