Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / typo3

typo3

346 tracked vulnerabilities.

CVE-2021-21357 HIGH

TYPO3 < 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Authenticated Path Traversal and Arbitrary File Write via Form Designer Module

CVE-2021-21355 HIGH

TYPO3 <8.7.40, 9.5.25, 10.4.14, 11.1.1 - Info Disclosure

CVE-2021-21340 MEDIUM

TYPO3 10.0.0-10.4.13 - Authenticated Stored Cross-Site Scripting in Description Column Preview

CVE-2021-21339 MEDIUM

TYPO3 < 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Cleartext Session Identifiers

CVE-2021-21338 MEDIUM

TYPO3 < 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Unauthenticated Open Redirect via Login Handling

CVE-2020-26229 LOW

TYPO3 10.4.0-10.4.9 - Authenticated XML External Entity Injection in RSS Widgets

CVE-2020-26228 HIGH

TYPO3 9.0.0-9.5.22 and 10.0.0-10.4.9 - Cleartext Storage of Sensitive Information

CVE-2020-26227 MEDIUM

TYPO3 6.2.0-6.2.53, 9.0.0-9.5.22, 10.0.0-10.4.9 - Cross-Site Scripting via Fluid View Helper Argument

CVE-2020-26216 HIGH

TYPO3 Fluid < 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11, 2.6.10 - Cross-Site Scripting

CVE-2020-15241 MEDIUM

TYPO3 Fluid Engine <2.0.5-2.6.1 - XSS

CVE-2020-15099 HIGH

TYPO3 CMS >=9.0.0 <9.5.20, >=10.0.0 <10.4.6 - Info Disclosure

CVE-2020-15098 HIGH

TYPO3 CMS >=9.0.0 <9.5.20, >=10.0.0 <10.4.6 - RCE

CVE-2020-15086 CRITICAL

mediace 7.6.2-7.6.4 - Authenticated Remote Code Execution via Checksum Verification Bypass

CVE-2020-11069 HIGH

TYPO3 CMS 9.0.0-9.5.16 and 10.0.0-10.4.1 - Same-Site Request Forgery via Malicious Uploaded Resource

CVE-2020-11067 HIGH

TYPO3 CMS <9.5.16, <10.4.1 - Code Injection

CVE-2020-11066 HIGH

TYPO3 CMS >=9.0.0 <9.5.17, >=10.0.0 <10.4.2 - Code Injection

CVE-2020-11065 MEDIUM

TYPO3 CMS >=9.5.12 <9.5.17, >=10.2.0 <10.4.2 - XSS

CVE-2020-11064 MEDIUM

TYPO3 CMS >=9.0.0 <9.5.17, >=10.0.0 <10.4.2 - XSS

CVE-2020-11063 LOW

TYPO3 CMS <10.4.1 - Info Disclosure

CVE-2020-11070 MEDIUM

TYPO3 SVG Sanitizer < 1.0.3 - Cross-Site Scripting via Invalid SVG Markup

CVE-2020-8091 MEDIUM

TYPO3 6.2.0-6.2.38 ELTS and 7.0.0-7.1.0 - Unauthenticated Cross-Site Scripting via svg.swf

CVE-2019-19850 HIGH

TYPO3 < 8.7.30 - Authenticated SQL Injection in QueryGenerator

CVE-2019-19849 HIGH

TYPO3 < 8.7.30, 9.x < 9.5.12, 10.x < 10.2.2 - Authenticated Remote Code Execution via Insecure Deserialization

CVE-2019-19848 HIGH

TYPO3 < 8.7.30, 9.x < 9.5.12, 10.x < 10.2.2 - Authenticated Path Traversal via Extension Manager ZIP Extraction

CVE-2019-12748 MEDIUM

TYPO3 8.3.0-8.7.26 and 9.0.0-9.5.7 - Cross-Site Scripting

Previous Page 5 of 14 Next

Products

typo3 218 cms 116 cms-core 85 cms-backend 22 cms-install 6 cms-form 4 cms-frontend 4 dam_frontend_extension 4 html-sanitizer 4 html_sanitizer 4 wec_discussion_forum 4 Extension "Faceted Search" 3 pdf_generator_2_extension 3 Extension "Mailqueue" 2 address_directory 2 air_filemanager 2 beuserswitch 2 cms-beuser 2 cms-dashboard 2 cms-recycler 2 cms-workspaces 2 commerce_extension 2 eluna_page_comments_extension 2 ns backup extension 2 phar-stream-wrapper 2 pharstreamwrapper 2 sql_frontend_extension 2 sr feuser register extension 2 sr_feuser_register_extension 2 terminal 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy