Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 7.1.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25013
An issue exists in the femanager extension prior to 5.5.3, 6.x prior to 6.3.4, and 7.x prior to 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.
In2code Femanager
NA
CVE-2023-25014
An issue exists in the femanager extension prior to 5.5.3, 6.x prior to 6.3.4, and 7.x prior to 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.
In2code Femanager
4.3
CVSSv2
CVE-2020-8091
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
Typo3 Typo3
4.3
CVSSv2
CVE-2017-5963
An issue exists in caddy (for TYPO3) prior to 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php"...
Caddy Project Caddy 2.1.4
Caddy Project Caddy 4.0.1
Caddy Project Caddy 4.0.3
Caddy Project Caddy 6.0.1
Caddy Project Caddy 6.1.0
Caddy Project Caddy 6.3.0
Caddy Project Caddy 6.0.2
Caddy Project Caddy 6.0.9
Caddy Project Caddy 6.0.12
Caddy Project Caddy 6.0.14
Caddy Project Caddy 2.1.5
Caddy Project Caddy 2.1.6
Caddy Project Caddy 3.0.0
Caddy Project Caddy 4.0.0
Caddy Project Caddy 6.3.3
Caddy Project Caddy 7.0.0
Caddy Project Caddy 7.1.0
Caddy Project Caddy 7.2.7
Caddy Project Caddy 4.0.2
Caddy Project Caddy 4.0.12
Caddy Project Caddy 6.2.1
Caddy Project Caddy 6.3.1
6.8
CVSSv2
CVE-2016-5091
Extbase in TYPO3 4.3.0 prior to 6.2.24, 7.x prior to 7.6.8, and 8.1.1 allows remote malicious users to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
Typo3 Typo3 7.6.1
Typo3 Typo3 7.6.2
Typo3 Typo3 7.6.3
Typo3 Typo3 7.6.4
Typo3 Typo3 7.3.1
Typo3 Typo3 7.5.0
Typo3 Typo3 7.6.6
Typo3 Typo3 7.6.8
Typo3 Typo3 7.0.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.1.0
Typo3 Typo3 7.2.0
Typo3 Typo3 7.3.0
Typo3 Typo3
Typo3 Typo3 8.1.1
Typo3 Typo3 7.4.0
Typo3 Typo3 7.6.0
Typo3 Typo3 7.6.5
Typo3 Typo3 7.6.7
3.5
CVSSv2
CVE-2015-8759
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
Typo3 Typo3 7.1.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.0.0
Typo3 Typo3 6.2.9
Typo3 Typo3 6.2.10
Typo3 Typo3 6.2.1
Typo3 Typo3 6.2.0
Typo3 Typo3 7.6.1
Typo3 Typo3 7.6.0
Typo3 Typo3 7.5.0
Typo3 Typo3 6.2.4
Typo3 Typo3 6.2.3
Typo3 Typo3 6.2.2
Typo3 Typo3 6.2.15
Typo3 Typo3 6.2.14
Typo3 Typo3 7.4.0
Typo3 Typo3 7.3.0
Typo3 Typo3 6.2.7
Typo3 Typo3 6.2.5
Typo3 Typo3 6.2.12
Typo3 Typo3 7.3.1
Typo3 Typo3 7.2.0
3.5
CVSSv2
CVE-2015-8755
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
Typo3 Typo3 7.6.1
Typo3 Typo3 7.6.0
Typo3 Typo3 7.5.0
Typo3 Typo3 6.2.10
Typo3 Typo3 6.2.9
Typo3 Typo3 6.2.8
Typo3 Typo3 6.2.0
Typo3 Typo3 7.1.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.0.0
Typo3 Typo3 6.2.15
Typo3 Typo3 6.2.2
Typo3 Typo3 6.2.1
Typo3 Typo3 7.3.1
Typo3 Typo3 7.2.0
Typo3 Typo3 6.2.14
Typo3 Typo3 6.2.12
Typo3 Typo3 6.2.6
Typo3 Typo3 6.2.4
Typo3 Typo3 7.4.0
Typo3 Typo3 7.3.0
Typo3 Typo3 6.2.13
4.3
CVSSv2
CVE-2015-8757
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.
Typo3 Typo3 6.2.9
Typo3 Typo3 6.2.8
Typo3 Typo3 6.2.1
Typo3 Typo3 6.2.0
Typo3 Typo3 6.2.7
Typo3 Typo3 6.2.5
Typo3 Typo3 6.2.3
Typo3 Typo3 6.2.12
Typo3 Typo3 6.2.10
Typo3 Typo3 7.6.0
Typo3 Typo3 7.4.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.0.0
Typo3 Typo3 6.2.6
Typo3 Typo3 6.2.4
Typo3 Typo3 6.2.11
Typo3 Typo3 7.6.1
Typo3 Typo3 7.5.0
Typo3 Typo3 7.0.1
Typo3 Typo3 7.3.1
Typo3 Typo3 7.3.0
Typo3 Typo3 7.2.0
3.5
CVSSv2
CVE-2015-8758
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
Typo3 Typo3 6.2.9
Typo3 Typo3 6.2.10
Typo3 Typo3 6.2.1
Typo3 Typo3 6.2.0
Typo3 Typo3 7.5.0
Typo3 Typo3 7.4.0
Typo3 Typo3 7.3.1
Typo3 Typo3 7.3.0
Typo3 Typo3 6.2.4
Typo3 Typo3 6.2.3
Typo3 Typo3 6.2.2
Typo3 Typo3 6.2.15
Typo3 Typo3 6.2.7
Typo3 Typo3 6.2.5
Typo3 Typo3 6.2.14
Typo3 Typo3 6.2.12
Typo3 Typo3 7.6.0
Typo3 Typo3 7.2.0
Typo3 Typo3 7.0.2
Typo3 Typo3 7.0.0
Typo3 Typo3 6.2.8
Typo3 Typo3 6.2.6
3.5
CVSSv2
CVE-2015-5956
The sanitizeLocalUrl function in TYPO3 6.x prior to 6.2.15, 7.x prior to 7.4.0, 4.5.40, and previous versions allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) return...
Typo3 Typo3 6.0.12
Typo3 Typo3 6.0.13
Typo3 Typo3 6.0.14
Typo3 Typo3 6.0.8
Typo3 Typo3 6.0.9
Typo3 Typo3 6.1.6
Typo3 Typo3 6.1.7
Typo3 Typo3 6.2.2
Typo3 Typo3 6.2.3
Typo3 Typo3 6.2.10
Typo3 Typo3 6.2.11
Typo3 Typo3 7.0.0
Typo3 Typo3
Typo3 Typo3 6.0
Typo3 Typo3 6.0.1
Typo3 Typo3 6.0.4
Typo3 Typo3 6.0.5
Typo3 Typo3 6.1.2
Typo3 Typo3 6.1.3
Typo3 Typo3 6.2
Typo3 Typo3 6.2.0
Typo3 Typo3 6.2.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started