National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:typo3:typo3:7.6.5
There are 3 matching records.
Vuln ID Summary CVSS Severity

The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.

Published: April 08, 2018; 01:29:00 PM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

Published: September 11, 2017; 05:29:00 AM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

Published: January 23, 2017; 04:59:01 PM -05:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM