CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2009-0257
https://notcve.org/view.php?id=CVE-2009-0257
22 Jan 2009 — Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.0.... • http://secunia.com/advisories/33617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 3%CPEs: 24EXPL: 0CVE-2009-0258
https://notcve.org/view.php?id=CVE-2009-0258
22 Jan 2009 — The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. Vulnerabilidad no especificada en la extensión del sistema de la Indexed Search Engine (indexed_search) en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a 4.1.7 y v4.2.0 a v4.2.3 permite a atacantes remotos ejecutar comandos... • http://secunia.com/advisories/33617 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5656
https://notcve.org/view.php?id=CVE-2008-5656
17 Dec 2008 — Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en la extensión de interfaz externo (frontend plugin) para la extensión de sistemas Felogin en TYPO3 4.2.0, 4.2.1 y 4.2.2, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-20081113-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2008-2717
https://notcve.org/view.php?id=CVE-2008-2717
16 Jun 2008 — TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. TYPO3 versiones 4.0.x anteriores a 4.0.9, versiones 4.1.x anteriores a 4.1.7, y versiones 4.2.x anteriores a 4.2.1, utiliza un fileDenyPattern predeterminado insuficientemente restrictivo para Apache, ... • http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2008-2718
https://notcve.org/view.php?id=CVE-2008-2718
16 Jun 2008 — Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en fe_adminlib.inc de TYPO3 4.0.x antes de 4.0.9, 4.1.x antes de 4.1.7 y 4.2.x antes de 4.2.1, del modo que se utiliza en exten... • http://secunia.com/advisories/30619 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •