CVEDB API

Vulnerabilities

Vulnerable Software

Typo3: >> Typo3 >> 10.4.16 Security Vulnerabilities

CVE-2012-1073

Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.003

Published

2012-02-14

CVE-2012-1074

SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.004

Published

2012-02-14

CVE-2012-1075

SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.007

Published

2012-02-14

CVE-2012-1076

Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.005

Published

2012-02-14

CVE-2011-5079

Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."

CVSS Score

5.8

EPSS Score

0.004

Published

2012-02-14

CVE-2010-4961

SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.004

Published

2011-10-09

CVE-2010-4962

Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.

CVSS Score

7.5

EPSS Score

0.008

Published

2011-10-09

CVE-2010-4956

Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.005

Published

2011-10-09

CVE-2010-4957

SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.007

Published

2011-10-09

CVE-2010-4960

Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.005

Published

2011-10-09

Prev Next

Page 5

Vulnerabilities

Vulnerable Software

Typo3: >> Typo3 >> 10.4.16 Security Vulnerabilities

Products

Pricing

Contact Us