CVSS: 3.5EPSS: 0%CPEs: 48EXPL: 1CVE-2015-5956 – Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-5956
14 Sep 2015 — The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. Vulnerabilidad en la función sanitizeLocalUrl en TYPO3 6.x en versiones anteriores a 6.2.15, 7.x en versiones anteriores a 7.4.0, 4.5.40 y versiones anteriores, per... • https://packetstorm.news/files/id/133551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 33EXPL: 0CVE-2014-3949
https://notcve.org/view.php?id=CVE-2014-3949
04 Jun 2014 — Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el asistente de diseño en la extensión Grid Elements (gridelements) anterior a 1.5.1 y 2.0.x anterior a 2.0.3 para TYPO3 permite a usuarios remotos autenticados de backend inyectar secuencias de comandos web o HTML arbitrarios ... • http://secunia.com/advisories/58592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 186EXPL: 0CVE-2014-3945
https://notcve.org/view.php?id=CVE-2014-3945
03 Jun 2014 — The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash. El componente de autenticación en TYPO3 anterior a 6.2, cuando la creación de salts para el hash de contraseñas está deshabilitado, no requiere conocimiento de la contraseña en texto claro si se conoce... • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2013-6288
https://notcve.org/view.php?id=CVE-2013-6288
28 Oct 2013 — Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." Vunerabilidad sin especificar en Apache Solr para la extensión TYPO3 anterior a 2.8.3 con impacto y vectores de ataque desconocidos relacionados con "Deserializacióin Insegura" • http://secunia.com/advisories/54978 •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-6289
https://notcve.org/view.php?id=CVE-2013-6289
28 Oct 2013 — Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la extensión Apache Soir para TYPO3 (soir) en versiones anteriores a la 2.8.3 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/54978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2013-5323
https://notcve.org/view.php?id=CVE-2013-5323
20 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la extensión Static Info Tables (static_info_tables) anterior a 2.3.1 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://osvdb.org/90414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-5307
https://notcve.org/view.php?id=CVE-2013-5307
16 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la extensión Faceted Search (ke_search) anterior a v1.4.1 para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos • http://osvdb.org/95960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2013-4745
https://notcve.org/view.php?id=CVE-2013-4745
01 Jul 2013 — SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión My quiz and poll (myquizpoll) anterior a 2.0.6 para TYPO3, permite a atacantes remotos la ejecución arbitraria de comandos SQL a través de vectores no especificados. • http://osvdb.org/90410 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2013-4746
https://notcve.org/view.php?id=CVE-2013-4746
01 Jul 2013 — Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la extensión My quiz and poll (myquizpoll) anterior a v2.0.6 para TYPO3 permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a través de vectores no especificados. • http://osvdb.org/90409 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4719
https://notcve.org/view.php?id=CVE-2013-4719
27 Jun 2013 — SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad SQL injection en el SEO Pack para la extensión tt_news anterior a v1.3.3 para TYPO3 permite a atacantes remotos ejecutar código arbitrario SQL a través de vectores sin especificar. • http://secunia.com/advisories/53283 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •