Vulnerabilities > Typo3 > Typo3 > 4.2.12

DATE CVE VULNERABILITY TITLE RISK
2019-11-04 CVE-2010-3668 Injection vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
network
low complexity
typo3 CWE-74
5.0
5.0
2019-11-04 CVE-2010-3667 Improper Input Validation vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
network
low complexity
typo3 CWE-20
5.0
5.0
2019-11-04 CVE-2010-3666 Use of Insufficiently Random Values vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
network
low complexity
typo3 CWE-330
5.0
5.0
2019-11-04 CVE-2010-3665 Cross-site Scripting vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
network
typo3 CWE-79
3.5
3.5
2019-11-04 CVE-2010-3664 Information Exposure vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
network
low complexity
typo3 CWE-200
4.0
4.0
2019-11-04 CVE-2010-3663 Unrestricted Upload of File with Dangerous Type vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
network
low complexity
typo3 CWE-434
6.5
6.5
2019-11-04 CVE-2010-3662 SQL Injection vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
network
low complexity
typo3 CWE-89
6.5
6.5
2019-11-01 CVE-2010-3661 Open Redirect vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.
network
typo3 CWE-601
5.8
5.8
2019-11-01 CVE-2010-3660 Cross-site Scripting vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
network
typo3 CWE-79
3.5
3.5
2018-04-08 CVE-2018-6905 Cross-site Scripting vulnerability in Typo3
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
network
typo3 CWE-79
3.5
3.5