EUVD-2020-0409

Malware in sbrugna...

EUVD-2011-4548

Malware in sbrugna...

Cross-site Scripting (XSS)

Typo3 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper parsing of values assigned to HTML attributes in the frontend's typolink functionality and improper encoding of error messages in the backend's filelist module when renaming files...

Cross-site Scripting (XSS)

TYPO3 is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of t3:// URLs and typolink functionality, affecting both backend forms and frontend extensions that use typolink rendering...

TYPO3 Cross-Site Scripting in Link Handling

It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink...

GHSA-XGMX-J3HV-JH9X TYPO3 Cross-Site Scripting in Link Handling

It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the mishandling of t3:// URL schemes and typolink functionality, which affecting both backend forms and frontend extensions using typolink rendering, which allows attackers to execute arbitrary JavaScript within...

GHSA-4PPR-JW47-9QM5 TYPO3 Cross-Site Scripting in Link Handling

It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink...

PT-2024-40076 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: Typo3 affected versions not specified Description: A cross-site scripting issue has been found in the handling of t3:// URL and typolink functionality. This affects not only regular backend forms but also frontend extensions that use renderin...

PT-2024-40503 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: Typo3 affected versions not specified Description: The issue concerns cross-site scripting vulnerabilities in two separate areas. Firstly, the typolink functionality in the website's frontend incorrectly parses values assigned to HTML...

BIT-TYPO3-2020-11065

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been...

Cross-site Scripting (XSS)

Overview typo3/cms is a free open source Content Management Framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the typoLink function. An attacker can inject arbitrary web script or HTML by crafting malicious input in a link field. Note: This is only...

GHSA-J5V7-9XR5-M7GX TYPO3 Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field...

Cross-site Scripting (XSS)

typo3/cms-core is vulnerable to cross-site scripting XSS. The vulnerability exists as decoded entities generated by the typolink functionality were not encoded back to HTML before it gets rendered...

CVE-2020-11065

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been...

Cross site scripting

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been...

PT-2020-12526 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.5.12 through 9.5.16 TYPO3 CMS versions 10.2.0 through 10.4.1 Description: The issue concerns link tags generated by typolink functionality, which are vulnerable to cross-site scripting. Properties being assigned as HTML...

Cross-Site Scripting in Link Handling

It has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting - properties being assigned as HTML attributes have not been parsed correctly...

Cross-Site Scripting in Link Handling

It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink...

CVE-2011-4626

Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function...