Vulnerabilities > Typo3 > Typo3 > 4.1.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-04 | CVE-2010-3666 | Use of Insufficiently Random Values vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | 5.0 |
| 2019-11-04 | CVE-2010-3665 | Cross-site Scripting vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | 3.5 |
| 2019-11-04 | CVE-2010-3664 | Information Exposure vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | 4.0 |
| 2019-11-04 | CVE-2010-3663 | Unrestricted Upload of File with Dangerous Type vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | 6.5 |
| 2019-11-04 | CVE-2010-3662 | SQL Injection vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | 6.5 |
| 2019-11-01 | CVE-2010-3661 | Open Redirect vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | 5.8 |
| 2019-11-01 | CVE-2010-3660 | Cross-site Scripting vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | 3.5 |
| 2018-04-08 | CVE-2018-6905 | Cross-site Scripting vulnerability in Typo3 The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | 3.5 |
| 2017-10-20 | CVE-2010-3659 | Cross-site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms. | 3.5 |
| 2017-01-23 | CVE-2016-5091 | 7PK - Security Features vulnerability in Typo3 Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. | 6.8 |