Lucene search
K

148 matches found

NVD
NVD
added 2020/05/13 11:15 p.m.26 views

CVE-2020-11063

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

4.3CVSS4.5AI score0.01188EPSS
Exploits0References3
OSV
OSV
added 2020/05/13 11:15 p.m.16 views

CVE-2020-11063

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

3.7CVSS4.2AI score
Exploits0References3
Prion
Prion
added 2020/05/13 11:15 p.m.18 views

Default credentials

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

4.3CVSS4.5AI score0.01188EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/13 10:19 p.m.71 views

Information Disclosure in Password Reset

In TYPO3 CMS 10.4.0 through 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

4.3CVSS3.2AI score0.01188EPSS
Exploits0References8Affected Software2
Typo3
Typo3
added 2020/05/12 12:0 a.m.24 views

Information Disclosure in Password Reset

It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email address exists or not...

4.3CVSS4AI score0.01188EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/12/17 10:53 p.m.77 views

GHSA-4MVC-QC5W-V5QR Information disclosure in the Contao backend

Impact Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. Patches Update to Contao 4.4.46 or 4.8.6. Workarounds None. References https://contao.org/en/security-advisories/information-disclosure-in-the-back-end For more information If...

5.3CVSS5.1AI score0.0088EPSS
Exploits0References7
Prion
Prion
added 2019/12/17 2:15 p.m.14 views

Design/Logic Flaw

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them...

5CVSS5.2AI score0.0088EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2019/07/11 12:0 a.m.19 views

TYPO3 9.3.x <= 9.5.7 Broken Access Control Vulnerability

TYPO3 CMS is susceptible to a broken access control vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ...

7.2AI score
Exploits0References1
Typo3
Typo3
added 2019/05/07 12:0 a.m.20 views

Information Disclosure in Page Tree

It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/01/22 12:0 a.m.18 views

Broken Access Control in Localization Handling

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/01/22 12:0 a.m.17 views

Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability...

7AI score
Exploits0Affected Software1
NVD
NVD
added 2017/10/20 6:29 p.m.27 views

CVE-2010-3659

Multiple cross-site scripting XSS vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified...

5.4CVSS5.3AI score0.01279EPSS
Exploits0References5
CVE
CVE
added 2017/10/20 6:0 p.m.67 views

CVE-2010-3659

CVE-2010-3659 concerns multiple cross-site scripting (XSS) flaws in TYPO3 CMS. The vulnerabilities affect TYPO3 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1, allowing remote authenticated backend users to inject arbitrary script/HTML via unspecified paramet...

5.4CVSS5.7AI score0.01279EPSS
Exploits0References5Affected Software1
Typo3
Typo3
added 2016/05/24 12:0 a.m.508 views

Missing Access Check in TYPO3 CMS

It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. Component Type: TYPO3 CMS Release Date: May 24, 2016 Vulnerable subcomponent: Extbase Vulnerability Type: Missing access check Affected Versions: Versions 4.3.0 up to 8.1.0 Severity: Critical Suggested CVSS v2.0:...

8.7AI score0.02575EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/02/12 1:44 p.m.25 views

A directory traversal vulnerability allows back end users to view files outside their document root

More info at https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html...

4.3CVSS5AI score0.01419EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2014/07/03 12:0 a.m.27 views

TYPO3 Authentication Subcomponent Authentication Bypass Vulnerability

TYPO3 is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

4CVSS6.7AI score0.01635EPSS
Exploits0References3
NVD
NVD
added 2014/06/04 2:55 p.m.10 views

CVE-2014-3949

Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00946EPSS
Exploits0References4
Prion
Prion
added 2014/06/04 2:55 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00946EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/06/04 2:0 p.m.21 views

CVE-2014-3949

Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.00946EPSS
Exploits0References4
CVE
CVE
added 2014/06/04 2:0 p.m.41 views

CVE-2014-3949

CVE-2014-3949 describes a cross-site scripting (XSS) vulnerability in the Grid Elements (gridelements) TYPO3 extension. The issue affects the layout wizard in versions before 1.5.1 and 2.0.x before 2.0.3, allowing a remote authenticated backend user to inject arbitrary script or HTML via unspecif...

3.5CVSS5.4AI score0.00946EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder