3 matches found
CVE-2008-2718
Cross-site scripting XSS vulnerability in feadminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as 1 directmailsubscription, 2 feuseradmin, and 3 kbmd5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified...
CVE-2008-2718
TYPO3 is affected by a cross-site scripting (XSS) vulnerability in fe_adminlib.inc. The issue affects TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, including extensions such as direct_mail_subscription, feuser_admin, and kb_md5fepw. Remote attackers can inject arbitrary we...
Debian DSA-1596-1 : typo3 - several vulnerabilities
Several remote vulnerabilities have been discovered in the TYPO3 content management framework. Because of a not sufficiently secure default value of the TYPO3 configuration variable fileDenyPattern, authenticated backend users could upload files that allowed to execute arbitrary code as the...