CVSS: 6.4EPSS: 0%CPEs: 54EXPL: 0CVE-2013-1843
https://notcve.org/view.php?id=CVE-2013-1843
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el mecanismo de Access tracking en TYPO3 en v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3, permite a atacantes remotos redireccionar a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html http://secunia.com/advisories/52433 http://secunia.com/advisories/52638 http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core http://www.debian.org/security/2013/dsa-2646 http://www.openwall.com/lists/oss-security/2013/03/12/3 http://www.osvdb.org/90924 http://www.securityfocus.com/bid/58330 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 67EXPL: 0CVE-2012-5889
https://notcve.org/view.php?id=CVE-2012-5889
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la extensión PowerMail antes de v1.6.5 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/74461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5888
https://notcve.org/view.php?id=CVE-2012-5888
Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la extensión "Basic SEO Features" (seo_basics) antes de v0.8.2 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://forge.typo3.org/issues/35532 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006 http://www.securityfocus.com/bid/52772 https://exchange.xforce.ibmcloud.com/vulnerabilities/74483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0CVE-2012-5890
https://notcve.org/view.php?id=CVE-2012-5890
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. La extensión 'Front End User Registration' (sr_feuser_register) antes de v2.6.2 para TYPO3 permite a atacantes remotos obtener nombres de usuario y contraseñas a través de las funcionalidad de (1) editar Perspectivas o (2) inicio de sesión automático ('autologin'). • http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/80145 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0CVE-2012-1605
https://notcve.org/view.php?id=CVE-2012-1605
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." El Extbase Framework en TYPO3 4.6.x a través de 4.6.6, 4.7 y 6.0 variable de datos no confiables, permite a atacantes remotos tomar una variable de objetos arbitrarios y posiblemente ejecutar código arbitrario a través de vectores relacionados con "falta de una firma (HMAC) para un argumento solicitud. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001 http://www.openwall.com/lists/oss-security/2012/03/30/4 http://www.osvdb.org/80759 http://www.securityfocus.com/bid/52771 •