National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:typo3:typo3:7.6.0
There are 7 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-6905

The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.

Published: April 08, 2018; 01:29:00 PM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2017-14251

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

Published: September 11, 2017; 05:29:00 AM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2016-5091

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

Published: January 23, 2017; 04:59:01 PM -05:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2015-8759

Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.

Published: January 08, 2016; 02:59:25 PM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2015-8758

Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

Published: January 08, 2016; 02:59:24 PM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2015-8757

Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.

Published: January 08, 2016; 02:59:23 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2015-8755

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

Published: January 08, 2016; 02:59:21 PM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW