CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

RedhatCVE•added 2025/05/22 6:57 p.m.•2 views

CVE-2021-28381

The vhs aka VHS: Fluid ViewHelpers extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper...

9.8CVSS8AI score0.00366EPSS

Exploits0References1

Veracode•added 2024/06/17 8:39 a.m.•9 views

Cross-site Scripting (XSS)

TYPO3 is vulnerable to cross-site scripting XSS. The vulnerability is due to templates using built-in Fluid ViewHelpers which fail to properly encode user input...

6.4AI score

Exploits0

OSV•added 2024/06/07 5:8 p.m.•15 views

GHSA-85CH-44W7-RF32 TYPO3 Cross-Site Scripting in Fluid ViewHelpers

Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...

6.1CVSS6.7AI score

Exploits0References5

Github Security Blog•added 2024/06/07 5:8 p.m.•7 views

TYPO3 Cross-Site Scripting in Fluid ViewHelpers

Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...

6.7AI score

Exploits0References5Affected Software1

Veracode•added 2024/06/04 5:52 a.m.•11 views

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site scripting XSS. The vulnerability is caused by improper user input encoding when using templates in the built-in Fluid ViewHelpers, which allows an attacker to inject malicious scripts into the browser...

6.6AI score

Exploits0

Github Security Blog•added 2024/05/30 3:46 p.m.•8 views

TYPO3 Cross-Site Scripting in Fluid ViewHelpers

Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...

7AI score

Exploits0References3Affected Software1

OSV•added 2024/05/30 3:46 p.m.•9 views

GHSA-22Q7-CG4R-P9MX TYPO3 Cross-Site Scripting in Fluid ViewHelpers

Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...

6.1CVSS7AI score

Exploits0References3

Positive Technologies•added 2024/05/30 12:0 a.m.•2 views

PT-2024-40003 · Fluid · Fluid

Name of the Vulnerable Software and Affected Versions: Fluid affected versions not specified Description: The issue arises from the failure to properly encode user input in templates that utilize built-in Fluid ViewHelpers, making them susceptible to cross-site scripting. Recommendations: At the...

6.1CVSS6.5AI score

Exploits0References4

CNNVD•added 2022/12/21 12:0 a.m.•0 views

Imprint CMS 跨站脚本漏洞

Imprint CMS is a publisher-oriented, domain-specific CMS based on ASP.net MVC 4 and LinqToSQL by Peder Skou, an individual developer. A security vulnerability exists in Imprint CMS, which originates in the SearchForm function of the file ImprintCMS/Models/ViewHelpers.cs, where the operation of a...

6.1CVSS5.6AI score0.00213EPSS

Exploits0References3

Typo3•added 2021/03/16 12:0 a.m.•123 views

SQL Injection in extension "VHS: Fluid ViewHelpers" (vhs)

It has been discovered that the extension is susceptible to blind SQL Injection when user input is passed to the isLanguageViewHelper...

7.5CVSS3.5AI score0.00366EPSS

Exploits0Affected Software1

Veracode•added 2020/11/18 2:39 a.m.•33 views

Cross-site Scripting (XSS)

typo3/fluid is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser via 1 additionalAttributes arrays 2 ViewHelpers 3 Subclasses of AbstractConditionViewHelper...

8CVSS5.4AI score0.00583EPSS

Exploits1References4Affected Software2

Cvelist•added 2020/11/17 8:45 p.m.•12 views

CVE-2020-26216 Cross-Site Scripting in TYPO3 Fluid

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with...

8CVSS8.1AI score0.00583EPSS

Exploits1References3