88 matches found
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 Femanager has a cross-site scripting vulnerability that can be exploited by attackers to XSS through a well-designed SVG document...
Cross-Site Scripting in Extension "femanager" (femanager)
The extension allows by default to upload SVG files when a logged in frontend user uploads a new profile image. This may lead to Cross-Site Scripting, when the uploaded SVG image is used as is on the website...
CSRF in extension "femanager" (femanager)
The extension fails to implement a CSRF protection for edit and delete actions...
Multiple vulnerabilities in extension "femanager" (femanager)
It is possible to bypass configured server side validation rules which allows an attacker to create frontend user records with invalid data. Also, the eID script allows an attacker to set various validators using GET parameters resulting in information disclosure of field values from the feusers...
CVE-2014-6292
The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...
Design/Logic Flaw
The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...
CVE-2014-6292
The CVE-2014-6292 entry affects the TYPO3 extension femanager (before 1.0.9). It allows a logged-in frontend user to modify or delete other frontend user records via unspecified vectors due to insufficient access checks. The advisory recommends upgrading to version 1.0.9 or later. Other connected...
CVE-2014-6292
The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...