Typosphere Typo version 3.99.0 : Security vulnerabilities, CVEs

cpe:2.3:a:typosphere:typo:3.99.0:*:*:*:*:*:*:*

Copy

CVE-2008-4905

Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack.

Max CVSS

7.5

EPSS Score

0.22%

Published

2008-11-04

Updated

2024-02-09

CVE-2008-4904

SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.

Max CVSS

6.0

EPSS Score

0.15%

Published

2008-11-04

Updated

2017-08-08

CVE-2008-4903

Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters.

Max CVSS

4.3

EPSS Score

0.25%

Published

2008-11-04

Updated

2017-08-08

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!