CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19848
https://notcve.org/view.php?id=CVE-2019-19848
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.) Se descubrió un problema en TYPO3 versiones anteriores a la versión 8.7.30, versiones 9.x anteriores a la versión 9.5.12 y versiones 10.x anteriores a la versión 10.2.2. • https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security https://typo3.org/security/advisory/typo3-core-sa-2019-024 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12748
https://notcve.org/view.php?id=CVE-2019-12748
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. TYPO3 versiones 8.3.0 hasta 8.7.26 y versiones 9.0.0 hasta 9.5.7, permite un problema de tipo XSS. • https://typo3.org/security/advisory/typo3-core-sa-2019-015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12747
https://notcve.org/view.php?id=CVE-2019-12747
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. TYPO3 versiones 8.x hasta 8.7.26 y versiones 9.x hasta 9.5.7, permite la Deserialización de Datos No Seguros. • https://typo3.org/security/advisory/typo3-core-sa-2019-020 • CWE-502: Deserialization of Untrusted Data •