Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2024/05/14 8:13 p.m.33 views

TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

Problem The ShowImageController eID txcmsshowpic lacks a cryptographic HMAC-signature on the frame HTTP query parameter e.g. /index.php?eID=txcmsshowpic?file=3&...&frame=12345. This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side...

5.3CVSS5.4AI score0.0047EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/07/10 9:54 p.m.29 views

GHSA-Q9W4-W667-QQJ4 ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor

Problem It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. Solution Update to version 1.17.12 of the ckeditor-wordcount-plugin plugin. Credits @sypets for reporting this finding to the TYPO3...

6.1CVSS6AI score0.00481EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/07/10 9:54 p.m.22 views

ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor

Problem It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. Solution Update to version 1.17.12 of the ckeditor-wordcount-plugin plugin. Credits @sypets for reporting this finding to the TYPO3...

6.1CVSS6.4AI score0.00481EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/04/29 9:51 p.m.30 views

GHSA-P48W-VF3C-RQJX Cross-Site Scripting in Bootstrap Package

Problem It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. The following templates are affected by the vulnerability:...

5.4CVSS5.2AI score0.00941EPSS
Exploits1References4
Typo3
Typo3
added 2016/03/10 12:0 a.m.105 views

Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to unsafe comparison of XSRF/CSRF token, multiple full path disclosure vulnerabilities, multiple XSS vulnerabilities, insecure password generation in JavaScript. Release Date: March 10, 2016 Component Type: Third par...

5CVSS0.2AI score0.02688EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2012/08/08 12:0 a.m.24 views

Cross-site scripting vulnerability in extension powermail for TYPO3 (powermail)

It has been discovered that the extension "powermail" powermail is vulnerable to Cross-Site Scripting, SQL Injection and Arbitrary Code Execution. Release Date: August 8, 2012 Bulletin update: August 9, 2012 added update help for extension manager, added further download link Component Type: Thir...

7.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2011/05/23 12:0 a.m.16 views

Cross-Site Scripting and Open Redirection vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Open Redirection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.10.3 and below Vulnerability Type:...

6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2009/07/30 12:0 a.m.15 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: "CoolURI" cooluri, "Reset backend password" cwtresetbepassword, "datamints Newsticker" datamintsnewsticker, "Gobernalia Front End News Submitter" gbfenewssubmit, "Mailform" mailform, "Myth download" mythdownloa...

7.5AI score
Exploits0Affected Software10
Typo3
Typo3
added 2008/12/22 12:0 a.m.16 views

TYPO3 Security Bulletin

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to SQL injections via XSRF. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.1.1 and all versions below Vulnerability Type: SQL injectio...

7.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/05/13 12:0 a.m.8 views

Multiple vulnerabilities in extension Statistics (ke_stats)

It has been discovered that the extension Statistics kestats is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has been found. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.1.2 and...

7.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2007/07/19 12:0 a.m.14 views

Remote shell command execution in extensions embedding PHPMailer

Multiple TYPO3 extensions is affected by the third party tool PHPMailer, which is vulnerable to a remote shell command execution. Component Type: Third party tool. This tool is not part of the TYPO3 default installation. Affected extensions: agprjmgm version 0.0.1 bbphpmailer version 1.73.1 and a...

7.7AI score
Exploits0Affected Software8
Typo3
Typo3
added 2007/01/29 12:0 a.m.23 views

Multiple vulnerabilities in extension mm_forum

It has been discovered that the extension mmforum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other vulnerabilities. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.1.2 and all...

7.1AI score
Exploits0Affected Software1
Rows per page
Query Builder