3 matches found
Typo3 CMS SanitizeLocalUrl Cross-Site Scripting (CVE-2015-5956)
A cross-site scripting vulnerability has been reported in Typo3 CMS. The vulnerability is due to the sanitizeLocalUrl function incorrectly validating the returnUrl and redirecturl HTTP request parameters. A remote attacker can exploit this vulnerability by enticing a user to open a specially...
Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting Vulnerability
Typo3 CMS versions 6.2.14 and below and 4.5.40 and below suffer from a cross site scripting vulnerability. Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date...
Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting
secunet Security Networks AG Security Advisory Advisory: Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date published: 2015-09-14 CVSSv2 Score: 3,5...