7 matches found
Multiple vulnerabilities in BibTex Publications (si_bibtex)
It has been discovered that the extension "BibTex Publications" sibibtex is susceptible to Cross-Site Scripting and SQL Injection. Release Date: December 15, 2014 Bulletin Update: January 9, 2015 added CVEs Component Type: Third party extension. This extension is not a part of the TYPO3 default...
CVE-2014-3759
Multiple SQL injection vulnerabilities in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the 1 search or 2 list functionality...
CVE-2014-3758
Cross-site scripting XSS vulnerability in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality...
Sql injection
Multiple SQL injection vulnerabilities in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the 1 search or 2 list functionality...
CVE-2014-3758
The CVE refers to a Cross-Site Scripting (XSS) vulnerability in the TYPO3 extension BibTex Publications (si_bibtex) version 0.2.3, exposed through the import functionality. The TYPO3 security bulletin TYPO3-EXT-SA-2014-020 documents affected versions (0.2.3 and below) and lists XSS (alongside SQL...
CVE-2014-3759
CVE-2014-3759 refers to multiple SQL injection vulnerabilities in the TYPO3 extension BibTex Publications (si_bibtex) version 0.2.3. The root issue is improper handling/escaping of user input in the extension’s search and list functionality, allowing remote attackers to execute arbitrary SQL comm...
CVE-2014-3759
Multiple SQL injection vulnerabilities in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the 1 search or 2 list functionality...