Lucene search
K

4 matches found

Veracode
Veracode
added 2024/06/26 6:32 a.m.11 views

Cross-site Scripting (XSS)

typo3/cms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to failing to properly encode user input in online media asset rendering for .youtube and .vimeo files, requiring a valid backend user account or write access on the server system to exploit...

6.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/30 2:48 p.m.13 views

TYPO3 Cross-Site Scripting in Online Media Asset Rendering

Failing to properly encode user input, online media asset rendering .youtube and .vimeo files is vulnerable to cross-site scripting. A valid backend user account or write access on the server system e.g. SFTP is needed in order to exploit this vulnerability...

6.7AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.4 views

PT-2024-40498 · Unknown · Online Media Asset Rendering

Name of the Vulnerable Software and Affected Versions: Online media asset rendering affected versions not specified Description: The issue arises from the failure to properly encode user input, making online media asset rendering vulnerable to cross-site scripting, particularly for .youtube and...

6.1CVSS6.9AI score
Exploits0References6
FreeBSD
FreeBSD
added 2018/12/11 12:0 a.m.23 views

typo3 -- multiple vulnerabilities

Typo3 core team reports: CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...

5.3AI score
Exploits0References1
Rows per page
Query Builder