Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-28917
An issue exists in the view_statistics (aka View frontend statistics) extension prior to 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if e...
View Frontend Statistics Project View Frontend Statistics
6.5
CVSSv3
CVE-2011-4900
TYPO3 prior to 4.5.4 allows Information Disclosure in the backend.
Typo3 Typo3
Debian Debian Linux 5.0
Debian Debian Linux 6.0
6.5
CVSSv3
CVE-2011-4904
TYPO3 prior to 4.4.9 and 4.5.x prior to 4.5.4 does not apply proper access control on ExtDirect calls which allows remote malicious users to retrieve ExtDirect endpoint services.
Typo3 Typo3
6.5
CVSSv3
CVE-2011-4627
TYPO3 prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4 allows Information Disclosure on the backend.
Typo3 Typo3
6.5
CVSSv3
CVE-2011-4901
TYPO3 prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4 allows remote malicious users to extract arbitrary information from the TYPO3 database.
Typo3 Typo3
6.5
CVSSv3
CVE-2011-4902
TYPO3 prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4 allows remote malicious users to delete arbitrary files on the webserver.
Typo3 Typo3
6.5
CVSSv3
CVE-2010-3671
TYPO3 prior to 4.1.14, 4.2.x prior to 4.2.13, 4.3.x prior to 4.3.4 and 4.4.x prior to 4.4.1 is open to a session fixation attack which allows remote malicious users to hijack a victim's session.
Typo3 Typo3
6.5
CVSSv3
CVE-2010-3664
TYPO3 prior to 4.1.14, 4.2.x prior to 4.2.13, 4.3.x prior to 4.3.4 and 4.4.x prior to 4.4.1 allows Information Disclosure on the backend.
Typo3 Typo3
6.4
CVSSv3
CVE-2021-31779
The yoast_seo (aka Yoast SEO) extension prior to 7.2.1 for TYPO3 allows SSRF via a backend user account.
6.1
CVSSv3
CVE-2023-28604
The fluid_components (aka Fluid Components) extension prior to 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases.
Sitegeist Fluid Components
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »