typo3

346 tracked vulnerabilities.

CVE-2019-12747 HIGH
TYPO3 8.3.0-8.7.26 and 9.x-9.5.7 - Deserialization of Untrusted Data
Jul 09, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10912 HIGH
Symfony < 2.8.50, 3.x < 3.4.26, 4.x < 4.1.12, 4.2.x < 4.2.7 - Arbitrary File Deletion via Unsafe Object Caching
May 16, 2019
CVSS 7.1
EPSS 0.01
CVE-2019-11832 HIGH
TYPO3 8.0.0-8.7.24 and 9.0.0-9.5.5 - Remote Code Execution via Image Processing Configuration
May 09, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-11831 CRITICAL
PharStreamWrapper <2.1.1-3.1.1 - Path Traversal
May 09, 2019
CVSS 9.8
EPSS 0.10
CVE-2019-11830 CRITICAL
PharStreamWrapper <2.1.1-3.1.1 - Deserialization
May 09, 2019
CVSS 9.8
EPSS 0.02
CVE-2018-17960 MEDIUM
CKEditor 4.0-4.10.1 - Stored Cross-Site Scripting via Source-Mode Paste
Nov 14, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-14041 MEDIUM
Bootstrap 4.0.0-4.1.1 - Cross-Site Scripting via Scrollspy Data-Target Property
Jul 13, 2018
CVSS 6.1
EPSS 0.08
CVE-2018-6905 MEDIUM
TYPO3 < 8.7.11 and 9.1.0 - Stored Cross-Site Scripting via Site Name Configuration
Apr 08, 2018
CVSS 4.8
EPSS 0.02
CVE-2017-14251 HIGH
TYPO3 7.6.0-7.6.21, 8.0.0-8.7.4 - RCE
Sep 11, 2017
CVSS 8.8
EPSS 0.04
CVE-2017-6370 MEDIUM
TYPO3 7.6.15 - Cleartext Transmission of Sensitive Information via Login Provider Request
Mar 17, 2017
CVSS 5.3
EPSS 0.00
CVE-2016-5091 HIGH
TYPO3 < 6.2.24 - Remote Code Execution via Extbase Action
Jan 23, 2017
CVSS 8.1
EPSS 0.02
CVE-2016-4056 MEDIUM
TYPO3 6.2.0-6.2.18 - Stored Cross-Site Scripting via Bookmark Module Parameter
Jan 23, 2017
CVSS 6.1
EPSS 0.00
CVE-2015-8760 MEDIUM
TYPO3 CMS 6.2.0-6.2.15 - Cross-Site Flashing via Flvplayer Component
Jan 08, 2016
CVSS 6.1
EPSS 0.00
CVE-2015-8759 MEDIUM
TYPO3 6.2.0-6.2.15 - Authenticated Cross-Site Scripting via typoLink Function
Jan 08, 2016
CVSS 5.4
EPSS 0.00
CVE-2015-8758 MEDIUM
TYPO3 6.2.x-6.2.15 and 7.x-7.6.0 - Authenticated Cross-Site Scripting
Jan 08, 2016
CVSS 5.4
EPSS 0.00
CVE-2015-8757 MEDIUM
TYPO3 6.2.x-7.x - Cross-Site Scripting in Extension Manager
Jan 08, 2016
CVSS 6.1
EPSS 0.00
CVE-2015-8756 MEDIUM
TYPO3 CMS 6.2.0-6.2.15 - Authenticated Cross-Site Scripting in Indexed Search Result View
Jan 08, 2016
CVSS 5.4
EPSS 0.00
CVE-2015-8755 MEDIUM
TYPO3 6.2.0-6.2.15 and 7.0.0-7.6.0 - Authenticated Cross-Site Scripting
Jan 08, 2016
CVSS 5.4
EPSS 0.00
CVE-2015-5956
TYPO3 < 4.5.40, 6.x < 6.2.15, 7.x < 7.4.0 - Authenticated Cross-Site Scripting via Base64 Data URI
Sep 16, 2015
EPSS 0.00
CVE-2015-2821
TYPO3 Neos 1.1.x-1.1.2 and 1.2.x-1.2.2 - Unauthorized Content Node Access and Modification
Apr 01, 2015
EPSS 0.00
CVE-2015-2047
TYPO3 4.3.0-4.3.14, 4.4.0-4.4.15, 4.5.0-4.5.39, 4.6.0-4.6.18 - Authentication Bypass via RSAAuth
Feb 23, 2015
EPSS 0.01
CVE-2014-9509
TYPO3 <4.5.39, 4.6.x-6.2.x<6.2.9, 7.x<7.0.2 - Info Disclosure
Jan 04, 2015
EPSS 0.01
CVE-2014-9508
TYPO3 <4.5.39, <6.2.9, <7.0.2 - XSS
Jan 04, 2015
EPSS 0.00
CVE-2014-3946
TYPO3 6.2.0-6.2.2 - Info Disclosure
Jun 03, 2014
EPSS 0.00
CVE-2014-3945
TYPO3 < 6.2 - Authentication Bypass via Password Hash Knowledge
Jun 03, 2014
EPSS 0.00
Products
typo3 218 cms 116 cms-core 85 cms-backend 22 cms-install 6 cms-form 4 cms-frontend 4 dam_frontend_extension 4 html-sanitizer 4 html_sanitizer 4 wec_discussion_forum 4 Extension "Faceted Search" 3 pdf_generator_2_extension 3 Extension "Mailqueue" 2 address_directory 2 air_filemanager 2 beuserswitch 2 cms-beuser 2 cms-dashboard 2 cms-recycler 2 cms-workspaces 2 commerce_extension 2 eluna_page_comments_extension 2 ns backup extension 2 phar-stream-wrapper 2 pharstreamwrapper 2 sql_frontend_extension 2 sr feuser register extension 2 sr_feuser_register_extension 2 terminal 2
Quick Filters
Critical CVEs With Exploits In CISA KEV