Lucene search
+L

12 matches found

Github Security Blog
Github Security Blog
added 2024/05/14 8:13 p.m.33 views

TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

Problem The ShowImageController eID txcmsshowpic lacks a cryptographic HMAC-signature on the frame HTTP query parameter e.g. /index.php?eID=txcmsshowpic?file=3&...&frame=12345. This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side...

5.3CVSS5.4AI score0.0047EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/10 9:54 p.m.23 views

ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor

Problem It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. Solution Update to version 1.17.12 of the ckeditor-wordcount-plugin plugin. Credits @sypets for reporting this finding to the TYPO3...

6.1CVSS6.4AI score0.00481EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/07/10 9:54 p.m.29 views

GHSA-Q9W4-W667-QQJ4 ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor

Problem It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. Solution Update to version 1.17.12 of the ckeditor-wordcount-plugin plugin. Credits @sypets for reporting this finding to the TYPO3...

6.1CVSS6AI score0.00481EPSS
Exploits0References7
OSV
OSV
added 2021/04/29 9:51 p.m.30 views

GHSA-P48W-VF3C-RQJX Cross-Site Scripting in Bootstrap Package

Problem It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. The following templates are affected by the vulnerability:...

5.4CVSS5.2AI score0.00941EPSS
Exploits1References4
Typo3
Typo3
added 2016/03/10 12:0 a.m.105 views

Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to unsafe comparison of XSRF/CSRF token, multiple full path disclosure vulnerabilities, multiple XSS vulnerabilities, insecure password generation in JavaScript. Release Date: March 10, 2016 Component Type: Third par...

5CVSS0.2AI score0.02688EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2012/08/08 12:0 a.m.24 views

Cross-site scripting vulnerability in extension powermail for TYPO3 (powermail)

It has been discovered that the extension "powermail" powermail is vulnerable to Cross-Site Scripting, SQL Injection and Arbitrary Code Execution. Release Date: August 8, 2012 Bulletin update: August 9, 2012 added update help for extension manager, added further download link Component Type: Thir...

7.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2011/05/23 12:0 a.m.16 views

Cross-Site Scripting and Open Redirection vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Open Redirection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.10.3 and below Vulnerability Type:...

6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2009/07/30 12:0 a.m.15 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: "CoolURI" cooluri, "Reset backend password" cwtresetbepassword, "datamints Newsticker" datamintsnewsticker, "Gobernalia Front End News Submitter" gbfenewssubmit, "Mailform" mailform, "Myth download" mythdownloa...

7.5AI score
Exploits0Affected Software10
Typo3
Typo3
added 2008/12/22 12:0 a.m.16 views

TYPO3 Security Bulletin

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to SQL injections via XSRF. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.1.1 and all versions below Vulnerability Type: SQL injectio...

7.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/05/13 12:0 a.m.8 views

Multiple vulnerabilities in extension Statistics (ke_stats)

It has been discovered that the extension Statistics kestats is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has been found. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.1.2 and...

7.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2007/07/19 12:0 a.m.14 views

Remote shell command execution in extensions embedding PHPMailer

Multiple TYPO3 extensions is affected by the third party tool PHPMailer, which is vulnerable to a remote shell command execution. Component Type: Third party tool. This tool is not part of the TYPO3 default installation. Affected extensions: agprjmgm version 0.0.1 bbphpmailer version 1.73.1 and a...

7.7AI score
Exploits0Affected Software8
Typo3
Typo3
added 2007/01/29 12:0 a.m.23 views

Multiple vulnerabilities in extension mm_forum

It has been discovered that the extension mmforum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other vulnerabilities. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.1.2 and all...

7.1AI score
Exploits0Affected Software1
Rows per page
Query Builder