CVSS: 3.5EPSS: 0%CPEs: 44EXPL: 0CVE-2012-6147
https://notcve.org/view.php?id=CVE-2012-6147
Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en el árbol "render API" (TCA-Tree) en el "Backend API" en TYPO3 v4.5.x anterior a v4.5.21, v4.6.x anterior a v4.6.14, y v4.7.x anterior a v4.7.6 permite a usuarios remotos autenticados inyectar secuencias de comandos Web o HTML a través de vectores no especificados. • http://osvdb.org/87113 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005 http://www.openwall.com/lists/oss-security/2013/06/19/4 https://exchange.xforce.ibmcloud.com/vulnerabilities/79967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2013-1842
https://notcve.org/view.php?id=CVE-2013-1842
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." Vulnerabilidad de inyección SQL en Extbase Framework en TYPO3 v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados, en relación con "el Query Object Model y los valores de relación". • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html http://osvdb.org/90925 http://secunia.com/advisories/52433 http://secunia.com/advisories/52638 http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core http://www.debian.org/security/2013/dsa-2646 http://www.openwall.com/lists/oss-security/2013/03/12/3 http://www.securityfocus.com/bid/58330 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 54EXPL: 0CVE-2013-1843
https://notcve.org/view.php?id=CVE-2013-1843
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el mecanismo de Access tracking en TYPO3 en v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3, permite a atacantes remotos redireccionar a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html http://secunia.com/advisories/52433 http://secunia.com/advisories/52638 http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core http://www.debian.org/security/2013/dsa-2646 http://www.openwall.com/lists/oss-security/2013/03/12/3 http://www.osvdb.org/90924 http://www.securityfocus.com/bid/58330 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0CVE-2012-1605
https://notcve.org/view.php?id=CVE-2012-1605
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." El Extbase Framework en TYPO3 4.6.x a través de 4.6.6, 4.7 y 6.0 variable de datos no confiables, permite a atacantes remotos tomar una variable de objetos arbitrarios y posiblemente ejecutar código arbitrario a través de vectores relacionados con "falta de una firma (HMAC) para un argumento solicitud. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001 http://www.openwall.com/lists/oss-security/2012/03/30/4 http://www.osvdb.org/80759 http://www.securityfocus.com/bid/52771 •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2012-3527
https://notcve.org/view.php?id=CVE-2012-3527
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)." view_help.php en el sistema de ayuda backend de TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4 permite a usuarios remotos autenticados tomar una variable de objetos arbitrarios y posiblemente ejecutar código PHP arbitrario a través de un parámetro no especifico, en relación con una "missing signature (HMAC)." • http://osvdb.org/84773 http://secunia.com/advisories/50287 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004 http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/77791 • CWE-502: Deserialization of Untrusted Data •