Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Typo3
(Typo3)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 181 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-11-04 | CVE-2010-3666 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | Typo3 | N/A | ||
2019-11-04 | CVE-2010-3665 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | Typo3 | N/A | ||
2019-11-04 | CVE-2010-3664 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | Typo3 | N/A | ||
2019-11-04 | CVE-2010-3663 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | Typo3 | N/A | ||
2019-11-04 | CVE-2010-3662 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | Typo3 | N/A | ||
2019-11-01 | CVE-2010-3660 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | Typo3 | N/A | ||
2019-11-01 | CVE-2010-3661 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | Typo3 | N/A | ||
2017-03-17 | CVE-2017-6370 | TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. | Typo3 | 5.3 | ||
2019-05-09 | CVE-2019-11832 | TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. | Typo3 | 7.5 | ||
2018-04-08 | CVE-2018-6905 | The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | Typo3 | 4.8 |