2 matches found
openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)
typo3-cms-45 was updated to version 4.5.34 to fix eight security vulnerabilities and several other bugs. These security problems where fixed : - Add trusted HTTPHOST configuration CVE-2014-3941 - XSS in old extension manager information function CVE-2014-3943 - XSS in new content element wizard...
CVE-2014-3942
The CVE-2014-3942 issue affects TYPO3’s Color Picker Wizard component. Affected versions are TYPO3 4.5.0–4.5.33, 4.7.0–4.7.18, 6.0.0–6.0.13, and 6.1.0–6.1.8, where a serialized PHP object allows remote authenticated editors to execute arbitrary PHP code. The root cause is unsafe deserialization o...