11 matches found
CVE-2021-28381
The vhs aka VHS: Fluid ViewHelpers extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper...
Cross-site Scripting (XSS)
TYPO3 is vulnerable to cross-site scripting XSS. The vulnerability is due to templates using built-in Fluid ViewHelpers which fail to properly encode user input...
GHSA-85CH-44W7-RF32 TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...
Cross-Site Scripting (XSS)
typo3/cms-core is vulnerable to Cross-Site scripting XSS. The vulnerability is caused by improper user input encoding when using templates in the built-in Fluid ViewHelpers, which allows an attacker to inject malicious scripts into the browser...
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...
GHSA-22Q7-CG4R-P9MX TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...
SQL Injection in extension "VHS: Fluid ViewHelpers" (vhs)
It has been discovered that the extension is susceptible to blind SQL Injection when user input is passed to the isLanguageViewHelper...
Cross-Site Scripting in Fluid ViewHelpers
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-005...
Cross-Site Scripting in Fluid ViewHelpers
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-005...
Cross-Site Scripting in Fluid ViewHelpers
Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...