National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:typo3:typo3:8.7.4
There are 225 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-12748

TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.

Published: July 09, 2019; 11:15:10 AM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-12747

TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.

Published: July 09, 2019; 11:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-11832

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.

Published: May 09, 2019; 01:29:01 AM -04:00
V3.0: 7.5 HIGH
    V2: 9.3 HIGH
CVE-2018-6905

The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.

Published: April 08, 2018; 01:29:00 PM -04:00
V3.0: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2017-14251

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

Published: September 11, 2017; 05:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2012-1087

Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-1086

Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-1085

Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 5.0 MEDIUM
CVE-2012-1084

Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-1083

Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 6.8 MEDIUM
CVE-2012-1082

Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 3.5 LOW
CVE-2012-1081

Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-1080

Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-1079

Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 6.5 MEDIUM
CVE-2012-1078

The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory."

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 5.0 MEDIUM
CVE-2012-1077

SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: February 14, 2012; 12:55:03 PM -05:00
    V2: 7.5 HIGH
CVE-2012-1076

Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 14, 2012; 12:55:02 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-1075

SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: February 14, 2012; 12:55:02 PM -05:00
    V2: 7.5 HIGH
CVE-2012-1074

SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: February 14, 2012; 12:55:02 PM -05:00
    V2: 7.5 HIGH
CVE-2012-1073

Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 14, 2012; 12:55:02 PM -05:00
    V2: 4.3 MEDIUM