5 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. La extensión TYPO3 Core wec_discussion versiones anteriores a 2.1.1, es vulnerable a una inyección SQL debido al saneamiento inapropiado de la entrada suministrada por el usuario. • https://access.redhat.com/security/cve/cve-2011-3584 https://security-tracker.debian.org/tracker/CVE-2011-3584 https://typo3.org/security/advisory/typo3-sa-2011-003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en WEC Discussion Forum (wec_discussion) extensión 1.7.0 y anteriores para TYPO3 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través de vectores no especificados. Se trata de una vulnerabilidad diferente a la CVE-2008-3029. • http://secunia.com/advisories/33254 http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 http://www.vupen.com/english/advisories/2008/3502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en WEC Discussion Forum (wec_discussion) extensión 1.7.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://secunia.com/advisories/33254 http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 http://www.vupen.com/english/advisories/2008/3502 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión WEC Discussion Forum (wec_discussion) 1.6.2 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores no especificados. • http://secunia.com/advisories/30905 http://typo3.org/teams/security/security-bulletins/typo3-20080701-4 http://www.securityfocus.com/bid/30026 https://exchange.xforce.ibmcloud.com/vulnerabilities/43514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types." Vulnerabilidad sin especificar en la extensión Discussion Forum WEC (wec_discussion) versión 1.6.2 y anteriores para TYPO3, permite a los atacantes ejecutar código arbitrario a través de vectores relativos a "ciertos tipos de ficheros". • http://secunia.com/advisories/30905 http://typo3.org/teams/security/security-bulletins/typo3-20080701-4 http://www.securityfocus.com/bid/30026 https://exchange.xforce.ibmcloud.com/vulnerabilities/43512 • CWE-94: Improper Control of Generation of Code ('Code Injection') •