6 matches found
EUVD-2009-3609
Malware in sbrugna...
CVE-2015-8758
Multiple cross-site scripting XSS vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors...
Cache Flooding in TYPO3 Frontend
Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the...
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...
PT-2024-40190 · Packagist · Typo3/Cms-Core
Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided. Description: The issue arises from improper encoding of user input, making the login status display susceptible to cross-site scripting in the website frontend. To exploit this, a valid...
CVE-2009-3634
Cross-site scripting XSS vulnerability in the Frontend Login Box aka felogin subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...