2 matches found
CVE-2009-4346
CVE-2009-4346 affects TYPO3’s Frontend news submitter with the RTE (fe_rtenews) extension (version 1.4.1 and earlier). The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The provided documents do not...
TYPO3 Security Bulletin
A bug has been discovered in the "Front End News Submitter" fenews where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version fertenews is derived from fenews, it is affected as well. Component Type: Third Party Extension...