Page 12 of 153 results (0.008 seconds)

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. TYPO3 versiones anteriores a 4.1.14, versiones 4.2.x anteriores a 4.2.13, versiones 4.3.x anteriores a 4.3.4 y versiones 4.4.x anteriores a 4.4.1, permite un ataque de tipo XSS en el back-end. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 https://security-tracker.debian.org/tracker/CVE-2010-3660 https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. TYPO3 versiones 8.3.0 hasta 8.7.26 y versiones 9.0.0 hasta 9.5.7, permite un problema de tipo XSS. • https://typo3.org/security/advisory/typo3-core-sa-2019-015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. TYPO3 versiones 8.x hasta 8.7.26 y versiones 9.x hasta 9.5.7, permite la Deserialización de Datos No Seguros. • https://typo3.org/security/advisory/typo3-core-sa-2019-020 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. TYPO3, versiones 8.x anteriores a 8.7.25 y 9.x anteriores a 9.5.6, permite la ejecución remota de código porque no configura correctamente las aplicaciones utilizadas para el procesamiento de imágenes, como demuestran ImageMagick o GraphicsMagick. • http://www.securityfocus.com/bid/108305 https://typo3.org/security/advisory/typo3-core-sa-2019-012 • CWE-20: Improper Input Validation •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 2

The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. El módulo page en TYPO3, en versiones anteriores a la 8.7.11 y versiones 9.1.0,. tiene Cross-Site Scripting (XSS) mediante $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], tal y como queda demostrado con un administrador que introduce un nombre de sitio manipulado durante el proceso de instalación. • https://github.com/dnr6419/CVE-2018-6905 http://www.securitytracker.com/id/1040755 https://forge.typo3.org/issues/84191 https://github.com/pradeepjairamani/TYPO3-XSS-POC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •