2 results (0.018 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión T3BLOG v0.6.2 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores sin especificar. • http://secunia.com/advisories/38388 http://typo3.org/extensions/repository/view/t3blog/0.8.0 http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002 http://www.securityfocus.com/bid/38030 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión T3BLOG v0.6.2 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de vectores sin especificar. • http://secunia.com/advisories/38388 http://typo3.org/extensions/repository/view/t3blog/0.8.0 http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002 http://www.securityfocus.com/bid/38030 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •