typo3

361 tracked vulnerabilities.

CVE-2016-5091 HIGH
TYPO3 < 6.2.24 - Remote Code Execution via Extbase Action
Jan 23, 2017
CVSS 8.1
EPSS 0.03
CVE-2016-4056 MEDIUM
TYPO3 6.2.0-6.2.18 - Stored Cross-Site Scripting via Bookmark Module Parameter
Jan 23, 2017
CVSS 6.1
EPSS 0.01
CVE-2015-8760 MEDIUM
TYPO3 CMS 6.2.0-6.2.15 - Cross-Site Flashing via Flvplayer Component
Jan 08, 2016
CVSS 6.1
EPSS 0.01
CVE-2015-8759 MEDIUM
TYPO3 6.2.0-6.2.15 - Authenticated Cross-Site Scripting via typoLink Function
Jan 08, 2016
CVSS 5.4
EPSS 0.01
CVE-2015-8758 MEDIUM
TYPO3 6.2.x-6.2.15 and 7.x-7.6.0 - Authenticated Cross-Site Scripting
Jan 08, 2016
CVSS 5.4
EPSS 0.01
CVE-2015-8757 MEDIUM
TYPO3 6.2.x-7.x - Cross-Site Scripting in Extension Manager
Jan 08, 2016
CVSS 6.1
EPSS 0.01
CVE-2015-8756 MEDIUM
TYPO3 CMS 6.2.0-6.2.15 - Authenticated Cross-Site Scripting in Indexed Search Result View
Jan 08, 2016
CVSS 5.4
EPSS 0.01
CVE-2015-8755 MEDIUM
TYPO3 6.2.0-6.2.15 and 7.0.0-7.6.0 - Authenticated Cross-Site Scripting
Jan 08, 2016
CVSS 5.4
EPSS 0.01
CVE-2015-5956
TYPO3 < 4.5.40, 6.x < 6.2.15, 7.x < 7.4.0 - Authenticated Cross-Site Scripting via Base64 Data URI
Sep 16, 2015
EPSS 0.02
CVE-2015-2821
TYPO3 Neos 1.1.x-1.1.2 and 1.2.x-1.2.2 - Unauthorized Content Node Access and Modification
Apr 01, 2015
EPSS 0.01
CVE-2015-2047
TYPO3 4.3.0-4.3.14, 4.4.0-4.4.15, 4.5.0-4.5.39, 4.6.0-4.6.18 - Authentication Bypass via RSAAuth
Feb 23, 2015
EPSS 0.02
CVE-2014-9509
TYPO3 <4.5.39, 4.6.x-6.2.x<6.2.9, 7.x<7.0.2 - Info Disclosure
Jan 04, 2015
EPSS 0.01
CVE-2014-9508
TYPO3 <4.5.39, <6.2.9, <7.0.2 - XSS
Jan 04, 2015
EPSS 0.02
CVE-2014-3946
TYPO3 6.2.0-6.2.2 - Info Disclosure
Jun 03, 2014
EPSS 0.01
CVE-2014-3945
TYPO3 < 6.2 - Authentication Bypass via Password Hash Knowledge
Jun 03, 2014
EPSS 0.02
CVE-2014-3944
TYPO3 6.2.0-6.2.2 - Improper Authentication
Jun 03, 2014
EPSS 0.01
CVE-2014-3943
TYPO3 4.5.0-4.5.33, 4.7.0-4.7.18, 6.0.0-6.0.13, 6.1.0-6.1.8, 6.2.0-6.2.2 - Authenticated Cross-Site Scripting
Jun 03, 2014
EPSS 0.01
CVE-2014-3942
TYPO3 4.5.0-4.5.33, 4.7.0-4.7.18, 6.0.0-6.0.13, 6.1.0-6.1.8 - Remote Code Execution via Color Picker Wizard
Jun 03, 2014
EPSS 0.02
CVE-2014-3941
TYPO3 <4.5.34-6.2.3 - Info Disclosure
Jun 03, 2014
EPSS 0.03
CVE-2013-4321
TYPO3 6.0.0-6.0.8 and 6.1.0-6.1.3 - Authenticated Remote Code Execution via File Extension in FAL Renaming
May 20, 2014
EPSS 0.01
CVE-2013-4320
TYPO3 6.0.0-6.0.8 and 6.1.0-6.1.3 - Authenticated Arbitrary File Read and Write via File Abstraction Layer
May 20, 2014
EPSS 0.01
CVE-2013-4250
TYPO3 6.0.0-6.0.7 and 6.1.0-6.1.2 - Authenticated Arbitrary PHP Code Execution via File Upload
May 20, 2014
EPSS 0.01
CVE-2013-7341
Flowplayer Flash <3.2.17 - XSS
Mar 24, 2014
EPSS 0.02
CVE-2013-7078
TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11, 6.1.0-6.1.6 - Cross-Site Scripting via Error Message
Jan 19, 2014
EPSS 0.02
CVE-2013-7081
TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11, 6.1.0-6.1.6 - HMAC Signature Bypass
Dec 23, 2013
EPSS 0.01