Vulnerabilities > Typo3 > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-06 | CVE-2011-4626 | Cross-site Scripting vulnerability in Typo3 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | 4.3 |
2019-11-05 | CVE-2010-3674 | Cross-site Scripting vulnerability in multiple products TYPO3 before 4.4.1 allows XSS in the frontend search box. | 4.3 |
2019-11-05 | CVE-2010-3673 | Information Exposure vulnerability in Typo3 TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | 5.0 |
2019-11-05 | CVE-2010-3672 | Cross-site Scripting vulnerability in Typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. | 4.3 |
2019-11-05 | CVE-2010-3670 | Inadequate Encryption Strength vulnerability in Typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | 5.8 |
2019-11-04 | CVE-2010-3669 | Cross-site Scripting vulnerability in Typo3 TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. | 4.9 |
2019-11-04 | CVE-2010-3668 | Injection vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | 5.0 |
2019-11-04 | CVE-2010-3667 | Improper Input Validation vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. | 5.0 |
2019-11-04 | CVE-2010-3666 | Use of Insufficiently Random Values vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | 5.0 |
2019-11-04 | CVE-2010-3664 | Information Exposure vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | 4.0 |