15 matches found
EUVD-2022-6755
Malicious code in bioql PyPI...
CVE-2022-36107
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account i...
BIT-TYPO3-2022-36107
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account i...
TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-009)
TYPO3 is prone to a cross-site scripting XSS vulnerability in FileDumpController. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
GHSA-9C6W-55CP-5W25 TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.0 Problem It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed t...
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.0 Problem It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed t...
Cross-site Scripting (XSS)
typo3/cms is vulnerable to cross-site scripting.The vulnerability exists in dumpAction function in FileDumpController.php due to exposing stored files from the backend user interface through a corresponding service-side process, which allows an attacker to inject and execute malicious javascript...
CVE-2022-36107
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account i...
Cross site scripting
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account i...
CVE-2022-36107
CVE-2022-36107 affects TYPO3 CMS, where the FileDumpController (backend and frontend) is vulnerable to cross-site scripting when rendering malicious files. A valid backend user is required to exploit. Remediation is to update TYPO3 to fixed ELTS versions: 7.6.58 , 8.7.48 , 9.5.37 , 10.4.32 , or 1...
CVE-2022-36107 Stored Cross-Site Scripting via FileDumpController
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account i...
CVE-2022-36107 Stored Cross-Site Scripting via FileDumpController
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account i...
TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-009...
TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-009...
PT-2022-23197 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.58 ELTS TYPO3 versions prior to 8.7.48 ELTS TYPO3 versions prior to 9.5.37 ELTS TYPO3 versions prior to 10.4.32 TYPO3 versions prior to 11.5.16 Description: The FileDumpController component in TYPO3 is vulnerable t...