Lucene search
K

88 matches found

CNNVD
CNNVD
added 2021/08/10 12:0 a.m.10 views

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 Femanager has a cross-site scripting vulnerability that can be exploited by attackers to XSS through a well-designed SVG document...

5.4CVSS5.2AI score0.01333EPSS
Exploits3References8
Typo3
Typo3
added 2021/08/10 12:0 a.m.37 views

Cross-Site Scripting in Extension "femanager" (femanager)

The extension allows by default to upload SVG files when a logged in frontend user uploads a new profile image. This may lead to Cross-Site Scripting, when the uploaded SVG image is used as is on the website...

3.5CVSS1.6AI score0.01333EPSS
Exploits3Affected Software1
Typo3
Typo3
added 2019/12/17 12:0 a.m.12 views

CSRF in extension "femanager" (femanager)

The extension fails to implement a CSRF protection for edit and delete actions...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/01/22 12:0 a.m.10 views

Multiple vulnerabilities in extension "femanager" (femanager)

It is possible to bypass configured server side validation rules which allows an attacker to create frontend user records with invalid data. Also, the eID script allows an attacker to set various validators using GET parameters resulting in information disclosure of field values from the feusers...

6.3AI score
Exploits0Affected Software1
NVD
NVD
added 2014/10/03 2:55 p.m.22 views

CVE-2014-6292

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...

6.4CVSS6.6AI score0.01333EPSS
Exploits0References2
Prion
Prion
added 2014/10/03 2:55 p.m.13 views

Design/Logic Flaw

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...

6.4CVSS7.1AI score0.01333EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/10/03 2:0 p.m.49 views

CVE-2014-6292

The CVE-2014-6292 entry affects the TYPO3 extension femanager (before 1.0.9). It allows a logged-in frontend user to modify or delete other frontend user records via unspecified vectors due to insufficient access checks. The advisory recommends upgrading to version 1.0.9 or later. Other connected...

6.4CVSS6.8AI score0.01333EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/10/03 2:0 p.m.21 views

CVE-2014-6292

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...

6.6AI score0.01333EPSS
Exploits0References2
Rows per page
Query Builder