4 matches found
Additional TCA Allows Cross-Site Scripting (XSS)
A cross-site scripting XSS vulnerability has been discovered in the Additional TCA extension. This vulnerabily is exploitable by a logged in backend user utilizing the TYPO3 backend user interface. This user can create output in the HTML context by exploiting improperly encoded user input. Update...
Remote code execution
An issue was discovered in the pixxio aka pixx.io integration or DAM extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it ...
Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)
The extension fails to restrict the image download to the configured pixx.io DAM URL resulting in Server-side request forgery. As a result of the Server-side request forgery vulnerability, an attacker can download various content from a remote location and save it to a user controlled filename...
Cross-Site Scripting in extension "2 Clicks for External Media" (media2click)
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...