CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3661
https://notcve.org/view.php?id=CVE-2010-3661
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. TYPO3 versiones anteriores a 4.1.14, versiones 4.2.x anteriores a 4.2.13, versiones 4.3.x anteriores a 4.3.4 y versiones 4.4.x anteriores a 4.4.1, permite un redireccionamiento abierto en el back-end. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 https://security-tracker.debian.org/tracker/CVE-2010-3661 https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3660
https://notcve.org/view.php?id=CVE-2010-3660
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. TYPO3 versiones anteriores a 4.1.14, versiones 4.2.x anteriores a 4.2.13, versiones 4.3.x anteriores a 4.3.4 y versiones 4.4.x anteriores a 4.4.1, permite un ataque de tipo XSS en el back-end. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 https://security-tracker.debian.org/tracker/CVE-2010-3660 https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6905
https://notcve.org/view.php?id=CVE-2018-6905
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. El módulo page en TYPO3, en versiones anteriores a la 8.7.11 y versiones 9.1.0,. tiene Cross-Site Scripting (XSS) mediante $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], tal y como queda demostrado con un administrador que introduce un nombre de sitio manipulado durante el proceso de instalación. • https://github.com/dnr6419/CVE-2018-6905 http://www.securitytracker.com/id/1040755 https://forge.typo3.org/issues/84191 https://github.com/pradeepjairamani/TYPO3-XSS-POC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 3%CPEs: 19EXPL: 0CVE-2016-5091
https://notcve.org/view.php?id=CVE-2016-5091
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. Extbase en TYPO3 4.3.0 en versiones anteriores a 6.2.24, 7.x en versiones anteriores a 7.6.8 y 8.1.1 permite a atacantes remotos obtener información sensible o posiblemente ejecutar código arbitrario a través una acción Extbase manipulada. • http://www.openwall.com/lists/oss-security/2016/05/25/4 http://www.openwall.com/lists/oss-security/2016/05/26/2 https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013 • CWE-254: 7PK - Security Features •
CVSS: 3.5EPSS: 6%CPEs: 48EXPL: 0CVE-2015-5956 – Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-5956
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. Vulnerabilidad en la función sanitizeLocalUrl en TYPO3 6.x en versiones anteriores a 6.2.15, 7.x en versiones anteriores a 7.4.0, 4.5.40 y versiones anteriores, permite a usuarios remotos autenticados eludir el filtro XSS y realizar ataques de XSS a través de un URI de datos codificados en base64, según lo demostrado por el (1) parámetro returnUrl en show_rechis.php y (2) parámetro redirect_url en index.php. Typo3 CMS versions 6.2.14 and below and 4.5.40 and below suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Sep/57 http://www.securityfocus.com/archive/1/536464/100/0/threaded http://www.securitytracker.com/id/1033551 https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •