Vulnerabilities > Typo3 > Typo3 > 4.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-14 | CVE-2022-23501 | Improper Authentication vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 6.5 |
| 2021-04-27 | CVE-2021-21365 | Cross-site Scripting vulnerability in Typo3 Bootstrap Package is a theme for TYPO3. | 3.5 |
| 2019-12-17 | CVE-2019-19849 | Deserialization of Untrusted Data vulnerability in Typo3 An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. | 6.5 |
| 2019-12-17 | CVE-2019-19848 | Path Traversal vulnerability in Typo3 An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. | 6.5 |
| 2019-11-05 | CVE-2010-3674 | Cross-site Scripting vulnerability in multiple products TYPO3 before 4.4.1 allows XSS in the frontend search box. | 4.3 |
| 2019-11-05 | CVE-2010-3672 | Cross-site Scripting vulnerability in Typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. | 4.3 |
| 2019-11-05 | CVE-2010-3671 | Session Fixation vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | 9.4 |
| 2019-11-05 | CVE-2010-3670 | Inadequate Encryption Strength vulnerability in Typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | 5.8 |
| 2019-11-04 | CVE-2010-3668 | Injection vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | 5.0 |
| 2019-11-04 | CVE-2010-3667 | Improper Input Validation vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. | 5.0 |