21 matches found
SUSE-SU-2026:21612-1 Security update for php8
This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in...
Exploit for Cross-site Scripting in Typo3 Html_Sanitizer
Stored XSS exploit in TYPO3 HTML Sanitizer CVE-...
CVE-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
BIT-TYPO3-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
GHSA-MM79-JHQM-9J54 Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. Solution Update to typo3/html-sanitizer versions 1.5.3 or 2.1.4 that fix the proble...
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. Solution Update to typo3/html-sanitizer versions 1.5.3 or 2.1.4 that fix the proble...
CVE-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
Cross site scripting
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
TYPO3 Security Vulnerabilities
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that stems from DOM processing instructions not being handled correctly, allowing bypassing the cross-site scripting mechanism of...
TYPO3 8.7.42 < 8.7.55 ELTS / 9.5.29 < 9.5.44 ELTS / 10.4.19 < 10.4.41 ELTS / 11.3.2 < 11.5.33 / 12.0.0 < 12.4.8 XSS (TYPO3-CORE-SA-2023-007)
The version of TYPO3 installed on the remote host is prior to 8.7.42 8.7.55 ELTS / 9.5.29 9.5.44 ELTS / 10.4.19 10.4.41 ELTS / 11.3.2 11.5.33 / 12.0.0 12.4.8. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-007 advisory. - DOM processing instructions are not...
SUSE CVE-2013-6635
Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree,...
Google Chrome < 21.0.1180.60 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is earlier than 21.0.1180.60 and is, therefore, affected by the following vulnerabilities : - Re-prompts are not displayed for excessive downloads. CVE-2012-2847 - Drag and drop file access restrictions are not restrictive enough...
Google Chrome < 21.0.1180.60 Multiple Vulnerabilities
Binary data 800901.prm...
Debian DSA-2297-1 : icedove - several vulnerabilities
Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. - CVE-2011-0084 'regenrecht' discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. - CVE-2011-2378 'regenrecht'...
Debian DSA-2296-1 : iceweasel - several vulnerabilities
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-0084 'regenrecht' discovered that incorrect pointer handling in the SVG processing co...
Debian DSA-2295-1 : iceape - several vulnerabilities
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2011-0084 'regenrecht' discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. - CVE-2011-2378 'regenrecht' discovered that...
DSA-2296-1 iceweasel - several
Bulletin has no description...