Vulnerabilities > Typo3 > Typo3 > 6.2.15

DATE CVE VULNERABILITY TITLE RISK
2016-01-08 CVE-2015-8760 Improper Input Validation vulnerability in Typo3
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
network
typo3 CWE-20
4.3
4.3
2016-01-08 CVE-2015-8759 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
network
typo3 CWE-79
3.5
3.5
2016-01-08 CVE-2015-8758 Cross-site Scripting vulnerability in Typo3
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
network
typo3 CWE-79
3.5
3.5
2016-01-08 CVE-2015-8757 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.
network
typo3 CWE-79
4.3
4.3
2016-01-08 CVE-2015-8756 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
3.5
3.5
2016-01-08 CVE-2015-8755 Cross-site Scripting vulnerability in Typo3
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
network
typo3 CWE-79
3.5
3.5