14 matches found
EUVD-2020-1418
Malware in sbrugna...
CVE-2020-15241
TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...
BIT-TYPO3-2020-15241
TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...
CVE-2020-15241
TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...
CVE-2020-15241
TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...
CVE-2020-15241 Cross-Site Scripting in TYPO3 Fluid Engine
TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...
CVE-2020-15241
CVE-2020-15241 affects TYPO3 Fluid Engine (package typo3fluid/fluid). Vulnerable up to versions: 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1. The issue is cross-site scripting when using the ternary conditional operator in templates such as {showFullName ? fullName : defaultValue}. Updated ...
Cross-Site Scripting in ternary conditional operator
Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C5.0 CWE-79 --- :informationsource: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020 --- Problem It has been discovered that the Fluid Engine package typo3fluid/fluid is...
GHSA-7733-HJV6-4H47 Cross-Site Scripting in ternary conditional operator
Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C5.0 CWE-79 --- :informationsource: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020 --- Problem It has been discovered that the Fluid Engine package typo3fluid/fluid is...
Cross-Site Scripting in Fluid Engine
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...
Cross-Site Scripting in Fluid Engine
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...
Cross-Site Scripting in Fluid Engine
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...
Cross-Site Scripting in Fluid Engine
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...
Cross-Site Scripting in Fluid Engine
It has been discovered that the Fluid Engine package typo3fluid/fluid is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like the following...