Vulnerabilities > Typo3 > WEC Discussion Forum

DATE CVE VULNERABILITY TITLE RISK
2009-02-16 CVE-2008-6145 SQL Injection vulnerability in Typo3 WEC Discussion Forum
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
2009-02-16 CVE-2008-6144 Cross-Site Scripting vulnerability in Typo3 WEC Discussion Forum
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029.
network
typo3 CWE-79
4.3
2008-07-07 CVE-2008-3043 Code Injection vulnerability in Typo3 WEC Discussion Forum 1.6.0/1.6.1
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."
network
low complexity
typo3 CWE-94
7.5
2008-07-07 CVE-2008-3029 Cross-Site Scripting vulnerability in Typo3 WEC Discussion Forum 1.6/1.6.0/1.6.1
Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3