TYPO3 Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering .youtube and .vimeo files is vulnerable to cross-site scripting. A valid backend user account or write access on the server system e.g. SFTP is needed in order to exploit this vulnerability...

GHSA-HFM8-2Q22-H7HV Cross-site Scripting in pegasus/google-for-jobs

An XSS issue was discovered in the googleforjobs aka Google for Jobs extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

Cross-Site Scripting in extension "Aimeos shop and e-commerce framework" (aimeos)

The extension fails to properly encode user input for output in HTML context. A valid backend user account with access to the Aimeos module is needed to exploit this vulnerability...

Security Misconfiguration in User Session Handling

When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability...