Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-3609

Malware in sbrugna...

6.5CVSS6.1AI score0.01613EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 a.m.5 views

CVE-2015-8758

Multiple cross-site scripting XSS vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors...

5.4CVSS5.6AI score0.01141EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/06/05 4:55 p.m.11 views

Cache Flooding in TYPO3 Frontend

Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the...

7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/05 4:41 p.m.14 views

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...

6.9AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.3 views

PT-2024-40190 · Packagist · Typo3/Cms-Core

Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided. Description: The issue arises from improper encoding of user input, making the login status display susceptible to cross-site scripting in the website frontend. To exploit this, a valid...

6.1CVSS6.3AI score
Exploits0References4
Cvelist
Cvelist
added 2009/11/02 3:0 p.m.23 views

CVE-2009-3634

Cross-site scripting XSS vulnerability in the Frontend Login Box aka felogin subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

5.4AI score0.01962EPSS
Exploits0References7
Rows per page
Query Builder