Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35783
The ke_search (aka Faceted Search) extension prior to 4.0.3, 4.1.x up to and including 4.6.x prior to 4.6.6, and 5.x prior to 5.0.2 for TYPO3 allows XSS via indexed data.
Faceted Search Project Faceted Search
NA
CVE-2016-15032
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR']...
Mh Httpbl Project Mh Httpbl
NA
CVE-2015-10106
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initi...
Mh Httpbl Project Mh Httpbl
NA
CVE-2023-26091
The frp_form_answers (aka Forms Export) extension prior to 3.1.2, and 4.x prior to 4.0.2, for TYPO3 allows XSS via saved emails.
Frappant Forms Export
NA
CVE-2023-24814
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows malicious users to in...
Typo3 Typo3
NA
CVE-2023-25013
An issue exists in the femanager extension prior to 5.5.3, 6.x prior to 6.3.4, and 7.x prior to 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.
In2code Femanager
NA
CVE-2023-25014
An issue exists in the femanager extension prior to 5.5.3, 6.x prior to 6.3.4, and 7.x prior to 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.
In2code Femanager
NA
CVE-2016-15017
A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is a...
Ecodev Media Upload
NA
CVE-2019-25094
A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to ...
Innologi Appointment Scheduler
NA
CVE-2022-47406
An issue exists in the fe_change_pwd (aka Change password for frontend users) extension prior to 2.0.5, and 3.x prior to 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
Change Password For Frontend Users Project Change Password For Frontend Users
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »