Vulnerabilities > Typo3 > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2020-8091 Cross-site Scripting vulnerability in Typo3
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
network
typo3 CWE-79
4.3
2019-12-17 CVE-2019-19850 SQL Injection vulnerability in Typo3
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2.
network
low complexity
typo3 CWE-89
6.5
2019-12-17 CVE-2019-19849 Deserialization of Untrusted Data vulnerability in Typo3
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2.
network
low complexity
typo3 CWE-502
6.5
2019-12-17 CVE-2019-19848 Path Traversal vulnerability in Typo3
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2.
network
low complexity
typo3 CWE-22
6.5
2019-11-06 CVE-2011-4904 Improper Input Validation vulnerability in Typo3
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
network
low complexity
typo3 CWE-20
4.0
2019-11-06 CVE-2011-4903 Cross-site Scripting vulnerability in Typo3
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
network
typo3 CWE-79
4.3
2019-11-06 CVE-2011-4902 Improper Input Validation vulnerability in Typo3
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
network
low complexity
typo3 CWE-20
5.5
2019-11-06 CVE-2011-4901 Information Exposure vulnerability in Typo3
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
network
low complexity
typo3 CWE-200
4.0
2019-11-06 CVE-2011-4900 Information Exposure vulnerability in multiple products
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
network
low complexity
typo3 debian CWE-200
4.0
2019-11-06 CVE-2011-4627 Information Exposure vulnerability in Typo3
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
network
low complexity
typo3 CWE-200
4.0