Search Results (492 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4634 2 Raphael Zschorsch, Typo3 2 Rzautocomplete, Typo3 2025-04-11 N/A
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4719 2 Lina Wolf, Typo3 2 Seo Pack For Tt News, Typo3 2025-04-11 N/A
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0286 1 Typo3 1 Typo3 2025-04-11 N/A
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication.
CVE-2013-4746 2 Kurt Gusbeth, Typo3 2 Myquizpoll, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4747 2 Kasper Skarhoj, Typo3 2 Accessible Is Browse Results, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4748 2 Georg Ringer, Typo3 2 News, Typo3 2025-04-11 N/A
SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4749 2 Typo3, Usertask Center Messaging Project 2 Typo3, Usertask Center Messaging 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5307 2 Kennziffer, Typo3 2 Ke Search, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5569 2 Heiko Sudar, Typo3 2 Slideshare, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5570 2 Axel Jung, Typo3 2 Js Css Optimizer, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7074 1 Typo3 1 Typo3 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
CVE-2013-7075 1 Typo3 1 Typo3 2025-04-11 N/A
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
CVE-2013-7076 1 Typo3 1 Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7079 1 Typo3 1 Typo3 2025-04-11 N/A
Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-7080 1 Typo3 1 Typo3 2025-04-11 N/A
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
CVE-2013-7081 1 Typo3 1 Typo3 2025-04-11 N/A
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.
CVE-2013-4745 2 Kurt Gusbeth, Typo3 2 Myquizpoll, Typo3 2025-04-11 N/A
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4721 2 3ds, Typo3 2 Push2rss 3ds, Typo3 2025-04-11 N/A
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4683 2 Christophe Balisky, Typo3 2 Meta Feedit, Typo3 2025-04-11 N/A
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4682 2 Bas Van Beek, Typo3 2 Multishop, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.