CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2009-3634
https://notcve.org/view.php?id=CVE-2009-3634
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el subcomponente "Frontend Login Box" (también conocido como felogin) de TYPO3 v4.2.0 hasta la v4.2.6 permite a usuarios remotos inyectar codigo de script web o código HTML a través de parámetros sin especificar. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://marc.info/?l=oss-security&m=125633199111438&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2009-3636
https://notcve.org/view.php?id=CVE-2009-3636
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el subcomponente "Install Tool" (herramienta de instalación) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de parámetros sin especificar. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://marc.info/?l=oss-security&m=125633199111438&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3629
https://notcve.org/view.php?id=CVE-2009-3629
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permiten a usuarios remotos autenticados inyectar codigo de script web o código HTML a través de vectores de ataque sin especificar. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://marc.info/?l=oss-security&m=125633199111438&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2009-3633
https://notcve.org/view.php?id=CVE-2009-3633
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función de API t3lib_div::quoteJSvalue en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque sin especificar relacionados con el algoritmo de sanitización. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://marc.info/?l=oss-security&m=125633199111438&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53925 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3632
https://notcve.org/view.php?id=CVE-2009-3632
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Vulnerabilidad de inyección SQL en la funcionalidad de edición del "frontend" (portal de usuario) tradicional del subcomponente "Frontend Editing" (edición del portal de usuario) de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos ejecutar comandos SQL de su elección a través parámetros sin especificar. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53924 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •