CVE-2008-6688
https://notcve.org/view.php?id=CVE-2008-6688
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en JobControl (dmmjobcontrol) v1.15.0 y anteriores (extensión para TYPO3) permite a usuarios remotos inyectar de forma arbitraria secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/46385 http://typo3.org/teams/security/security-bulletins/typo3-20080619-1 http://www.securityfocus.com/bid/29828 https://exchange.xforce.ibmcloud.com/vulnerabilities/43202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-6346
https://notcve.org/view.php?id=CVE-2008-6346
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en la extensión Dr Wiki (dr_wiki) v1.7.1 y anteriores para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no determinados. • http://secunia.com/advisories/33256 http://typo3.org/teams/security/security-bulletins/typo3-20081222-3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4658
https://notcve.org/view.php?id=CVE-2008-4658
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión JobControl (dmmjobcontrol) v1.15.4 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://secunia.com/advisories/32342 http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5 http://typo3.org/teams/security/security-bulletins/typo3-20081020-1 http://www.securityfocus.com/bid/31840 http://www.vupen.com/english/advisories/2008/2870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-1081
https://notcve.org/view.php?id=CVE-2007-1081
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. La función start en class.t3lib_formmail.php en TYPO3 anterior a 4.0.5, 4.1beta, y 4.1RC1 permite a atacantes remotos inyectar cabeceras email de su elección a través de vectores desconocidos. NOTA: Algunos de estos detalles se obtuvieron de información de terceros. • http://osvdb.org/33471 http://secunia.com/advisories/24207 http://typo3.org/teams/security/security-bulletins/typo3-20070221-1 http://www.securityfocus.com/bid/22668 http://www.vupen.com/english/advisories/2007/0697 https://exchange.xforce.ibmcloud.com/vulnerabilities/32630 •
CVE-2006-5069
https://notcve.org/view.php?id=CVE-2006-5069
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. Vulnerabilidad de XSS en class.tx_indexedsearch.php en la extensión Indexed Search 2.9.0 para Typo3 en versiones anteriores a 4.0.2 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de búsqueda. • http://marc.info/?l=full-disclosure&m=115918334930694&w=2 http://secunia.com/advisories/22071 http://securityreason.com/securityalert/1646 http://typo3.org/teams/security/security-bulletins/typo3-20060911-1 http://www.securityfocus.com/archive/1/446885/100/0/threaded http://www.securityfocus.com/bid/20173 http://www.vupen.com/english/advisories/2006/3782 https://exchange.xforce.ibmcloud.com/vulnerabilities/29128 •