12 matches found
EUVD-2022-3284
Malicious code in bioql PyPI...
GHSA-W563-RQ37-CVQ5 Typo3 Backend History Module Vulnerable to XSS
Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Typo3 Backend History Module Vulnerable to XSS
Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-6146
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL...
Code injection
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL...
CVE-2012-6146
The CVE-2012-6146 entry pertains to the TYPO3 Backend History Module. Affected series are TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6. The issue arises from insufficient access restriction, allowing remote authenticated editors to read the history of arbitrary records v...
CVE-2012-6146
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL...
CVE-2012-6145
Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Sql injection
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-6145
Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-6145
TYPO3 Backend History module contains an XSS vulnerability (CVE-2012-6145) in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6. The issue allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. Affected component: Backend His...
Several Vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to SQL Injection, Information Disclosure and Cross-Site Scripting Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.20, 4.6.0 up to 4.6.13, 4.7.0 up to 4.7.5 and development releases of the 6.0 branch. Vulnerability Types: SQL...