Lucene search
+L

226 matches found

CNVD
CNVD
added 2021/09/15 12:0 a.m.16 views

Siemens STAR-CCM+ Viewer Out-of-Bounds Write Vulnerability

Simcenter STAR-CCM+ is a multi-physics computational fluid dynamics CFD software used to simulate products operating under real-world conditions. An out-of-bounds write vulnerability exists in Siemens STAR-CCM+ Viewer, which can be exploited by an attacker to execute code in the context of the...

7.8CVSS7.7AI score0.01336EPSS
Exploits0References1
Typo3
Typo3
added 2021/03/16 12:0 a.m.124 views

SQL Injection in extension "VHS: Fluid ViewHelpers" (vhs)

It has been discovered that the extension is susceptible to blind SQL Injection when user input is passed to the isLanguageViewHelper...

7.5CVSS3.5AI score0.01039EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/12/21 4:28 p.m.24 views

GHSA-VQQX-JW6P-Q3RF Cross-Site Scripting in Fluid view helpers

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem It has been discovered that system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Solution Update to...

6.1CVSS6.2AI score0.00715EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2020/12/21 4:28 p.m.50 views

Cross-Site Scripting in Fluid view helpers

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem It has been discovered that system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Solution Update to...

6.1CVSS5.8AI score0.00715EPSS
Exploits1References7Affected Software2
Veracode
Veracode
added 2020/11/24 8:23 a.m.20 views

Cross-Site Scripting (XSS)

TYPO3.CMS is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript via the Fluid view helpers...

6.1CVSS4.7AI score0.00715EPSS
Exploits1References2Affected Software2
CNVD
CNVD
added 2020/11/24 12:0 a.m.10 views

TYPO3 cross-site scripting vulnerability (CNVD-2021-26149)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 Fluid suffers from a cross-site scripting vulnerability, no detailed vulnerability details are provided at this time...

8CVSS6.1AI score0.01026EPSS
Exploits1References1
OSV
OSV
added 2020/11/23 9:15 p.m.14 views

CVE-2020-26227

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions...

6.1CVSS6.3AI score
Exploits0References2
Cvelist
Cvelist
added 2020/11/23 9:5 p.m.45 views

CVE-2020-26227 Cross-Site Scripting in Fluid view helpers

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions...

6.1CVSS6.5AI score0.00715EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.5 views

PT-2020-16356 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.23 TYPO3 versions prior to 10.4.10 Description: The system extension Fluid of the TYPO3 core is vulnerable to cross-site scripting when passing user-controlled data as an argument to Fluid view helpers. This issue...

6.1CVSS5.8AI score0.00715EPSS
Exploits1References11
OSV
OSV
added 2020/11/18 9:6 p.m.27 views

GHSA-HPJM-3WW5-6CPF Cross-Site Scripting through Fluid view helper arguments

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS throug maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML...

8CVSS7AI score0.01026EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2020/11/18 9:6 p.m.43 views

Cross-Site Scripting through Fluid view helper arguments

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS throug maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML...

8CVSS0.8AI score0.01026EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2020/11/18 2:39 a.m.37 views

Cross-site Scripting (XSS)

typo3/fluid is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser via 1 additionalAttributes arrays 2 ViewHelpers 3 Subclasses of AbstractConditionViewHelper...

8CVSS5.4AI score0.01026EPSS
Exploits1References4Affected Software2
CNVD
CNVD
added 2020/11/18 12:0 a.m.8 views

TYPO3 cross-site scripting vulnerability (CNVD-2021-26150)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. TYPO3 suffers from a cross-site scripting vulnerability that originates from insufficient processing of user-supplied data in the system extension Fluid typo3 / cms-fluid when...

6.1CVSS6AI score0.00715EPSS
Exploits1References1
NVD
NVD
added 2020/11/17 9:15 p.m.20 views

CVE-2020-26216

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...

8CVSS8.1AI score0.01026EPSS
Exploits1References3
OSV
OSV
added 2020/11/17 9:15 p.m.13 views

CVE-2020-26216

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...

6.1CVSS6.5AI score
Exploits0References3
Prion
Prion
added 2020/11/17 9:15 p.m.26 views

Cross site scripting

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...

4.3CVSS6.3AI score0.01026EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/11/17 8:45 p.m.30 views

CVE-2020-26216 Cross-Site Scripting in TYPO3 Fluid

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...

8CVSS8.1AI score0.01026EPSS
Exploits1References3
CVE
CVE
added 2020/11/17 8:45 p.m.74 views

CVE-2020-26216

TYPO3 Fluid (typo3fluid/fluid) contains multiple XSS flaws in older Fluid versions (2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11, 2.6.10). The CVE-2020-26216 entry documents three issues: (1) TagBasedViewHelper accepted malicious additionalAttributes keys that could craft HTML when unescaped; (2) Co...

8CVSS6.8AI score0.01026EPSS
Exploits1References3Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/11/17 8:49 a.m.41 views

TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-010...

6.1CVSS7.2AI score0.00715EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/11/17 8:49 a.m.34 views

TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-010...

6.1CVSS7.2AI score0.00715EPSS
Exploits1Affected Software1
Rows per page
Query Builder