226 matches found
Siemens STAR-CCM+ Viewer Out-of-Bounds Write Vulnerability
Simcenter STAR-CCM+ is a multi-physics computational fluid dynamics CFD software used to simulate products operating under real-world conditions. An out-of-bounds write vulnerability exists in Siemens STAR-CCM+ Viewer, which can be exploited by an attacker to execute code in the context of the...
SQL Injection in extension "VHS: Fluid ViewHelpers" (vhs)
It has been discovered that the extension is susceptible to blind SQL Injection when user input is passed to the isLanguageViewHelper...
GHSA-VQQX-JW6P-Q3RF Cross-Site Scripting in Fluid view helpers
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem It has been discovered that system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Solution Update to...
Cross-Site Scripting in Fluid view helpers
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem It has been discovered that system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Solution Update to...
Cross-Site Scripting (XSS)
TYPO3.CMS is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript via the Fluid view helpers...
TYPO3 cross-site scripting vulnerability (CNVD-2021-26149)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 Fluid suffers from a cross-site scripting vulnerability, no detailed vulnerability details are provided at this time...
CVE-2020-26227
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions...
CVE-2020-26227 Cross-Site Scripting in Fluid view helpers
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions...
PT-2020-16356 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.23 TYPO3 versions prior to 10.4.10 Description: The system extension Fluid of the TYPO3 core is vulnerable to cross-site scripting when passing user-controlled data as an argument to Fluid view helpers. This issue...
GHSA-HPJM-3WW5-6CPF Cross-Site Scripting through Fluid view helper arguments
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS throug maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML...
Cross-Site Scripting through Fluid view helper arguments
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS throug maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML...
Cross-site Scripting (XSS)
typo3/fluid is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser via 1 additionalAttributes arrays 2 ViewHelpers 3 Subclasses of AbstractConditionViewHelper...
TYPO3 cross-site scripting vulnerability (CNVD-2021-26150)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. TYPO3 suffers from a cross-site scripting vulnerability that originates from insufficient processing of user-supplied data in the system extension Fluid typo3 / cms-fluid when...
CVE-2020-26216
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...
CVE-2020-26216
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...
Cross site scripting
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...
CVE-2020-26216 Cross-Site Scripting in TYPO3 Fluid
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...
CVE-2020-26216
TYPO3 Fluid (typo3fluid/fluid) contains multiple XSS flaws in older Fluid versions (2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11, 2.6.10). The CVE-2020-26216 entry documents three issues: (1) TagBasedViewHelper accepted malicious additionalAttributes keys that could craft HTML when unescaped; (2) Co...
TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-010...
TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-010...