Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:typo3:typo3:12.4.4:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-47127 |
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. Published: November 14, 2023; 3:15:08 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-47126 |
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. Published: November 14, 2023; 3:15:08 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-47125 |
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. Published: November 14, 2023; 3:15:07 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2012-1087 |
Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1086 |
Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1085 |
Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-1084 |
Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1083 |
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-1082 |
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-1081 |
Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1080 |
Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1079 |
Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2012-1078 |
The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-1077 |
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: February 14, 2012; 12:55:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-1076 |
Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 14, 2012; 12:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1075 |
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: February 14, 2012; 12:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-1074 |
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: February 14, 2012; 12:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-1073 |
Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 14, 2012; 12:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1072 |
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: February 14, 2012; 12:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-1071 |
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012. Published: February 14, 2012; 12:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |