CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6370
https://notcve.org/view.php?id=CVE-2017-6370
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. TYPO3 7.6.15 envía una solicitud http a un index.php?loginProvider URI en casos con un httpsReferers, lo que permite a atacantes remotos obtener información de texto plano sensible husmeando la red y leyendo los campos userident y username. • http://www.securityfocus.com/bid/97071 https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 1CVE-2016-4056
https://notcve.org/view.php?id=CVE-2016-4056
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark. Vulnerabilidad de XSS en el componente Backend en TYPO3 6.2.x en versiones anteriores a 6.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de el parámetro module cuando crea un marcador. • http://www.openwall.com/lists/oss-security/2016/04/21/1 https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 3%CPEs: 19EXPL: 0CVE-2016-5091
https://notcve.org/view.php?id=CVE-2016-5091
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. Extbase en TYPO3 4.3.0 en versiones anteriores a 6.2.24, 7.x en versiones anteriores a 7.6.8 y 8.1.1 permite a atacantes remotos obtener información sensible o posiblemente ejecutar código arbitrario a través una acción Extbase manipulada. • http://www.openwall.com/lists/oss-security/2016/05/25/4 http://www.openwall.com/lists/oss-security/2016/05/26/2 https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013 • CWE-254: 7PK - Security Features •
CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0CVE-2015-8755
https://notcve.org/view.php?id=CVE-2015-8755
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de XSS en componentes del backend no especificados en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011 http://www.securityfocus.com/bid/79236 http://www.securitytracker.com/id/1034483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 29EXPL: 0CVE-2015-8756
https://notcve.org/view.php?id=CVE-2015-8756
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la vista del resultado de búsqueda en el componente Indexed Search (indexed_search) en TYPO3 6.2.x en versiones anteriores a 6.2.16 permite a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015 http://www.securitytracker.com/id/1034486 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •