National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 5 matching records.
Vuln ID Summary CVSS Severity
CVE-2019-12748

TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.

Published: July 09, 2019; 11:15:10 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-12747

TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.

Published: July 09, 2019; 11:15:10 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-11832

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.

Published: May 09, 2019; 01:29:01 AM -04:00
V3: 7.5 HIGH
V2: 9.3 HIGH
CVE-2018-6905

The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.

Published: April 08, 2018; 01:29:00 PM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2017-14251

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

Published: September 11, 2017; 05:29:00 AM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM