Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 7.0.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44543
The femanager extension prior to 5.5.2, 6.x prior to 6.3.3, and 7.x prior to 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandle...
In2code Femanager 7.0.0
In2code Femanager
4.3
CVSSv2
CVE-2020-8091
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
Typo3 Typo3
4.3
CVSSv2
CVE-2017-5963
An issue exists in caddy (for TYPO3) prior to 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php"...
Caddy Project Caddy 2.1.4
Caddy Project Caddy 4.0.1
Caddy Project Caddy 4.0.3
Caddy Project Caddy 6.0.1
Caddy Project Caddy 6.1.0
Caddy Project Caddy 6.3.0
Caddy Project Caddy 6.0.2
Caddy Project Caddy 6.0.9
Caddy Project Caddy 6.0.12
Caddy Project Caddy 6.0.14
Caddy Project Caddy 2.1.5
Caddy Project Caddy 2.1.6
Caddy Project Caddy 3.0.0
Caddy Project Caddy 4.0.0
Caddy Project Caddy 6.3.3
Caddy Project Caddy 7.0.0
Caddy Project Caddy 7.1.0
Caddy Project Caddy 7.2.7
Caddy Project Caddy 4.0.2
Caddy Project Caddy 4.0.12
Caddy Project Caddy 6.2.1
Caddy Project Caddy 6.3.1
6.8
CVSSv2
CVE-2016-5091
Extbase in TYPO3 4.3.0 prior to 6.2.24, 7.x prior to 7.6.8, and 8.1.1 allows remote malicious users to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
Typo3 Typo3 7.6.1
Typo3 Typo3 7.6.2
Typo3 Typo3 7.6.3
Typo3 Typo3 7.6.4
Typo3 Typo3 7.3.1
Typo3 Typo3 7.5.0
Typo3 Typo3 7.6.6
Typo3 Typo3 7.6.8
Typo3 Typo3 7.0.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.1.0
Typo3 Typo3 7.2.0
Typo3 Typo3 7.3.0
Typo3 Typo3
Typo3 Typo3 8.1.1
Typo3 Typo3 7.4.0
Typo3 Typo3 7.6.0
Typo3 Typo3 7.6.5
Typo3 Typo3 7.6.7
3.5
CVSSv2
CVE-2015-8755
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
Typo3 Typo3 7.6.1
Typo3 Typo3 7.6.0
Typo3 Typo3 7.5.0
Typo3 Typo3 6.2.10
Typo3 Typo3 6.2.9
Typo3 Typo3 6.2.8
Typo3 Typo3 6.2.0
Typo3 Typo3 7.1.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.0.0
Typo3 Typo3 6.2.15
Typo3 Typo3 6.2.2
Typo3 Typo3 6.2.1
Typo3 Typo3 7.3.1
Typo3 Typo3 7.2.0
Typo3 Typo3 6.2.14
Typo3 Typo3 6.2.12
Typo3 Typo3 6.2.6
Typo3 Typo3 6.2.4
Typo3 Typo3 7.4.0
Typo3 Typo3 7.3.0
Typo3 Typo3 6.2.13
3.5
CVSSv2
CVE-2015-8759
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
Typo3 Typo3 7.1.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.0.0
Typo3 Typo3 6.2.9
Typo3 Typo3 6.2.10
Typo3 Typo3 6.2.1
Typo3 Typo3 6.2.0
Typo3 Typo3 7.6.1
Typo3 Typo3 7.6.0
Typo3 Typo3 7.5.0
Typo3 Typo3 6.2.4
Typo3 Typo3 6.2.3
Typo3 Typo3 6.2.2
Typo3 Typo3 6.2.15
Typo3 Typo3 6.2.14
Typo3 Typo3 7.4.0
Typo3 Typo3 7.3.0
Typo3 Typo3 6.2.7
Typo3 Typo3 6.2.5
Typo3 Typo3 6.2.12
Typo3 Typo3 7.3.1
Typo3 Typo3 7.2.0
4.3
CVSSv2
CVE-2015-8757
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.
Typo3 Typo3 6.2.9
Typo3 Typo3 6.2.8
Typo3 Typo3 6.2.1
Typo3 Typo3 6.2.0
Typo3 Typo3 6.2.7
Typo3 Typo3 6.2.5
Typo3 Typo3 6.2.3
Typo3 Typo3 6.2.12
Typo3 Typo3 6.2.10
Typo3 Typo3 7.6.0
Typo3 Typo3 7.4.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.0.0
Typo3 Typo3 6.2.6
Typo3 Typo3 6.2.4
Typo3 Typo3 6.2.11
Typo3 Typo3 7.6.1
Typo3 Typo3 7.5.0
Typo3 Typo3 7.0.1
Typo3 Typo3 7.3.1
Typo3 Typo3 7.3.0
Typo3 Typo3 7.2.0
3.5
CVSSv2
CVE-2015-8758
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
Typo3 Typo3 6.2.9
Typo3 Typo3 6.2.10
Typo3 Typo3 6.2.1
Typo3 Typo3 6.2.0
Typo3 Typo3 7.5.0
Typo3 Typo3 7.4.0
Typo3 Typo3 7.3.1
Typo3 Typo3 7.3.0
Typo3 Typo3 6.2.4
Typo3 Typo3 6.2.3
Typo3 Typo3 6.2.2
Typo3 Typo3 6.2.15
Typo3 Typo3 6.2.7
Typo3 Typo3 6.2.5
Typo3 Typo3 6.2.14
Typo3 Typo3 6.2.12
Typo3 Typo3 7.6.0
Typo3 Typo3 7.2.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.0.0
Typo3 Typo3 6.2.8
Typo3 Typo3 6.2.6
3.5
CVSSv2
CVE-2015-5956
The sanitizeLocalUrl function in TYPO3 6.x prior to 6.2.15, 7.x prior to 7.4.0, 4.5.40, and previous versions allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) return...
Typo3 Typo3 6.0.12
Typo3 Typo3 6.0.13
Typo3 Typo3 6.0.14
Typo3 Typo3 6.0.8
Typo3 Typo3 6.0.9
Typo3 Typo3 6.1.6
Typo3 Typo3 6.1.7
Typo3 Typo3 6.2.2
Typo3 Typo3 6.2.3
Typo3 Typo3 6.2.10
Typo3 Typo3 6.2.11
Typo3 Typo3 7.0.0
Typo3 Typo3
Typo3 Typo3 6.0
Typo3 Typo3 6.0.1
Typo3 Typo3 6.0.4
Typo3 Typo3 6.0.5
Typo3 Typo3 6.1.2
Typo3 Typo3 6.1.3
Typo3 Typo3 6.2
Typo3 Typo3 6.2.0
Typo3 Typo3 6.2.6
6
CVSSv2
CVE-2015-2803
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension prior to 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.
Akronymmanager Project Akronymmanager
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »