2 matches found
CVE-2014-6295
The CVE-2014-6295 case concerns the WEC Map (wec_map) extension for TYPO3. Affected versions include 3.0.2 and earlier, with vulnerabilities described as SQL Injection (and related Cross‑Site Scripting) that allow remote execution of arbitrary SQL commands via unspecified vectors. Remediation is ...
CVE-2014-6296
Summary: The WEC Map (wec_map) TYPO3 extension is affected by CVE-2014-6295 (SQL Injection) and CVE-2014-6296 (XSS) in versions up to 3.0.2/3.0.2. The described XSS allows remote injection of script via unspecified vectors; in some sources, 3.0.3 is the fixed release. Root cause: improper input h...