152 matches found
CVE-2014-3949
Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-3949
Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-3949
CVE-2014-3949 describes a cross-site scripting (XSS) vulnerability in the Grid Elements (gridelements) TYPO3 extension. The issue affects the layout wizard in versions before 1.5.1 and 2.0.x before 2.0.3, allowing a remote authenticated backend user to inject arbitrary script or HTML via unspecif...
CVE-2013-7075
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...
CVE-2013-7075
CVE-2013-7075 affects TYPO3 core via the Content Editing Wizards component. The vulnerability allows remote authenticated backend users to unserialize arbitrary PHP objects and delete arbitrary files through an unspecified parameter, related to a missing signature. Connected advisories confirm mu...
CVE-2012-6148
Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-6148
Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-3527
viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...
CVE-2012-3527
viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...
CVE-2012-3529
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors...