CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4336
https://notcve.org/view.php?id=CVE-2009-4336
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la extensión 'Calendario de la Diocesis de Portsmouth' (pd_calendar) v0.4.1 y anteriores para TYPO3 permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020 http://www.vupen.com/english/advisories/2009/3550 https://exchange.xforce.ibmcloud.com/vulnerabilities/54780 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4337
https://notcve.org/view.php?id=CVE-2009-4337
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691. Una vulnerabilidad de inyección SQL en la extensión 'Diocese of Portsmouth Calendar' (pd_calendar) v0.4.1 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL a través de vectores desconocidos. Se trata de una vulnerabilidad diferente a CVE-2008-6691. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020 http://www.vupen.com/english/advisories/2009/3550 https://exchange.xforce.ibmcloud.com/vulnerabilities/54779 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6691
https://notcve.org/view.php?id=CVE-2008-6691
SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en Diocese of Portsmouth Calendar Today (pd_calendar_today) extensión v0.0.3 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores desconocidos. • http://osvdb.org/46388 http://secunia.com/advisories/30737 http://typo3.org/teams/security/security-bulletins/typo3-20080619-1 http://www.securityfocus.com/bid/29819 https://exchange.xforce.ibmcloud.com/vulnerabilities/43206 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •