EUVD-2023-60189

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...

EUVD-2012-3738

Malware in sbrugna...

EUVD-2007-0097

Malware in sbrugna...

EUVD-2021-0723

Malware in sbrugna...

EUVD-2022-6036

Malicious code in bioql PyPI...

CVE-2025-3800

A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobilephone leads to sql injection. The attack can be launched remotely. The explo...

CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

SEMCMS SQL Injection Vulnerability (CNVD-2024-23136)

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. SEMCMS 4.8 and earlier versions suffer from a SQL injection vulnerability, which stems from the application's lack of validation of external input SQL statements, and can be exploited by attackers to...

BIT-TYPO3-2021-21370

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid...

CVE-2024-25118

CVE-2024-25118 describes an information-disclosure vulnerability in TYPO3 where password hashes were reflected in backend editing forms. Exploitation requires a valid backend user account. Affected versions include 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1; upgr...

FreeBSD : typo3 -- Multiple vulnerabilities (7cc003cb-83b9-11ee-957d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7cc003cb-83b9-11ee-957d-b42e991fc52e advisory. - TYPO3 is an open source PHP based web content management system released under the GNU GPL. ...

CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...

CVE-2023-47126

TYPO3 information-disclosure CVE-2023-47126: In affected TYPO3 versions, the login screen of the standalone install tool reveals the full path to the transient data directory (e.g., /var/www/html/var/transient/) for composer-based installations; classic non-composer installations are not affected...

CVE-2023-47126 Information Disclosure in Install Tool in typo3/cms-install

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

CVE-2023-47127

TYPO3 core vulnerability CVE-2023-47127: in installations with multiple sites, a session cookie from one site can be reused on another without re-authentication. Affects TYPO3 CMS core; remediation is to upgrade to fixed versions (8.7.55, 9.5.44, 10.4.41, 11.5.33, 12.4.8). The connected advisorie...

SEMCMS File Upload Vulnerability

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A file upload vulnerability exists in SEMCMS version 3.9, which stems from the application's lack of effective validation of uploaded files and can be exploited by an attacker to run arbitrary code via...

phpwcms file upload vulnerability (CNVD-2023-09606)

phpwcms is an open source web content management system. It is fast, easy to install and can run on any standard web server platform that supports PHP/MySQL. A file upload vulnerability exists in phpwcms version 1.9.25. A remote attacker can exploit this vulnerability to execute arbitrary code by...

FreeBSD : typo3 -- multiple vulnerabilities (d9e154c9-7de9-11ed-adca-080027d3a315)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d9e154c9-7de9-11ed-adca-080027d3a315 advisory. - HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly...

CVE-2022-23504

TYPO3 contains a Sensitive Information Disclosure vulnerability (CVE-2022-23504) caused by improper handling of user-submitted YAML placeholder expressions in the site configuration backend module. The issue allows exposure of internal data (e.g., system configuration and HTTP request messages of...

CVE-2022-23503

CVE-2022-23503 affects TYPO3 core/form components. The issue is a Code Injection in the Form Designer backend module: lack of separating user-submitted data from internal configuration allows TypoScript to be processed as PHP code. Exploitation requires a valid backend user with Form Module acces...