Vulnerabilities > Typo3 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2021-21370 | Cross-site Scripting vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 5.4 |
| 2021-03-23 | CVE-2021-21358 | Cross-site Scripting vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 5.4 |
| 2021-03-23 | CVE-2021-21340 | Cross-site Scripting vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 5.4 |
| 2021-03-23 | CVE-2021-21338 | Open Redirect vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 6.1 |
| 2020-11-23 | CVE-2020-26227 | Cross-site Scripting vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 6.1 |
| 2020-11-17 | CVE-2020-26216 | Cross-site Scripting vulnerability in Typo3 Fluid TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. | 6.1 |
| 2020-10-08 | CVE-2020-15241 | Cross-site Scripting vulnerability in Typo3 Fluid Engine and Typo3 TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. | 6.1 |
| 2020-05-13 | CVE-2020-11065 | Cross-site Scripting vulnerability in Typo3 In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. | 5.4 |
| 2020-05-13 | CVE-2020-11064 | Cross-site Scripting vulnerability in Typo3 In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. | 5.4 |
| 2020-05-13 | CVE-2020-11070 | Cross-site Scripting vulnerability in Typo3 SVG Sanitizer 1.0.0/1.0.1/1.0.2 The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. | 5.4 |