Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-36793
The routes (aka Extbase Yaml Routes) extension prior to 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
Routes Project Routes
7.5
CVSSv2
CVE-2021-38302
The Newsletter extension up to and including 4.0.0 for TYPO3 allows SQL Injection.
Newsletter Project Newsletter
5
CVSSv2
CVE-2021-38623
The deferred_image_processing (aka Deferred image processing) extension prior to 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.
Deferred Image Processing Project Deferred Image Processing
5
CVSSv2
CVE-2021-36786
The miniorange_saml (aka Miniorange Saml) extension prior to 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
Miniorange Saml
3.5
CVSSv2
CVE-2021-36788
The yoast_seo (aka Yoast SEO) extension prior to 7.2.3 for TYPO3 allows XSS.
Yoast Yoast Seo
5
CVSSv2
CVE-2021-36791
The dated_news (aka Dated News) extension up to and including 5.1.1 for TYPO3 allows Information Disclosure of application registration data.
Dated News Project Dated News
3.5
CVSSv2
CVE-2021-36787
The femanager extension prior to 5.5.1 and 6.x prior to 6.3.1 for TYPO3 allows XSS via a crafted SVG document.
In2code Femanager
7.5
CVSSv2
CVE-2021-36789
The dated_news (aka Dated News) extension up to and including 5.1.1 for TYPO3 allows SQL Injection.
Dated News Project Dated News
6.4
CVSSv2
CVE-2021-36792
The dated_news (aka Dated News) extension up to and including 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
Dated News Project Dated News
4.3
CVSSv2
CVE-2021-32768
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting...
Typo3 Typo3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »