Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added 2025/03/19 1:37 a.m.19 views

Additional TCA Allows Cross-Site Scripting (XSS)

A cross-site scripting XSS vulnerability has been discovered in the Additional TCA extension. This vulnerabily is exploitable by a logged in backend user utilizing the TYPO3 backend user interface. This user can create output in the HTML context by exploiting improperly encoded user input. Update...

5.8AI score0.0036EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/11/10 3:15 p.m.16 views

Remote code execution

An issue was discovered in the pixxio aka pixx.io integration or DAM extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it ...

6.5CVSS8.7AI score0.01325EPSS
Exploits0References1Affected Software1
Typo3
Typo3
added 2021/11/10 12:0 a.m.32 views

Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)

The extension fails to restrict the image download to the configured pixx.io DAM URL resulting in Server-side request forgery. As a result of the Server-side request forgery vulnerability, an attacker can download various content from a remote location and save it to a user controlled filename...

6.5CVSS8.6AI score0.01325EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2021/04/27 12:0 a.m.40 views

Cross-Site Scripting in extension "2 Clicks for External Media" (media2click)

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

3.5CVSS1.3AI score0.00534EPSS
Exploits0Affected Software1
Rows per page
Query Builder