5 matches found
BIT-TYPO3-2020-8091
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname...
CVE-2020-8091
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname...
CVE-2020-8091
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname. Recent assessments: Mad-robot at July 05, 2020 1:27pm UTC reported:...
Authentication flaw
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors...
CVE-2014-3944
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors...