CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5302
https://notcve.org/view.php?id=CVE-2013-5302
16 Aug 2013 — SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Faceted Search (ke_search) anterior a v1.4.1 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos. • http://osvdb.org/95959 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-5307
https://notcve.org/view.php?id=CVE-2013-5307
16 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la extensión Faceted Search (ke_search) anterior a v1.4.1 para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos • http://osvdb.org/95960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •