4 matches found
GHSA-G7HW-JH4P-75WR TYPO3 Cross-Site Scripting in Filelist Module
It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the...
GHSA-6XWF-7RFM-4GWC TYPO3 Cross-Site Scripting in Filelist Module
It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the...
Cross-Site Scripting in Filelist Module
It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences...
Arbitrary Code Execution and Cross-Site Scripting in Backend API
Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfigincludes is vulnerable to directory traversal leading to same scenarios as...