Page 10 of 135 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 1

Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark. Vulnerabilidad de XSS en el componente Backend en TYPO3 6.2.x en versiones anteriores a 6.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de el parámetro module cuando crea un marcador. • http://www.openwall.com/lists/oss-security/2016/04/21/1 https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 3%CPEs: 19EXPL: 0

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. Extbase en TYPO3 4.3.0 en versiones anteriores a 6.2.24, 7.x en versiones anteriores a 7.6.8 y 8.1.1 permite a atacantes remotos obtener información sensible o posiblemente ejecutar código arbitrario a través una acción Extbase manipulada. • http://www.openwall.com/lists/oss-security/2016/05/25/4 http://www.openwall.com/lists/oss-security/2016/05/26/2 https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013 • CWE-254: 7PK - Security Features •

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0

The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing." El componente Flvplayer en TYPO3 6.2.x en versiones anteriores a 6.2.16 permite a atacantes remotos incrustar videos de Flash procedentes de dominios externos a través de vectores no especificados, también conocido como "Cross-Site Flashing." • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014 http://www.securityfocus.com/bid/79210 http://www.securitytracker.com/id/1034485 • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de XSS en componentes del backend no especificados en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011 http://www.securityfocus.com/bid/79236 http://www.securitytracker.com/id/1034483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0

Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field. Vulnerabilidad de XSS en la función typoLink en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un campo link. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012 http://www.securityfocus.com/bid/79250 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •