13 matches found
CVE-2026-2328
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...
EUVD-2026-17064
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...
CVE-2026-2328
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...
Umbraco 跨站脚本漏洞
Umbraco is an open source Content Management System CMS written in C by the Danish company Umbraco. A cross-site scripting vulnerability exists in Umbraco version 14.0.0 and earlier, which originates from an authenticated user viewing certain localized back-end components and can easily lead to a...
Cross-site Scripting (XSS)
TYPO3 is vulnerable to Cross-site Scripting. The vulnerability is due to failing to properly encode user input in some backend components...
SUSE CVE-2014-3943
Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters...
Logrhythm Platform Manager Access Control Error Vulnerability
Logrhythm Platform Manager is a component of the Logrhythm application from Logrhythm USA. The component is responsible for centralized management of alerts, notifications and case and security event management. Supports real-time dashboards, SmartResponse operations and reports. An Access Contro...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors...
CVE-2015-8755
Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors...
CVE-2014-3943
Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters...
CVE-2014-3943
Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters...
Failing to properly encode user input, several backend components are susceptible to XSS
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...