2 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en la extensión de TYPO3 "KJ: Imagelightbox" (kj_imagelightbox2) v2.0.0 y anteriores permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. Se trata de una vulnerabilidad distinta a CVE-2008-2490. • http://secunia.com/advisories/38165 http://typo3.org/extensions/repository/view/kj_imagelightbox2/2.0.2 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input." Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la extensión KJ Image Lightbox 2 (también conocida como kj_imagelightbox2) 1.4.2 y anteriores, para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una "user input" no especificado. • http://secunia.com/advisories/30386 http://typo3.org/teams/security/security-bulletins/typo3-20080527-1 http://www.vupen.com/english/advisories/2008/1666/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •