Vulnerabilities > Typo3 > Typo3

DATE CVE VULNERABILITY TITLE RISK
2008-12-17 CVE-2008-5656 Cross-Site Scripting vulnerability in Typo3 4.2.0/4.2.1/4.2.2
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
network
typo3 CWE-79
4.3
4.3
2008-12-17 CVE-2008-5644 Cross-Site Scripting vulnerability in Typo3 4.2.2
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
network
typo3 CWE-79
4.3
4.3
2008-12-17 CVE-2008-5609 SQL Injection vulnerability in Typo3 Commerce Extension
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
7.5
2008-11-14 CVE-2008-5096 Information Exposure vulnerability in Typo3 File List Extension
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
network
low complexity
typo3 CWE-200
5.0
5.0
2008-11-14 CVE-2008-5087 SQL Injection vulnerability in Typo3 Another Backend Login 0.0.1/0.0.2
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
7.5
2008-10-22 CVE-2008-4661 Cross-Site Scripting vulnerability in Typo3 Page Improvements
Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-10-22 CVE-2008-4660 SQL Injection vulnerability in Typo3 M1 Intern 1.0.0
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
7.5
2008-10-22 CVE-2008-4659 SQL Injection vulnerability in Typo3 Mannschaftsliste
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
7.5
2008-10-22 CVE-2008-4658 SQL Injection vulnerability in Typo3 Jobcontrol
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
7.5
2008-10-22 CVE-2008-4657 SQL Injection vulnerability in Typo3 Econda Plugin 0.0.1
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
7.5