EUVD-2020-1418

Malware in sbrugna...

CVE-2020-15241

TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...

Cross site scripting

TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...

Cross-Site Scripting in ternary conditional operator

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C5.0 CWE-79 --- :informationsource: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020 --- Problem It has been discovered that the Fluid Engine package typo3fluid/fluid is...

GHSA-7733-HJV6-4H47 Cross-Site Scripting in ternary conditional operator

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C5.0 CWE-79 --- :informationsource: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020 --- Problem It has been discovered that the Fluid Engine package typo3fluid/fluid is...

PT-2020-14306 · Typo3 · Typo3Fluid/Fluid

Name of the Vulnerable Software and Affected Versions: typo3fluid/fluid versions prior to 2.0.5 typo3fluid/fluid versions prior to 2.1.4 typo3fluid/fluid versions prior to 2.2.1 typo3fluid/fluid versions prior to 2.3.5 typo3fluid/fluid versions prior to 2.4.1 typo3fluid/fluid versions prior to...

Cross-Site Scripting in Fluid Engine

It has been discovered that the Fluid Engine package typo3fluid/fluid is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like the following...