CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-6144
https://notcve.org/view.php?id=CVE-2008-6144
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en WEC Discussion Forum (wec_discussion) extensión 1.7.0 y anteriores para TYPO3 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través de vectores no especificados. Se trata de una vulnerabilidad diferente a la CVE-2008-3029. • http://secunia.com/advisories/33254 http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 http://www.vupen.com/english/advisories/2008/3502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-6145
https://notcve.org/view.php?id=CVE-2008-6145
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en WEC Discussion Forum (wec_discussion) extensión 1.7.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://secunia.com/advisories/33254 http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 http://www.vupen.com/english/advisories/2008/3502 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3029
https://notcve.org/view.php?id=CVE-2008-3029
Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión WEC Discussion Forum (wec_discussion) 1.6.2 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores no especificados. • http://secunia.com/advisories/30905 http://typo3.org/teams/security/security-bulletins/typo3-20080701-4 http://www.securityfocus.com/bid/30026 https://exchange.xforce.ibmcloud.com/vulnerabilities/43514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3043
https://notcve.org/view.php?id=CVE-2008-3043
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types." Vulnerabilidad sin especificar en la extensión Discussion Forum WEC (wec_discussion) versión 1.6.2 y anteriores para TYPO3, permite a los atacantes ejecutar código arbitrario a través de vectores relativos a "ciertos tipos de ficheros". • http://secunia.com/advisories/30905 http://typo3.org/teams/security/security-bulletins/typo3-20080701-4 http://www.securityfocus.com/bid/30026 https://exchange.xforce.ibmcloud.com/vulnerabilities/43512 • CWE-94: Improper Control of Generation of Code ('Code Injection') •