Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Typo3
(Typo3)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 186 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-06 | CVE-2011-4629 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | Typo3 | N/A | ||
| 2019-11-05 | CVE-2010-3671 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | Typo3 | N/A | ||
| 2019-11-05 | CVE-2010-3670 | TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | Typo3 | N/A | ||
| 2019-11-06 | CVE-2011-4904 | TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | Typo3 | N/A | ||
| 2019-11-06 | CVE-2011-4903 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. | Typo3 | N/A | ||
| 2019-11-06 | CVE-2011-4902 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | Typo3 | N/A | ||
| 2019-11-06 | CVE-2011-4901 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | Typo3 | N/A | ||
| 2019-11-06 | CVE-2011-4900 | TYPO3 before 4.5.4 allows Information Disclosure in the backend. | Debian_linux, Typo3 | N/A | ||
| 2019-11-06 | CVE-2011-4632 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | Typo3 | N/A | ||
| 2019-11-06 | CVE-2011-4628 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | Typo3 | N/A |