CVE-2025-63068

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.5...

PT-2024-28249 · Typo3 · Friendlycaptcha Official

Name of the Vulnerable Software and Affected Versions: friendlycaptcha official extension versions prior to 0.1.4 for TYPO3 Description: The issue allows a remote user to bypass the captcha check due to the extension's failure to verify the captcha field in submitted form data. This specifically...

TYPO3 CMS Privilege Escalation and SQL Injection

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework system extension "form" is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...

Unspecified Cross-Site Scripting Vulnerability in TYPO3 Secure Download Form Extension

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. An unspecified cross-site scripting vulnerability exists in TYPO3 Secure Download Form Extension. An attacker can exploit this vulnerability to execute arbitrary script code in an unsuspecting...