Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / typo3

typo3

346 tracked vulnerabilities.

TYPO3 6.2.0-6.2.2 - Improper Authentication

TYPO3 4.5.0-4.5.33, 4.7.0-4.7.18, 6.0.0-6.0.13, 6.1.0-6.1.8, 6.2.0-6.2.2 - Authenticated Cross-Site Scripting

TYPO3 4.5.0-4.5.33, 4.7.0-4.7.18, 6.0.0-6.0.13, 6.1.0-6.1.8 - Remote Code Execution via Color Picker Wizard

TYPO3 <4.5.34-6.2.3 - Info Disclosure

TYPO3 6.0.0-6.0.8 and 6.1.0-6.1.3 - Authenticated Remote Code Execution via File Extension in FAL Renaming

TYPO3 6.0.0-6.0.8 and 6.1.0-6.1.3 - Authenticated Arbitrary File Read and Write via File Abstraction Layer

TYPO3 6.0.0-6.0.7 and 6.1.0-6.1.2 - Authenticated Arbitrary PHP Code Execution via File Upload

Flowplayer Flash <3.2.17 - XSS

TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11, 6.1.0-6.1.6 - Cross-Site Scripting via Error Message

TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11, 6.1.0-6.1.6 - HMAC Signature Bypass

TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11 - Unauthenticated Mass Assignment via Extension Table Administration

TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11, 6.1.0-6.1.6 - Open Redirect in OpenID Extension

TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11, 6.1.0-6.1.6 - Authenticated PHP Object Unserialization and File Deletion

TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11, 6.1.0-6.1.6 - Authenticated Data Read via Content Editing Wizards

TYPO3 Flow 1.1.x < 1.1.1 and 2.0.x < 2.0.1 - Cross-Site Scripting via Error Action Method

TYPO3 6.0.0-6.0.11 and 6.1.0-6.1.6 - Cross-Site Scripting in Backend User Administration Module

TYPO3 4.5.x-4.7.x - Cross-Site Scripting in Extension Manager

TYPO3 4.5.x-4.5.31, 4.7.x-4.7.16, 6.0.x-6.0.11, 6.1.x-6.1.6 - Authenticated XSS in Content Editing Wizards

PHP OpenID Library <2.2.2 - Info Disclosure/DoS

TYPO3 4.5.x-4.6.x, 4.7.x-4.7.8, 6.0.x-6.0.2 - Open Redirect via Access Tracking Mechanism

TYPO3 4.5.x-4.6.x-4.7.x-6.0.x - SQL Injection via Query Object Model

TYPO3 4.5.0-4.5.20, 4.6.0-4.6.13, 4.7.0-4.7.5 - Authenticated Arbitrary Record History Access

TYPO3 4.5.0-4.5.20, 4.6.0-4.6.13, 4.7.0-4.7.5 - Authenticated Cross-Site Scripting in Function Menu API

TYPO3 4.5.0-4.5.20, 4.6.0-4.6.13, 4.7.0-4.7.5 - Authenticated Cross-Site Scripting in TCA-Tree Backend API

TYPO3 4.5.0-4.5.20, 4.6.0-4.6.13, 4.7.0-4.7.5 - Authenticated Cross-Site Scripting in Backend History Module

Previous Page 7 of 14 Next

Products

typo3 218 cms 116 cms-core 85 cms-backend 22 cms-install 6 cms-form 4 cms-frontend 4 dam_frontend_extension 4 html-sanitizer 4 html_sanitizer 4 wec_discussion_forum 4 Extension "Faceted Search" 3 pdf_generator_2_extension 3 Extension "Mailqueue" 2 address_directory 2 air_filemanager 2 beuserswitch 2 cms-beuser 2 cms-dashboard 2 cms-recycler 2 cms-workspaces 2 commerce_extension 2 eluna_page_comments_extension 2 ns backup extension 2 phar-stream-wrapper 2 pharstreamwrapper 2 sql_frontend_extension 2 sr feuser register extension 2 sr_feuser_register_extension 2 terminal 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy