CVSS: 5.4EPSS: 0%CPEs: 71EXPL: 0CVE-2013-7074 – Debian Security Advisory 2834-1
https://notcve.org/view.php?id=CVE-2013-7074
21 Dec 2013 — Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de cross-site scripting (XSS) en Content Editing Wizards en TYPO3 4.5.x anteriores a 4.5.32, 4.7.x anteriores a 4.7.17, 6.0.x anteriores a 6.0.12, 6.1.x anteriores a 6.1.7, y las... • http://osvdb.org/100881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 54EXPL: 0CVE-2013-1842
https://notcve.org/view.php?id=CVE-2013-1842
20 Mar 2013 — SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." Vulnerabilidad de inyección SQL en Extbase Framework en TYPO3 v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3 permite a atacantes remotos ejecutar comandos SQL a trav... • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 54EXPL: 0CVE-2013-1843
https://notcve.org/view.php?id=CVE-2013-1843
20 Mar 2013 — Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el mecanismo de Access tracking en TYPO3 en v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3, permite a atacantes remotos redireccionar a s... • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2012-1605
https://notcve.org/view.php?id=CVE-2012-1605
04 Sep 2012 — The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." El Extbase Framework en TYPO3 4.6.x a través de 4.6.6, 4.7 y 6.0 variable de datos no confiables, permite a atacantes remotos tomar una variable de objetos arbitrarios y posiblemente ejecutar código arbitrario a través de vectores relacionados... • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001 •
CVSS: 5.4EPSS: 0%CPEs: 37EXPL: 0CVE-2012-1606
https://notcve.org/view.php?id=CVE-2012-1606
04 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Backend en TYPO3 v4.4.0 hasta v4.4.13, v4.5.0 hasta v4.5.13, v4.6.0 hasta v4.6.6, v4.7, v6.0, permite a atacantes remotos inyectar secu... • http://osvdb.org/80760 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 37EXPL: 0CVE-2012-1608
https://notcve.org/view.php?id=CVE-2012-1608
04 Sep 2012 — The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters. El t3lib_div::RemoveXSS API método en TYPO3 v4.4.0 a través de v4.4.13, v4.5.0 a través de v4.5.13, v4.6.0 a través de v4.6.6, 4.7, y 6.0, permite a atacantes remotos evitar la ejecución de comandos en sitios cruzados (XSS) mecanismo... • http://secunia.com/advisories/48647 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2012-1607
https://notcve.org/view.php?id=CVE-2012-1607
04 Sep 2012 — The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. La secuencia de comandos Command Line Interface (CLI) en TYPO3 v4.4.0 hasta v4.4.13, v4.5.0 hasta v4.5.13, v4.6.0 hasta v4.6.6, v4.7, v6.0, permite a atacantes remotos obtener el nombre de una base de datos a través de una petición directa • http://osvdb.org/80761 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3629
https://notcve.org/view.php?id=CVE-2009-3629
02 Nov 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permiten a ... • http://marc.info/?l=oss-security&m=125632856206736&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3632
https://notcve.org/view.php?id=CVE-2009-3632
02 Nov 2009 — SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Vulnerabilidad de inyección SQL en la funcionalidad de edición del "frontend" (portal de usuario) tradicional del subcomponente "Frontend Editing" (edición del portal de usuario) de TYPO3 v4.0.13 y anteriores, ... • http://marc.info/?l=oss-security&m=125632856206736&w=2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •