Vulnerabilities > Typo3 > Typo3 > 9.0.3

DATE CVE VULNERABILITY TITLE RISK
2020-05-14 CVE-2020-11066 Unspecified vulnerability in Typo3
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server.
network
low complexity
typo3
critical
 10.0
10
2019-07-09 CVE-2019-12748 Cross-site Scripting vulnerability in Typo3
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.
network
low complexity
typo3 CWE-79
6.1
6.1
2019-07-09 CVE-2019-12747 Deserialization of Untrusted Data vulnerability in Typo3
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
network
low complexity
typo3 CWE-502
8.8
8.8