Page 11 of 135 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de XSS en componentes anticipados no especificados en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013 http://www.securityfocus.com/bid/79240 http://www.securitytracker.com/id/1034484 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 29EXPL: 0

Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la vista del resultado de búsqueda en el componente Indexed Search (indexed_search) en TYPO3 6.2.x en versiones anteriores a 6.2.16 permite a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015 http://www.securitytracker.com/id/1034486 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 0

Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation. Vulnerabilidad de XSS en el Extension Manager en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados relacionados con datos de extensión durante una intalación de extensión. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010 http://www.securityfocus.com/bid/79254 http://www.securitytracker.com/id/1034482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 4%CPEs: 48EXPL: 0

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. Vulnerabilidad en la función sanitizeLocalUrl en TYPO3 6.x en versiones anteriores a 6.2.15, 7.x en versiones anteriores a 7.4.0, 4.5.40 y versiones anteriores, permite a usuarios remotos autenticados eludir el filtro XSS y realizar ataques de XSS a través de un URI de datos codificados en base64, según lo demostrado por el (1) parámetro returnUrl en show_rechis.php y (2) parámetro redirect_url en index.php. Typo3 CMS versions 6.2.14 and below and 4.5.40 and below suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Sep/57 http://www.securityfocus.com/archive/1/536464/100/0/threaded http://www.securitytracker.com/id/1033551 https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 92EXPL: 0

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value. La extensión rsaauth en TYPO3 4.3.0 hasta 4.3.14, 4.4.0 hasta 4.4.15, 4.5.0 hasta 4.5.39, y 4.6.0 hasta 4.6.18, cuando está configurado para el frontend, permite a atacantes remotos evadir la autenticación a través de una contraseña que está asignado a un valor vacío. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001 http://www.debian.org/security/2015/dsa-3164 http://www.openwall.com/lists/oss-security/2015/02/22/4 http://www.openwall.com/lists/oss-security/2015/02/22/8 http://www.securityfocus.com/bid/72763 http://www.securitytracker.com/id/1031824 https://review.typo3.org/#/c/37013 • CWE-287: Improper Authentication •