Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

typo3 vulnerabilities and exploits

(subscribe to this query)
4
CVSSv2

CVE-2014-3945

The Authentication component in TYPO3 prior to 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote malicious users to bypass authentication and gain access to the backend by le...
Typo3 Typo3Typo3 Typo3 4.0Typo3 Typo3 4.0.0Typo3 Typo3 4.0.1Typo3 Typo3 4.0.2Typo3 Typo3 4.0.3Typo3 Typo3 4.0.4Typo3 Typo3 4.0.5Typo3 Typo3 4.0.6Typo3 Typo3 4.0.7Typo3 Typo3 4.0.8Typo3 Typo3 4.0.9
4.3
CVSSv2

CVE-2014-9508

The frontend rendering component in TYPO3 4.5.x prior to 4.5.39, 4.6.x up to and including 6.2.x prior to 6.2.9, and 7.x prior to 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote malicious users to change URLs t...
Typo3 Typo3 4.5.0Typo3 Typo3 4.5.1Typo3 Typo3 4.5.2Typo3 Typo3 4.5.3Typo3 Typo3 4.5.4Typo3 Typo3 4.5.5Typo3 Typo3 4.5.6Typo3 Typo3 4.5.7Typo3 Typo3 4.5.8Typo3 Typo3 4.5.9Typo3 Typo3 4.5.10Typo3 Typo3 4.5.11
7.5
CVSSv2

CVE-2014-9509

The frontend rendering component in TYPO3 4.5.x prior to 4.5.39, 4.6.x up to and including 6.2.x prior to 6.2.9, and 7.x prior to 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote malicious users to have an unspecified impact (possibly resource consumpt...
Typo3 Typo3 4.5.0Typo3 Typo3 4.5.1Typo3 Typo3 4.5.2Typo3 Typo3 4.5.3Typo3 Typo3 4.5.4Typo3 Typo3 4.5.5Typo3 Typo3 4.5.6Typo3 Typo3 4.5.7Typo3 Typo3 4.5.8Typo3 Typo3 4.5.9Typo3 Typo3 4.5.10Typo3 Typo3 4.5.11
5.8
CVSSv2

CVE-2013-7080

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 up to and including 4.5.31, 4.7.0 up to and including 4.7.16, and 6.0.0 up to and including 6.0.11 allows remote malicious users to write to arbitrary fields in the co...
Typo3 Typo3 6.0Typo3 Typo3 6.0.1Typo3 Typo3 6.0.2Typo3 Typo3 6.0.3Typo3 Typo3 6.0.4Typo3 Typo3 6.0.5Typo3 Typo3 6.0.6Typo3 Typo3 6.0.7Typo3 Typo3 6.0.8Typo3 Typo3 6.0.9Typo3 Typo3 6.0.10Typo3 Typo3 6.0.11
6
CVSSv2

CVE-2014-3942

The Color Picker Wizard component in TYPO3 4.5.0 prior to 4.5.34, 4.7.0 prior to 4.7.19, 6.0.0 prior to 6.0.14, and 6.1.0 prior to 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
Typo3 Typo3 6.1Typo3 Typo3 6.1.1Typo3 Typo3 6.1.2Typo3 Typo3 6.1.3Typo3 Typo3 6.1.4Typo3 Typo3 6.1.5Typo3 Typo3 6.1.6Typo3 Typo3 6.1.7Typo3 Typo3 6.1.8Typo3 Typo3 4.7.0Typo3 Typo3 4.7.1Typo3 Typo3 4.7.2
2.6
CVSSv2

CVE-2015-2047

The rsaauth extension in TYPO3 4.3.0 up to and including 4.3.14, 4.4.0 up to and including 4.4.15, 4.5.0 up to and including 4.5.39, and 4.6.0 up to and including 4.6.18, when configured for the frontend, allows remote malicious users to bypass authentication via a password that ...
Typo3 Typo3 4.3.0Typo3 Typo3 4.3.1Typo3 Typo3 4.3.2Typo3 Typo3 4.3.3Typo3 Typo3 4.3.4Typo3 Typo3 4.3.5Typo3 Typo3 4.3.6Typo3 Typo3 4.3.7Typo3 Typo3 4.3.8Typo3 Typo3 4.3.9Typo3 Typo3 4.3.10Typo3 Typo3 4.3.11
2.6
CVSSv2

CVE-2013-7078

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 up to and including 4.5.31, 4.7.0 up to and including 4.7.16, 6.0.0 up to and including 6.0.11, and 6.1.0 up to and including 6.1.6, when ...
Typo3 Typo3 6.0Typo3 Typo3 6.0.1Typo3 Typo3 6.0.2Typo3 Typo3 6.0.3Typo3 Typo3 6.0.4Typo3 Typo3 6.0.5Typo3 Typo3 6.0.6Typo3 Typo3 6.0.7Typo3 Typo3 6.0.8Typo3 Typo3 6.0.9Typo3 Typo3 6.0.10Typo3 Typo3 6.0.11
4.3
CVSSv2

CVE-2013-7076

Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x prior to 4.5.32 and 4.7.x prior to 4.7.17 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Typo3 Typo3 4.5.0Typo3 Typo3 4.5.1Typo3 Typo3 4.5.2Typo3 Typo3 4.5.3Typo3 Typo3 4.5.4Typo3 Typo3 4.5.5Typo3 Typo3 4.5.6Typo3 Typo3 4.5.7Typo3 Typo3 4.5.8Typo3 Typo3 4.5.9Typo3 Typo3 4.5.10Typo3 Typo3 4.5.11
3.5
CVSSv2

CVE-2009-3629

Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and previous versions, 4.1.x prior to 4.1.13, 4.2.x prior to 4.2.10, and 4.3.x prior to 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...
Typo3 Typo3Typo3 Typo3 4.0Typo3 Typo3 4.0.1Typo3 Typo3 4.0.2Typo3 Typo3 4.0.3Typo3 Typo3 4.0.4Typo3 Typo3 4.0.5Typo3 Typo3 4.0.6Typo3 Typo3 4.0.7Typo3 Typo3 4.0.8Typo3 Typo3 4.0.9Typo3 Typo3 4.0.10
6.5
CVSSv2

CVE-2009-3632

SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and previous versions, 4.1.x prior to 4.1.13, 4.2.x prior to 4.2.10, and 4.3.x prior to 4.3beta2 allows remote authenticated users to execute arbitrary SQL...
Typo3 Typo3Typo3 Typo3 4.0Typo3 Typo3 4.0.1Typo3 Typo3 4.0.2Typo3 Typo3 4.0.3Typo3 Typo3 4.0.4Typo3 Typo3 4.0.5Typo3 Typo3 4.0.6Typo3 Typo3 4.0.7Typo3 Typo3 4.0.8Typo3 Typo3 4.0.9Typo3 Typo3 4.0.10
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-42599CVE-2025-3808phpgurukulinsecure direct object referenceCVE-2025-3840CVE-2025-43967men salon management systemdenial of servicevirtuemart component for joomlapritunlLFICVE-2025-32433CVE-2022-47112
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook