Page 5 of 41 results (0.011 seconds)

CVSS: 4.9EPSS: 0%CPEs: 68EXPL: 0

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors. El (antiguo) componente Form Content Element en TYPO3 4.5.0 a 4.5.31, 4.7.0 a 4.7.16, 6.0.0 a 6.0.11, y 6.1.0 a 6.1.6 permite a editores autenticados remotamente generar firmas HMAC arbitrarias y sortear restricciones de acceso intencionadas a través de vectores no especificados. • http://seclists.org/oss-sec/2013/q4/473 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004 http://www.debian.org/security/2014/dsa-2834 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 71EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de cross-site scripting (XSS) en Content Editing Wizards en TYPO3 4.5.x anteriores a 4.5.32, 4.7.x anteriores a 4.7.17, 6.0.x anteriores a 6.0.12, 6.1.x anteriores a 6.1.7, y las versiones de desarrollo 6.2, permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de parámetros no especificados. • http://osvdb.org/100881 http://seclists.org/oss-sec/2013/q4/473 http://seclists.org/oss-sec/2013/q4/487 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004 http://www.debian.org/security/2014/dsa-2834 http://www.securityfocus.com/bid/64245 https://exchange.xforce.ibmcloud.com/vulnerabilities/89620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0

Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad cross-site scripting (XSS) en Extension Manager de TYPO3 4.5.x anteriores a 4.5.32 y 4.7.x anteriores a 4.7.17 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores no especificados. • http://osvdb.org/100883 http://seclists.org/oss-sec/2013/q4/473 http://seclists.org/oss-sec/2013/q4/487 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004 http://www.debian.org/security/2014/dsa-2834 http://www.securityfocus.com/bid/64247 https://exchange.xforce.ibmcloud.com/vulnerabilities/89624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 44EXPL: 0

Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el módulo BackEnd History en TYPO3 4.5.x anterior a 4.5.21, 4.6.x anterior a 4.6.14, y 4.7.x anterior a 4.7.6, permite a usuarios del backend autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://osvdb.org/87116 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005 http://www.openwall.com/lists/oss-security/2013/06/19/4 https://exchange.xforce.ibmcloud.com/vulnerabilities/79965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo BackEnd History en TYPO3 4.5.x anterior a 4.5.21, 4.6.x anterior a 4.6.14, y 4.7.x anterior a 4.7.6, permite a usuarios del backend autenticados remotamente inyectar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/87115 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005 http://www.openwall.com/lists/oss-security/2013/06/19/4 https://exchange.xforce.ibmcloud.com/vulnerabilities/79964 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •