CVE-2015-8758
https://notcve.org/view.php?id=CVE-2015-8758
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de XSS en componentes anticipados no especificados en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013 http://www.securityfocus.com/bid/79240 http://www.securitytracker.com/id/1034484 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-8756
https://notcve.org/view.php?id=CVE-2015-8756
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la vista del resultado de búsqueda en el componente Indexed Search (indexed_search) en TYPO3 6.2.x en versiones anteriores a 6.2.16 permite a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015 http://www.securitytracker.com/id/1034486 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-8757
https://notcve.org/view.php?id=CVE-2015-8757
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation. Vulnerabilidad de XSS en el Extension Manager en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados relacionados con datos de extensión durante una intalación de extensión. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010 http://www.securityfocus.com/bid/79254 http://www.securitytracker.com/id/1034482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-5956 – Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-5956
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. Vulnerabilidad en la función sanitizeLocalUrl en TYPO3 6.x en versiones anteriores a 6.2.15, 7.x en versiones anteriores a 7.4.0, 4.5.40 y versiones anteriores, permite a usuarios remotos autenticados eludir el filtro XSS y realizar ataques de XSS a través de un URI de datos codificados en base64, según lo demostrado por el (1) parámetro returnUrl en show_rechis.php y (2) parámetro redirect_url en index.php. Typo3 CMS versions 6.2.14 and below and 4.5.40 and below suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Sep/57 http://www.securityfocus.com/archive/1/536464/100/0/threaded http://www.securitytracker.com/id/1033551 https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-2821
https://notcve.org/view.php?id=CVE-2015-2821
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. TYPO3 Neos 1.1.x anterior a 1.1.3 y 1.2.x anterior a 1.2.3 permite a editores remotos acceder, crear y modificar los nodos de contenidos en los espacios de trabajo de otros editores a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-neos/typo3-neos-sa-2015-001 http://www.securityfocus.com/bid/73700 • CWE-264: Permissions, Privileges, and Access Controls •