Typo3 CVEs and Security Vulnerabilities

Filtered by vendor Typo3 Subscriptions

Filtered by product Typo3 Subscriptions

Search

Switch to Advanced Search (Beta)

Total 477 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2013-5303	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
CVE-2009-4951	2 Hans Olthoff, Typo3	2 Alternet Csa Out, Typo3	2025-04-11	N/A
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2009-4949	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4682	2 Bas Van Beek, Typo3	2 Multishop, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4948	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4804	3 Mario Matzulla, Microsoft, Typo3	3 Calendar Base, Internet Explorer, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."
CVE-2013-4747	2 Kasper Skarhoj, Typo3	2 Accessible Is Browse Results, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4683	2 Christophe Balisky, Typo3	2 Meta Feedit, Typo3	2025-04-11	N/A
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4803	2 Andreas Schwarzkopf, Typo3	2 Accessibility Glossary, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4802	2 Joachim Ruhs, Typo3	2 Flat Manager, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4680	2 Typo3, Urs Maag	2 Typo3, Maag Form Captcha	2025-04-11	N/A
Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2009-4711	2 Jan Bednarik, Typo3	2 Cooluri, Typo3	2025-04-11	N/A
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
CVE-2009-4706	2 Sebastian Winterhalder, Typo3	2 Mailform, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6289	2 Ingo Renner, Typo3	2 Apache Solr, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4681	2 Michael Staatz, Typo3	2 Sofortueberweisung2commerce, Typo3	2025-04-11	N/A
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4719	2 Lina Wolf, Typo3	2 Seo Pack For Tt News, Typo3	2025-04-11	N/A
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5304	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-5097	1 Typo3	1 Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-5098	1 Typo3	1 Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-5102	1 Typo3	1 Typo3	2025-04-11	N/A
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.

« first previous Page 8 of 24. next last »