Vulnerabilities > Typo3 > Typo3 > 4.1.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-14 | CVE-2022-23501 | Improper Authentication vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 6.5 |
| 2021-04-27 | CVE-2021-21365 | Cross-site Scripting vulnerability in Typo3 Bootstrap Package is a theme for TYPO3. | 3.5 |
| 2019-12-17 | CVE-2019-19849 | Deserialization of Untrusted Data vulnerability in Typo3 An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. | 6.5 |
| 2019-12-17 | CVE-2019-19848 | Path Traversal vulnerability in Typo3 An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. | 6.5 |
| 2019-11-05 | CVE-2010-3674 | Cross-site Scripting vulnerability in multiple products TYPO3 before 4.4.1 allows XSS in the frontend search box. | 4.3 |
| 2019-11-05 | CVE-2010-3672 | Cross-site Scripting vulnerability in Typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. | 4.3 |
| 2019-11-05 | CVE-2010-3670 | Inadequate Encryption Strength vulnerability in Typo3 TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | 5.8 |
| 2018-04-08 | CVE-2018-6905 | Cross-site Scripting vulnerability in Typo3 The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | 3.5 |
| 2017-01-23 | CVE-2016-5091 | 7PK - Security Features vulnerability in Typo3 Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. | 6.8 |
| 2015-09-16 | CVE-2015-5956 | Cross-site Scripting vulnerability in Typo3 The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. | 3.5 |