Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:typo3:typo3:8.4.1
There are 233 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2010-1005

Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 19, 2010; 3:00:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1004

SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 3:00:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4711

SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.

Published: March 15, 2010; 5:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4710

SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 15, 2010; 5:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4709

SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 15, 2010; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4708

SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 15, 2010; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4707

Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 15, 2010; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4706

Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 15, 2010; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4705

Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 15, 2010; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-4704

Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

Published: March 15, 2010; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-4703

SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 15, 2010; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4702

SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 15, 2010; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-4701

SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 15, 2010; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0798

SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 02, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0797

Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 02, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0350

Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.

Published: January 15, 2010; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0347

Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 15, 2010; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0346

Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 15, 2010; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0345

Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 15, 2010; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0344

SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: January 15, 2010; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH