Vulnerabilities > Typo3 > Typo3

DATE CVE VULNERABILITY TITLE RISK
2019-11-05 CVE-2010-3670 Inadequate Encryption Strength vulnerability in Typo3
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
network
typo3 CWE-326
5.8
5.8
2019-11-04 CVE-2010-3669 Cross-site Scripting vulnerability in Typo3
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
network
typo3 CWE-79
4.9
4.9
2019-11-04 CVE-2010-3668 Injection vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
network
low complexity
typo3 CWE-74
5.0
5.0
2019-11-04 CVE-2010-3667 Improper Input Validation vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
network
low complexity
typo3 CWE-20
5.0
5.0
2019-11-04 CVE-2010-3666 Use of Insufficiently Random Values vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
network
low complexity
typo3 CWE-330
5.0
5.0
2019-11-04 CVE-2010-3665 Cross-site Scripting vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
network
typo3 CWE-79
3.5
3.5
2019-11-04 CVE-2010-3664 Information Exposure vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
network
low complexity
typo3 CWE-200
4.0
4.0
2019-11-04 CVE-2010-3663 Unrestricted Upload of File with Dangerous Type vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
network
low complexity
typo3 CWE-434
6.5
6.5
2019-11-04 CVE-2010-3662 SQL Injection vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
network
low complexity
typo3 CWE-89
6.5
6.5
2019-11-01 CVE-2010-3661 Open Redirect vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.
network
typo3 CWE-601
5.8
5.8