4.7.16 : Security Vulnerabilities

Cpe Name:cpe:/a:typo3:typo3:4.7.16

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2014-9509	20		2015-01-04	2015-01-06	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.
2	CVE-2014-9508	59		2015-01-04	2016-11-28	4.3	None	Remote	Medium	Not required	None	Partial	None
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
3	CVE-2014-3945	287	Bypass	2014-06-03	2014-06-04	4.0	None	Remote	High	Not required	Partial	Partial	None
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.
4	CVE-2014-3943	79	XSS	2014-06-03	2017-12-28	3.5	None	Remote	Medium	Single system	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.
5	CVE-2014-3942	94	Exec Code	2014-06-03	2017-12-28	6.0	None	Remote	Medium	Single system	Partial	Partial	Partial
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
6	CVE-2014-3941	20		2014-06-03	2017-12-28	5.0	None	Remote	Low	Not required	None	Partial	None
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
7	CVE-2013-7081	264	Bypass	2013-12-23	2014-01-13	4.9	None	Remote	Medium	Single system	Partial	Partial	None
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.
8	CVE-2013-7080			2013-12-23	2014-01-13	5.8	None	Remote	Medium	Not required	Partial	Partial	None
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
9	CVE-2013-7079	20		2013-12-23	2016-12-30	5.8	None	Remote	Medium	Not required	Partial	Partial	None
Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
10	CVE-2013-7078	79	XSS	2014-01-19	2017-08-28	2.6	None	Remote	High	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.
11	CVE-2013-7076	79	XSS	2013-12-20	2017-08-28	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12	CVE-2013-7075	310		2013-12-23	2014-01-13	6.5	None	Remote	Low	Single system	Partial	Partial	Partial
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
13	CVE-2013-7074	79	XSS	2013-12-20	2017-08-28	3.5	None	Remote	Medium	Single system	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
14	CVE-2013-7073	264		2013-12-23	2016-11-28	4.0	None	Remote	Low	Single system	Partial	None	None
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Total number of vulnerabilities : 14 Page : 1 (This Page)