28 matches found
EUVD-2014-4832
Malware in sbrugna...
CVE-2014-4913
ZF2014-03 has a potential cross site scripting vector in multiple view helpers...
Malicious code in gft-view-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c12651d76770f09bfa7e61edc4e020f6e33df757bbe945abc6b1c614df0717de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11984 Malicious code in gft-view-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c12651d76770f09bfa7e61edc4e020f6e33df757bbe945abc6b1c614df0717de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Zend-Navigation vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
GHSA-6V7P-5QCQ-268C Zend-Navigation vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
Zend-Form vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
GHSA-M7HR-J867-3F34 ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
GHSA-8Q77-CV62-JJ38 Zendframework has potential Cross-site Scripting vector in multiple view helpers
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
Zendframework has potential Cross-site Scripting vector in multiple view helpers
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
Cross-Site Scripting in Fluid view helpers
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem It has been discovered that system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Solution Update to...
GHSA-VQQX-JW6P-Q3RF Cross-Site Scripting in Fluid view helpers
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem It has been discovered that system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Solution Update to...
Cross-Site Scripting (XSS)
TYPO3.CMS is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript via the Fluid view helpers...
CVE-2020-26227
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions...
PT-2020-16356 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.23 TYPO3 versions prior to 10.4.10 Description: The system extension Fluid of the TYPO3 core is vulnerable to cross-site scripting when passing user-controlled data as an argument to Fluid view helpers. This issue...
TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-010...
TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-010...
Cross-Site Scripting in Fluid view helpers
It has been discovered that system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers...
CVE-2014-4913
ZF2014-03 has a potential cross site scripting vector in multiple view helpers...