Lucene search
K

31 matches found

Typo3
Typo3
added 2021/10/05 12:0 a.m.102 views

HTTP Host Header Injection in Request Handling

It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can b...

5CVSS0.6AI score0.02662EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/08/19 3:53 p.m.26 views

GHSA-C5C9-8C6M-727V Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS5.9AI score0.00727EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/08/19 3:53 p.m.50 views

Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS1.1AI score0.00727EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2021/04/27 8:15 p.m.32 views

CVE-2021-21365

Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custo...

5.4CVSS0.00941EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/04/27 7:30 p.m.41 views

CVE-2021-21365 Cross-Site Scripting in Content Rendering

Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custo...

5.4CVSS5.8AI score0.00941EPSS
Exploits1References3
Prion
Prion
added 2018/08/30 10:29 p.m.15 views

Cross site scripting

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2015/01/04 9:59 p.m.25 views

Code injection

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via...

4.3CVSS7.2AI score0.01724EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2015/01/04 9:59 p.m.38 views

CVE-2014-9508

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via...

4.3CVSS5.9AI score0.01724EPSS
Exploits1References2
Cvelist
Cvelist
added 2015/01/04 9:0 p.m.29 views

CVE-2014-9509

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact possibly resource consumption via a "Cache Poisoning" attack using a...

6.7AI score0.01496EPSS
Exploits1References1
CVE
CVE
added 2015/01/04 9:0 p.m.51 views

CVE-2014-9509

CVE-2014-9509 affects TYPO3: the frontend rendering component in TYPO3 4.5.x (before 4.5.39), 4.6.x–6.2.x (before 6.2.9), and 7.x (before 7.0.2). When config.prefixLocalAnchors is set to all or cached, remote attackers can trigger a cache-poisoning scenario by crafting a URL with arbitrary argume...

7.5CVSS6.9AI score0.01496EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2015/01/04 9:0 p.m.32 views

CVE-2014-9508

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via...

6.6AI score0.01724EPSS
Exploits1References2
Rows per page
Query Builder