Vulnerabilities > Typo3 > Typo3 > 4.5.8

DATE CVE VULNERABILITY TITLE RISK
2012-09-05 CVE-2012-3530 Unspecified vulnerability in Typo3
Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.
network
typo3
4.3
4.3
2012-09-05 CVE-2012-3529 Information Exposure vulnerability in Typo3
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.
network
typo3 CWE-200
3.5
3.5
2012-09-05 CVE-2012-3528 Cross-Site Scripting vulnerability in Typo3
Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
3.5
3.5
2012-09-04 CVE-2012-1608 Improper Input Validation vulnerability in Typo3
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
network
low complexity
typo3 CWE-20
5.0
5.0
2012-09-04 CVE-2012-1607 Information Exposure vulnerability in Typo3
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
network
low complexity
typo3 CWE-200
5.0
5.0
2012-09-04 CVE-2012-1606 Cross-Site Scripting vulnerability in Typo3
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
3.5
3.5
2012-08-27 CVE-2012-2112 Cross-Site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.
network
typo3 CWE-79
4.3
4.3
2012-02-18 CVE-2011-4614 Code Injection vulnerability in Typo3
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
network
typo3 CWE-94
6.8
6.8