Lucene search
K

95 matches found

OSV
OSV
added 2022/05/17 3:46 a.m.22 views

GHSA-4RPV-G4GQ-RH4M TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters...

6.5CVSS6AI score0.01265EPSS
Exploits0References9
OSV
OSV
added 2022/05/17 1:29 a.m.21 views

GHSA-R8M7-792J-5JVQ TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component

Multiple cross-site scripting XSS vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...

3CVSS5.1AI score0.01094EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/17 1:29 a.m.30 views

TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component

Multiple cross-site scripting XSS vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...

3.5CVSS5.8AI score0.01094EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/03/16 4:10 p.m.1 views

DRUPAL-CORE-2022-005

The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content even without...

7.5CVSS6.2AI score0.02448EPSS
Exploits0References1
NVD
NVD
added 2021/07/02 6:15 p.m.30 views

CVE-2020-36411

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the pageimage tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module...

5.4CVSS0.00473EPSS
Exploits1References1
OSV
OSV
added 2021/07/02 6:15 p.m.6 views

CVE-2020-36411

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the pageimage tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module...

5.4CVSS6.1AI score0.00473EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/02 5:51 p.m.31 views

CVE-2020-36411

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the pageimage tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module...

5.3AI score0.00473EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/27 12:0 a.m.3 views

Arbitrary File Deletion Vulnerability in Joomla!

SP Page Builder plugin is a free page builder component that users can use on joomla sites to design and edit site page content. An arbitrary file deletion vulnerability exists in Joomla! SP Page Builder, which can be exploited to delete arbitrary files on the target server...

7AI score
Exploits0
OSV
OSV
added 2018/11/28 5:32 p.m.6 views

DRUPAL-CONTRIB-2018-074

This base theme bridges the gap between Drupal and the Bootstrap Framework. The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. This vulnerability is mitigated by the fact that an attacker must already have the ability to either: 1...

6.2AI score
Exploits0References1
Drupal
Drupal
added 2018/10/10 12:0 a.m.15 views

NVP field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-066

NVP field module allows you to create a field type of name/value pairs, with custom titles and easily editable rendering with customizable HTML/text surrounding the pairs. The module doesn't sufficiently handle sanitization of its field formatter's output. This vulnerability is mitigated by the...

6.4AI score
Exploits0References5
OSV
OSV
added 2018/02/07 6:45 p.m.4 views

DRUPAL-CONTRIB-2018-008

This module enables you to show referenced entities in tabs. The module doesn't sufficiently sanitize the body fields of the referenced entities when it prints them to the tabs. This vulnerability is mitigated by the fact that an attacker must have a role with the permission create/edit content o...

6.7AI score
Exploits0References1
seebug.org
seebug.org
added 2014/02/18 12:0 a.m.23 views

XDcms Sql Injection 6-10

简要描述: Sql Injection 详细说明: 注入在XDCMS企业管理系统后台的内容编辑处,\system\modules\xdcms\content.php文件: 这次出在编辑处,用到的函数是editsave public function editsave $title=safehtml$POST'title';//第一处注入title字段,safehtml为过滤规则集,可被大写绕过进行注入 $commend=intval$POST'commend'; $username=safehtml$POST'username';//第二处注入username,大写可绕过过滤...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2014/01/06 12:0 a.m.29 views

TYPO3 Multiple Vulnerabilities (Dec 2013)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

6.5CVSS6.3AI score0.0164EPSS
Exploits0References8
NVD
NVD
added 2013/12/23 11:55 p.m.29 views

CVE-2013-7073

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters...

4CVSS6.2AI score0.01265EPSS
Exploits0References7
NVD
NVD
added 2013/12/23 11:55 p.m.23 views

CVE-2013-7075

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

6.5CVSS6.5AI score0.01272EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2013/12/23 11:55 p.m.32 views

CVE-2013-7073

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters...

4CVSS5.9AI score0.01265EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2013/12/23 11:55 p.m.29 views

CVE-2013-7075

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

6.5CVSS6AI score0.01272EPSS
Exploits0References2
Prion
Prion
added 2013/12/23 11:55 p.m.21 views

Authorization

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

6.5CVSS7AI score0.01272EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2013/12/23 11:55 p.m.21 views

Code injection

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters...

4CVSS6.7AI score0.01265EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2013/12/23 11:55 p.m.7 views

UBUNTU-CVE-2013-7075

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

6.5CVSS6AI score0.01272EPSS
Exploits0References3
Rows per page
Query Builder