Page 26 of 135 results (0.015 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en la extensión de interfaz externo (frontend plugin) para la extensión de sistemas Felogin en TYPO3 4.2.0, 4.2.1 y 4.2.2, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-20081113-2 http://www.securityfocus.com/bid/32284 https://exchange.xforce.ibmcloud.com/vulnerabilities/46591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el modulo file backend en TYPO3 v4.2.2 permitiría a atacantes remotos inyectar comandos web o HTML a través de vectores desconocidos. • http://secunia.com/advisories/32689 http://typo3.org/teams/security/security-bulletins/typo3-20081113-1 http://www.securityfocus.com/bid/32284 http://www.vupen.com/english/advisories/2008/3144 https://exchange.xforce.ibmcloud.com/vulnerabilities/46585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. TYPO3 versiones 4.0.x anteriores a 4.0.9, versiones 4.1.x anteriores a 4.1.7, y versiones 4.2.x anteriores a 4.2.1, utiliza un fileDenyPattern predeterminado insuficientemente restrictivo para Apache, que permite a los atacantes remotos omitir las restricciones de seguridad y cargar archivos de configuración como .htaccess, o conducir ataques de carga de archivos mediante varias extensiones. • http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern http://secunia.com/advisories/30619 http://secunia.com/advisories/30660 http://securityreason.com/securityalert/3945 http://typo3.org/teams/security/security-bulletins/typo3-20080611-1 http://www.debian.org/security/2008/dsa-1596 http://www.securityfocus.com/archive/1/493270/100/0/threaded http://www.securityfocus.com/bid/29657 http://www.vupen.com/english/advisories/2008/1802 https:/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0

Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en fe_adminlib.inc de TYPO3 4.0.x antes de 4.0.9, 4.1.x antes de 4.1.7 y 4.2.x antes de 4.2.1, del modo que se utiliza en extensiones como (1) direct_mail_subscription, (2) feuser_admin y (3) kb_md5fepw, permite a atacantes remotos inyectar scripts web o HTMl de su elección mediante vectores no especificados. • http://secunia.com/advisories/30619 http://secunia.com/advisories/30660 http://securityreason.com/securityalert/3945 http://typo3.org/teams/security/security-bulletins/typo3-20080611-1 http://www.debian.org/security/2008/dsa-1596 http://www.securityfocus.com/archive/1/493270/100/0/threaded http://www.securityfocus.com/bid/29657 http://www.vupen.com/english/advisories/2008/1802 https://exchange.xforce.ibmcloud.com/vulnerabilities/42986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión del sistema indexed_search, en TYPO3 3.x, 4.0 hasta 4.0.7, y 4.1 hasta 4.1.3. Permite que usuarios autenticados remotamente ejecuten, a su elección, comandos SQL usando vectores sin especificar. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446 http://osvdb.org/39506 http://secunia.com/advisories/27969 http://secunia.com/advisories/28243 http://securitytracker.com/id?1019146 http://typo3.org/teams/security/security-bulletins/typo3-20071210-1 http://www.debian.org/security/2007/dsa-1439 http://www.securityfocus.com/bid/26871 http://www.vupen.com/english/advisories/2007/4205 https://exchange.xforce.ibmcloud.com/vulnerabilities/39017 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •