2 matches found
CVE-2025-10316
CVE-2025-10316 affects the TYPO3 extension Form to Database (form_to_database). The issue is Cross-Site Scripting due to insufficient handling of form values, allowing injection of malicious scripts when data is rendered. Affected versions are: before 2.2.5; 3.0.0–3.2.1; 4.0.0–4.2.2; 5.0.0–5.0.1....
CVE-2025-6384
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...