NotCVE - vendor:"Typo3" product:"Typo3" version:"1.2.0"

Page 3 of 50 results (0.007 seconds)

CVSS: 3.5EPSS: 0%CPEs: 48EXPL: 1

CVE-2015-5956 – Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2015-5956

14 Sep 2015 — The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. Vulnerabilidad en la función sanitizeLocalUrl en TYPO3 6.x en versiones anteriores a 6.2.15, 7.x en versiones anteriores a 7.4.0, 4.5.40 y versiones anteriores, per... • https://packetstorm.news/files/id/133551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 33EXPL: 0

CVE-2014-3949

https://notcve.org/view.php?id=CVE-2014-3949

04 Jun 2014 — Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el asistente de diseño en la extensión Grid Elements (gridelements) anterior a 1.5.1 y 2.0.x anterior a 2.0.3 para TYPO3 permite a usuarios remotos autenticados de backend inyectar secuencias de comandos web o HTML arbitrarios ... • http://secunia.com/advisories/58592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 186EXPL: 0

CVE-2014-3945

https://notcve.org/view.php?id=CVE-2014-3945

03 Jun 2014 — The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash. El componente de autenticación en TYPO3 anterior a 6.2, cuando la creación de salts para el hash de contraseñas está deshabilitado, no requiere conocimiento de la contraseña en texto claro si se conoce... • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001 • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0

CVE-2013-5323

https://notcve.org/view.php?id=CVE-2013-5323

20 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la extensión Static Info Tables (static_info_tables) anterior a 2.3.1 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://osvdb.org/90414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0

CVE-2013-5307

https://notcve.org/view.php?id=CVE-2013-5307

16 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la extensión Faceted Search (ke_search) anterior a v1.4.1 para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos • http://osvdb.org/95960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0

CVE-2013-4745

https://notcve.org/view.php?id=CVE-2013-4745

01 Jul 2013 — SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión My quiz and poll (myquizpoll) anterior a 2.0.6 para TYPO3, permite a atacantes remotos la ejecución arbitraria de comandos SQL a través de vectores no especificados. • http://osvdb.org/90410 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0

CVE-2013-4746

https://notcve.org/view.php?id=CVE-2013-4746

01 Jul 2013 — Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la extensión My quiz and poll (myquizpoll) anterior a v2.0.6 para TYPO3 permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a través de vectores no especificados. • http://osvdb.org/90409 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0

CVE-2012-6577

https://notcve.org/view.php?id=CVE-2012-6577

27 Jun 2013 — SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Formhandler anterior a 1.4.1 para TYPO3, permite a usuarios autenticados remotamente con determinados permisos la ejecución de comandos SQL arbitrarios a través de vectores no especificados. • http://typo3.org/extensions/repository/view/formhandler • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0

CVE-2013-4680

https://notcve.org/view.php?id=CVE-2013-4680

25 Jun 2013 — Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión "Maag Form Captcha" v2.0.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/93818 •

CVSS: 6.1EPSS: 0%CPEs: 67EXPL: 0

CVE-2012-5889

https://notcve.org/view.php?id=CVE-2012-5889

17 Nov 2012 — Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la extensión PowerMail antes de v1.6.5 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5