Search Results (492 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5795 1 Typo3 2 Eluna Page Comments Extension, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6692 2 Fr.simon Rundell, Typo3 2 Pd Trainingcourses, Typo3 2026-04-23 N/A
SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4399 2 Fr.simon Rundell, Typo3 2 Hs Religiousartgallery, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4393 2 Daniel Ptzinger, Typo3 2 Danp Documentdirs, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4400 2 Fr.simon Rundell, Typo3 2 Ste Parish Admin, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4658 1 Typo3 2 Jobcontrol, Typo3 2026-04-23 N/A
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4401 2 Fr.simon Rundell, Typo3 2 Ste Parish Admin, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4390 2 Jochen Rieger, Typo3 2 Car, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4394 2 Fr.simon Rundell, Typo3 2 Ste Prayer2, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5798 1 Typo3 2 Cms Poll System Extension, Typo3 2026-04-23 N/A
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-6381 1 Typo3 1 Typo3 2026-04-23 N/A
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4398 2 Fr.simon Rundell, Typo3 2 Hs Religiousartgallery, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-0815 1 Typo3 1 Typo3 2026-04-23 N/A
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
CVE-2009-4392 1 Typo3 2 Typo3, Xds Staff 2026-04-23 N/A
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-1081 1 Typo3 1 Typo3 2026-04-23 N/A
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
CVE-2008-4656 1 Typo3 2 Frontend Users View, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-0816 1 Typo3 1 Typo3 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
CVE-2010-0350 2 Arco Van Geest, Typo3 2 Goof Fotoboek, Typo3 2026-04-23 N/A
Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.
CVE-2009-4397 2 Fr.simon Rundell, Typo3 2 Pd Resources, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0323 2 Arco Van Geest, Typo3 2 Goof Fotoboek, Typo3 2026-04-23 N/A
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.