11 matches found
EUVD-2020-1457
Malware in sbrugna...
EUVD-2020-1418
Malware in sbrugna...
CVE-2020-15241
TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...
CVE-2020-26216
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...
BIT-TYPO3-2020-15241
TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...
PT-2020-16356 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.23 TYPO3 versions prior to 10.4.10 Description: The system extension Fluid of the TYPO3 core is vulnerable to cross-site scripting when passing user-controlled data as an argument to Fluid view helpers. This issue...
CVE-2020-26216
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...
CVE-2020-26216
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...
Cross site scripting
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...
CVE-2020-26216 Cross-Site Scripting in TYPO3 Fluid
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...
CVE-2020-15241
CVE-2020-15241 affects TYPO3 Fluid Engine (package typo3fluid/fluid). Vulnerable up to versions: 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1. The issue is cross-site scripting when using the ternary conditional operator in templates such as {showFullName ? fullName : defaultValue}. Updated ...