CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11064 – Cross-Site Scripting in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11064
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ha sido detectado que los atributos placeholder de HTML que contienen datos de otros registros de bases de datos son vulnerables a un ataque de tipo cross-site scripting. Es requerida una cuenta de usuario del back-end válida para explotar esta vulnerabilidad. • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11063 – Observable Response Discrepancy in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11063
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2. En TYPO3 CMS versiones 10.4.0 y 10.4.1, ha sido detectado que los ataques basados en tiempo pueden ser usados con la funcionalidad password reset para usuarios del back-end. Esto permite a un atacante montar la enumeración de usuarios basado en las direcciones de correo electrónico asignadas a las cuentas de usuario del backend. • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-347x-877p-hcwx • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8091
https://notcve.org/view.php?id=CVE-2020-8091
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname. El archivo svg.swf en TYPO3 versiones 6.2.0 hasta 6.2.38 ELTS y versiones 7.0.0 hasta 7.1.0, podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) en un sistema apuntado. Esto puede estar en un nombre de ruta contrib/websvg/svg.swf. • https://typo3.org/security/advisory/typo3-psa-2019-003 https://www.purplemet.com/blog/typo3-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19849
https://notcve.org/view.php?id=CVE-2019-19849
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges. Se descubrió un problema en TYPO3 versiones anteriores a la versión 8.7.30, versiones 9.x anteriores a la versión 9.5.12 y versiones 10.x anteriores a la versión 10.2.2. • https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security https://typo3.org/security/advisory/typo3-core-sa-2019-026 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19850
https://notcve.org/view.php?id=CVE-2019-19850
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges. Se descubrió un problema en TYPO3 versiones anteriores a la versión 8.7.30, versiones 9.x anteriores a la versión 9.5.12 y versiones 10.x anteriores a la versión 10.2.2. Debido a que el escape del contenido enviado por el usuario es manejado inapropiadamente, la clase QueryGenerator es vulnerable a una inyección SQL. • https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security https://typo3.org/security/advisory/typo3-core-sa-2019-025 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •