CVE-2016-4056
https://notcve.org/view.php?id=CVE-2016-4056
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark. Vulnerabilidad de XSS en el componente Backend en TYPO3 6.2.x en versiones anteriores a 6.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de el parámetro module cuando crea un marcador. • http://www.openwall.com/lists/oss-security/2016/04/21/1 https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5091
https://notcve.org/view.php?id=CVE-2016-5091
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. Extbase en TYPO3 4.3.0 en versiones anteriores a 6.2.24, 7.x en versiones anteriores a 7.6.8 y 8.1.1 permite a atacantes remotos obtener información sensible o posiblemente ejecutar código arbitrario a través una acción Extbase manipulada. • http://www.openwall.com/lists/oss-security/2016/05/25/4 http://www.openwall.com/lists/oss-security/2016/05/26/2 https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013 • CWE-254: 7PK - Security Features •
CVE-2015-8760
https://notcve.org/view.php?id=CVE-2015-8760
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing." El componente Flvplayer en TYPO3 6.2.x en versiones anteriores a 6.2.16 permite a atacantes remotos incrustar videos de Flash procedentes de dominios externos a través de vectores no especificados, también conocido como "Cross-Site Flashing." • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014 http://www.securityfocus.com/bid/79210 http://www.securitytracker.com/id/1034485 • CWE-20: Improper Input Validation •
CVE-2015-8755
https://notcve.org/view.php?id=CVE-2015-8755
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de XSS en componentes del backend no especificados en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011 http://www.securityfocus.com/bid/79236 http://www.securitytracker.com/id/1034483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-8759
https://notcve.org/view.php?id=CVE-2015-8759
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field. Vulnerabilidad de XSS en la función typoLink en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un campo link. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012 http://www.securityfocus.com/bid/79250 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •