Lucene search
FreeBSDE6839625-FDFA-11E2-9430-20CF30E32F6DHistoryJul 30, 2013 - 12:00 a.m.
typo3 -- Multiple vulnerabilities in TYPO3 Core
2013-07-3000:00:00
vuxml.freebsd.org
23
0.016 Low
EPSS
Percentile
87.3%
Typo Security Team reports:
It has been discovered that TYPO3 Core is vulnerable to
Cross-Site Scripting and Remote Code Execution.
TYPO3 bundles flash files for video and audio playback. Old
versions of FlowPlayer and flashmedia are susceptible to
Cross-Site Scripting. No authentication is required to exploit
this vulnerability.
The file upload component and the File Abstraction Layer are
failing to check for denied file extensions, which allows
authenticated editors (even with limited permissions) to
upload php files with arbitrary code, which can then be
executed in web server’s context.
Related
typo3
typo3
Cross-Site Scripting in news
2014-06-03 00:00:00
Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core
2013-07-30 00:00:00
openvas
openvas
TYPO3 Flowplayer Cross Site Scripting Vulnerability
2014-01-02 00:00:00
Debian Security Advisory DSA 2772-1 (typo3-src - cross-site scripting)
2013-10-10 00:00:00
Debian: Security Advisory (DSA-2772-1)
2013-10-09 00:00:00
nessus
nessus
FreeBSD : typo3 -- Multiple vulnerabilities in TYPO3 Core (e6839625-fdfa-11e2-9430-20cf30e32f6d)
2013-08-06 00:00:00
Debian DSA-2772-1 : typo3-src - XSS
2013-10-11 00:00:00
prion
prion
Cross site scripting
2020-02-08 16:15:00
Cross site scripting
2013-02-07 05:56:00
ubuntucve
ubuntucve
CVE-2011-3642
2020-02-08 00:00:00
CVE-2013-1464
2013-02-07 00:00:00
cvelist
cvelist
CVE-2011-3642
2020-02-08 15:46:36
CVE-2013-1464
2013-02-07 02:00:00
cve
cve
CVE-2011-3642
2020-02-08 16:15:00
CVE-2013-1464
2013-02-07 05:56:00
packetstorm
packetstorm
WordPress Audio Player SWF Cross Site Scripting
2013-02-07 00:00:00
debian
debian
[SECURITY] [DSA 2772-1] typo3-src security update
2013-10-10 14:22:23
securityvulns
securityvulns
wpvulndb
wpvulndb
Audio Player - player.swf playerID Parameter XSS
2014-08-01 10:58:57