EUVD-2022-2553

Malicious code in bioql PyPI...

CVE-2019-19850

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backe...

GHSA-59PJ-7MJH-4465 TYPO3 SQL Injection in low-level Query Generator

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backe...

TYPO3 Insecure Deserialization in Query Generator & Query View

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel Backend Module: DB...

Cross-Site Scripting in Query Generator & Query View

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.5 Problem Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileg...

TYPO3 Cross-Site Scripting Vulnerability (CNVD-2022-17986)

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 suffers from a cross-site scripting vulnerability that stems from the fact that the QueryGenerator and QueryView components are vulnerable to reflected and persistent cross-sit...

Cross site scripting

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components QueryGenerator and QueryView are vulnerable to...

CVE-2021-32668 Cross-Site Scripting in Query Generator & Query View

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components QueryGenerator and QueryView are vulnerable to...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 suffers from a cross-site scripting vulnerability that stems from the fact that the QueryGenerator and QueryView components are vulnerable to reflected and persistent cross-sit...

TYPO3 code issue vulnerability (CNVD-2020-04075)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in the QueryGenerator and QueryView classes in TYPO3 versions prior to 8.7.30, 9.x versions prior to 9.5.12, and 10.x versions prior to 10.2.2. An attacker...

TYPO3 SQL Injection Vulnerability (CNVD-2020-03725)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A SQL injection vulnerability exists in the QueryGenerator class in TYPO3 versions prior to 8.7.30, 9.x versions prior to 9.5.12, and 10.x versions prior to 10.2.2. The vulnerability stems...

CVE-2019-19849

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel Backend Module: DB...

Sql injection

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backe...

Deserialization of untrusted data

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel Backend Module: DB...

CVE-2019-19849

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel Backend Module: DB...

CVE-2019-19849

TYPO3 CVE-2019-19849 affects TYPO3 8.x before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. The vulnerability is an insecure deserialization in the QueryGenerator and QueryView classes. Affected exploit scenarios require a backend user with specific privileges and presence of certain system ...

CVE-2019-19850

CVE-2019-19850 affects TYPO3 versions: 8.x before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. The issue is a SQL injection in the QueryGenerator class caused by mishandling escaping of user-submitted content. Exploitation requires the system extension ext:lowlevel and a backend administrat...