CVE-2014-3949
https://notcve.org/view.php?id=CVE-2014-3949
Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el asistente de diseño en la extensión Grid Elements (gridelements) anterior a 1.5.1 y 2.0.x anterior a 2.0.3 para TYPO3 permite a usuarios remotos autenticados de backend inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/58592 http://typo3.org/extensions/repository/view/gridelements http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-008 http://www.openwall.com/lists/oss-security/2014/06/03/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3945
https://notcve.org/view.php?id=CVE-2014-3945
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash. El componente de autenticación en TYPO3 anterior a 6.2, cuando la creación de salts para el hash de contraseñas está deshabilitado, no requiere conocimiento de la contraseña en texto claro si se conoce el hash de la contraseña, lo que permite a atacantes remotos evadir autenticación y ganar acceso al motor mediante el aprovechamiento de conocimiento de un hash de contraseña. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001 http://www.debian.org/security/2014/dsa-2942 http://www.openwall.com/lists/oss-security/2014/06/03/2 • CWE-287: Improper Authentication •
CVE-2013-6289
https://notcve.org/view.php?id=CVE-2013-6289
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la extensión Apache Soir para TYPO3 (soir) en versiones anteriores a la 2.8.3 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/54978 http://typo3.org/extensions/repository/view/solr http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009 http://www.securityfocus.com/bid/62674 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6288
https://notcve.org/view.php?id=CVE-2013-6288
Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." Vunerabilidad sin especificar en Apache Solr para la extensión TYPO3 anterior a 2.8.3 con impacto y vectores de ataque desconocidos relacionados con "Deserializacióin Insegura" • http://secunia.com/advisories/54978 http://typo3.org/extensions/repository/view/solr http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009 http://www.securityfocus.com/bid/62674 •
CVE-2013-5323
https://notcve.org/view.php?id=CVE-2013-5323
Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la extensión Static Info Tables (static_info_tables) anterior a 2.3.1 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://osvdb.org/90414 http://secunia.com/advisories/52283 http://typo3.org/extensions/repository/view/static_info_tables http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-004 http://www.securityfocus.com/bid/58056 https://exchange.xforce.ibmcloud.com/vulnerabilities/82212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •