Lucene search
K

152 matches found

NVD
NVD
added 2014/06/04 2:55 p.m.10 views

CVE-2014-3949

Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00946EPSS
Exploits0References4
Prion
Prion
added 2014/06/04 2:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00946EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/06/04 2:0 p.m.21 views

CVE-2014-3949

Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.00946EPSS
Exploits0References4
CVE
CVE
added 2014/06/04 2:0 p.m.42 views

CVE-2014-3949

CVE-2014-3949 describes a cross-site scripting (XSS) vulnerability in the Grid Elements (gridelements) TYPO3 extension. The issue affects the layout wizard in versions before 1.5.1 and 2.0.x before 2.0.3, allowing a remote authenticated backend user to inject arbitrary script or HTML via unspecif...

3.5CVSS5.4AI score0.00946EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/12/23 11:0 p.m.34 views

CVE-2013-7075

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

6.4AI score0.01272EPSS
Exploits0References3
CVE
CVE
added 2013/12/23 11:0 p.m.72 views

CVE-2013-7075

CVE-2013-7075 affects TYPO3 core via the Content Editing Wizards component. The vulnerability allows remote authenticated backend users to unserialize arbitrary PHP objects and delete arbitrary files through an unspecified parameter, related to a missing signature. Connected advisories confirm mu...

6.5CVSS6.5AI score0.01272EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2013/07/01 9:55 p.m.23 views

CVE-2012-6148

Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.2AI score0.01177EPSS
Exploits0References3
Prion
Prion
added 2013/07/01 9:55 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.01177EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/07/01 9:0 p.m.31 views

CVE-2012-6148

Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

5.2AI score0.01177EPSS
Exploits0References3
NVD
NVD
added 2012/09/05 11:55 p.m.32 views

CVE-2012-3527

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

4.6CVSS7.1AI score0.0212EPSS
Exploits0References6
Cvelist
Cvelist
added 2012/09/05 11:0 p.m.36 views

CVE-2012-3527

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

7AI score0.0212EPSS
Exploits0References6
Cvelist
Cvelist
added 2012/09/05 11:0 p.m.30 views

CVE-2012-3529

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors...

5.9AI score0.00839EPSS
Exploits0References6
Rows per page
Query Builder