2 matches found
CVE-2014-6296
Cross-site scripting XSS vulnerability in the WEC Map wecmap extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-6296
Summary: The WEC Map (wec_map) TYPO3 extension is affected by CVE-2014-6295 (SQL Injection) and CVE-2014-6296 (XSS) in versions up to 3.0.2/3.0.2. The described XSS allows remote injection of script via unspecified vectors; in some sources, 3.0.3 is the fixed release. Root cause: improper input h...