CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2009-0257
https://notcve.org/view.php?id=CVE-2009-0257
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a 4.1.7 y v4.2.0 a v4.2.3, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el (1) nombre y (2) el contenido de ficheros indexados para (a) la extensión del sistema Indexed Search Engine (indexed_search), (b) comandos de prueba no especificados en la extensión del sistema ADOb y (c) vectores no especificados en el módulo Workspace. • http://secunia.com/advisories/33617 http://secunia.com/advisories/33679 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001 http://www.debian.org/security/2009/dsa-1711 http://www.securityfocus.com/bid/33376 https://exchange.xforce.ibmcloud.com/vulnerabilities/48133 https://exchange.xforce.ibmcloud.com/vulnerabilities/48135 https://exchange.xforce.ibmcloud.com/vulnerabilities/48136 https://exchange.xforce.ibmcloud.com/vulnerabilities/48137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 24EXPL: 0CVE-2009-0258
https://notcve.org/view.php?id=CVE-2009-0258
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. Vulnerabilidad no especificada en la extensión del sistema de la Indexed Search Engine (indexed_search) en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a 4.1.7 y v4.2.0 a v4.2.3 permite a atacantes remotos ejecutar comandos de su elección mediante vectores desconocidos relacionados con la la línea de comandos indexer. • http://secunia.com/advisories/33617 http://secunia.com/advisories/33679 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001 http://www.debian.org/security/2009/dsa-1711 http://www.openwall.com/lists/oss-security/2009/01/23/4 http://www.securityfocus.com/bid/33376 https://exchange.xforce.ibmcloud.com/vulnerabilities/48138 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0CVE-2009-0256
https://notcve.org/view.php?id=CVE-2009-0256
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. Vulnerabilidad de fijación de sesión en la librería de autenticación en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a v4.1.7 y v4.2.0 a v4.2.3, permite a atacantes remotos secuestrar sesiones web mediante vectores no especificados, en relación con (1) el interfaz externo y (2) la autenticación del interfaz interno. • http://secunia.com/advisories/33617 http://secunia.com/advisories/33679 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001 http://www.debian.org/security/2009/dsa-1711 http://www.securityfocus.com/bid/33376 https://exchange.xforce.ibmcloud.com/vulnerabilities/48133 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5656
https://notcve.org/view.php?id=CVE-2008-5656
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en la extensión de interfaz externo (frontend plugin) para la extensión de sistemas Felogin en TYPO3 4.2.0, 4.2.1 y 4.2.2, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-20081113-2 http://www.securityfocus.com/bid/32284 https://exchange.xforce.ibmcloud.com/vulnerabilities/46591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5644
https://notcve.org/view.php?id=CVE-2008-5644
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el modulo file backend en TYPO3 v4.2.2 permitiría a atacantes remotos inyectar comandos web o HTML a través de vectores desconocidos. • http://secunia.com/advisories/32689 http://typo3.org/teams/security/security-bulletins/typo3-20081113-1 http://www.securityfocus.com/bid/32284 http://www.vupen.com/english/advisories/2008/3144 https://exchange.xforce.ibmcloud.com/vulnerabilities/46585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •