CVE-2009-4340
https://notcve.org/view.php?id=CVE-2009-4340
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados en la extensión "Busqueda no indexada" (no_indexed_search) v0.2.0 para TYPO3 permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020 http://www.vupen.com/english/advisories/2009/3550 https://exchange.xforce.ibmcloud.com/vulnerabilities/54784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4341
https://notcve.org/view.php?id=CVE-2009-4341
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Una vulnerabilidad de inyección SQL en la extensión "Busqueda no indexada" (no_indexed_search) v0.2.0 para TYPO3 a atacantes remotos ejecutar comandos SQL a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020 http://www.vupen.com/english/advisories/2009/3550 https://exchange.xforce.ibmcloud.com/vulnerabilities/54783 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •