CVE-2013-5307
https://notcve.org/view.php?id=CVE-2013-5307
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la extensión Faceted Search (ke_search) anterior a v1.4.1 para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos • http://osvdb.org/95960 http://secunia.com/advisories/54306 http://typo3.org/extensions/repository/view/ke_search http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 http://www.securityfocus.com/bid/61609 https://exchange.xforce.ibmcloud.com/vulnerabilities/86236 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5310
https://notcve.org/view.php?id=CVE-2013-5310
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión DB Integration (wfqbe) anterior a v2.0.1 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos. • http://osvdb.org/95957 http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5 http://typo3.org/extensions/repository/view/wfqbe http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 http://www.securityfocus.com/bid/61653 https://exchange.xforce.ibmcloud.com/vulnerabilities/86238 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-5304
https://notcve.org/view.php?id=CVE-2013-5304
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Store Locator (locator) anterior a v3.1.5 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos. • http://osvdb.org/95962 http://secunia.com/advisories/54350 http://typo3.org/extensions/repository/view/locator http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 http://www.securityfocus.com/bid/61606 https://exchange.xforce.ibmcloud.com/vulnerabilities/86230 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-5308
https://notcve.org/view.php?id=CVE-2013-5308
Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la extensión RealURL Management (realurlmanagement) v0.3.4 y anteriores para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos. • http://osvdb.org/95958 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 http://www.securityfocus.com/bid/61654 https://exchange.xforce.ibmcloud.com/vulnerabilities/86237 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5305
https://notcve.org/view.php?id=CVE-2013-5305
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la extensión Store Locator (locator) anterior a v3.1.5 para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos. • http://osvdb.org/95961 http://secunia.com/advisories/54350 http://typo3.org/extensions/repository/view/locator http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 http://www.securityfocus.com/bid/61606 https://exchange.xforce.ibmcloud.com/vulnerabilities/86231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •