All the vulnerabilites related to typo3 - typo3
cve-2012-3527
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2537 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/08/22/8 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77791 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/84773 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/50287 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "typo3-viewhelp-code-exec(77791)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791"
},
{
"name": "84773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/84773"
},
{
"name": "50287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a \"missing signature (HMAC).\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "typo3-viewhelp-code-exec(77791)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791"
},
{
"name": "84773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/84773"
},
{
"name": "50287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a \"missing signature (HMAC).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "DSA-2537",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "typo3-viewhelp-code-exec(77791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791"
},
{
"name": "84773",
"refsource": "OSVDB",
"url": "http://osvdb.org/84773"
},
{
"name": "50287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3527",
"datePublished": "2012-09-05T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5322
Vulnerability from cvelistv5
Published
2013-08-20 18:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-003/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/58055 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/cooluri | x_refsource_CONFIRM | |
| http://secunia.com/advisories/52282 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82213 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/90415 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-003/"
},
{
"name": "58055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/cooluri"
},
{
"name": "52282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52282"
},
{
"name": "typo3-cooluri-unspec-sql-injection(82213)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82213"
},
{
"name": "90415",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-003/"
},
{
"name": "58055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/cooluri"
},
{
"name": "52282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52282"
},
{
"name": "typo3-cooluri-unspec-sql-injection(82213)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82213"
},
{
"name": "90415",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-003/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-003/"
},
{
"name": "58055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58055"
},
{
"name": "http://typo3.org/extensions/repository/view/cooluri",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/cooluri"
},
{
"name": "52282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52282"
},
{
"name": "typo3-cooluri-unspec-sql-injection(82213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82213"
},
{
"name": "90415",
"refsource": "OSVDB",
"url": "http://osvdb.org/90415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5322",
"datePublished": "2013-08-20T18:00:00",
"dateReserved": "2013-08-20T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11066
Vulnerability from cvelistv5
Published
2020-05-13 23:15
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.17"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T23:15:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc"
}
],
"source": {
"advisory": "GHSA-2rxh-h6h9-qrqc",
"discovery": "UNKNOWN"
},
"title": "Improperly Controlled Modification of Dynamically-Determined Object Attributes in TYPO3 CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11066",
"STATE": "PUBLIC",
"TITLE": "Improperly Controlled Modification of Dynamically-Determined Object Attributes in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.17"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.2"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc"
}
]
},
"source": {
"advisory": "GHSA-2rxh-h6h9-qrqc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11066",
"datePublished": "2020-05-13T23:15:12",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0342
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0342",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:13.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15241
Vulnerability from cvelistv5
Published
2020-10-08 20:15
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47 | x_refsource_CONFIRM | |
| https://github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2019-013 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fluid",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.5"
},
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.4"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.1"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.5"
},
{
"status": "affected",
"version": "\u003e= 2.4.0, \u003c 2.4.1"
},
{
"status": "affected",
"version": "\u003e= 2.5.0, \u003c 2.5.5"
},
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c 2.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "{\"CWE-601\":\"URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-08T20:15:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-013"
}
],
"source": {
"advisory": "GHSA-7733-hjv6-4h47",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in TYPO3 Fluid Engine",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15241",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in TYPO3 Fluid Engine"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fluid",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.0.0, \u003c 2.0.5"
},
{
"version_value": "\u003e= 2.1.0, \u003c 2.1.4"
},
{
"version_value": "\u003e= 2.2.0, \u003c 2.2.1"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.5"
},
{
"version_value": "\u003e= 2.4.0, \u003c 2.4.1"
},
{
"version_value": "\u003e= 2.5.0, \u003c 2.5.5"
},
{
"version_value": "\u003e= 2.6.0, \u003c 2.6.1"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-601\":\"URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47"
},
{
"name": "https://github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d",
"refsource": "MISC",
"url": "https://github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2019-013",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-013"
}
]
},
"source": {
"advisory": "GHSA-7733-hjv6-4h47",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15241",
"datePublished": "2020-10-08T20:15:17",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3687
Vulnerability from cvelistv5
Published
2010-09-29 16:00
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonstrated using the (1) Email and (2) URL fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019 | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/powermail/1.5.4 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41530 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"name": "41530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by \"[injecting] arbitrary values into validated fields,\" as demonstrated using the (1) Email and (2) URL fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-29T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"name": "41530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by \"[injecting] arbitrary values into validated fields,\" as demonstrated using the (1) Email and (2) URL fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"name": "http://typo3.org/extensions/repository/view/powermail/1.5.4",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"name": "41530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3687",
"datePublished": "2010-09-29T16:00:00Z",
"dateReserved": "2010-09-29T00:00:00Z",
"dateUpdated": "2024-09-17T04:09:31.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1843
Vulnerability from cvelistv5
Published
2013-03-20 15:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/03/12/3 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2013/dsa-2646 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/52638 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/90924 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/58330 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/52433 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"name": "DSA-2646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"name": "openSUSE-SU-2013:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"name": "52638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52638"
},
{
"name": "90924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/90924"
},
{
"name": "58330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58330"
},
{
"name": "52433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-05T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"name": "DSA-2646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"name": "openSUSE-SU-2013:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"name": "52638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52638"
},
{
"name": "90924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/90924"
},
{
"name": "58330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58330"
},
{
"name": "52433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"name": "DSA-2646",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"name": "openSUSE-SU-2013:0510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"name": "52638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52638"
},
{
"name": "90924",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/90924"
},
{
"name": "58330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58330"
},
{
"name": "52433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52433"
},
{
"name": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/",
"refsource": "CONFIRM",
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1843",
"datePublished": "2013-03-20T15:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4158
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/cal/1.2.1/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37549 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/37164 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.2.1/"
},
{
"name": "37549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/"
},
{
"name": "37164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.2.1/"
},
{
"name": "37549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/"
},
{
"name": "37164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/cal/1.2.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/cal/1.2.1/"
},
{
"name": "37549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37549"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/"
},
{
"name": "37164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4158",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-16T17:08:25.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1015
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 00:05
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/sav_filter_abc/1.0.9/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38995 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/63033 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/38801 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_abc/1.0.9/"
},
{
"name": "38995",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38995"
},
{
"name": "63033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63033"
},
{
"name": "38801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38801"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_abc/1.0.9/"
},
{
"name": "38995",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38995"
},
{
"name": "63033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63033"
},
{
"name": "38801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38801"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/sav_filter_abc/1.0.9/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sav_filter_abc/1.0.9/"
},
{
"name": "38995",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38995"
},
{
"name": "63033",
"refsource": "OSVDB",
"url": "http://osvdb.org/63033"
},
{
"name": "38801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38801"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1015",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:05:43.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3942
Vulnerability from cvelistv5
Published
2014-06-03 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2014/dsa-2942 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/06/03/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0813",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:0813",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0813",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3942",
"datePublished": "2014-06-03T14:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15098
Vulnerability from cvelistv5
Published
2020-07-29 16:15
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2016-013 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2020-008 | x_refsource_MISC | |
| https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.20"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, 10.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325: Missing Required Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-29T16:15:24",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
}
],
"source": {
"advisory": "GHSA-m5vr-3m74-jwxp",
"discovery": "UNKNOWN"
},
"title": "Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15098",
"STATE": "PUBLIC",
"TITLE": "Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.20"
},
{
"version_value": "\u003e= 10.0.0, 10.4.6"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325: Missing Required Cryptographic Step"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2016-013",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2020-008",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1",
"refsource": "MISC",
"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
}
]
},
"source": {
"advisory": "GHSA-m5vr-3m74-jwxp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15098",
"datePublished": "2020-07-29T16:15:25",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:21.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4706
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4706",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T16:48:48.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6698
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46395 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/29826 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43214 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46395"
},
{
"name": "29826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29826"
},
{
"name": "worldcup-unspecified-xss(43214)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43214"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46395"
},
{
"name": "29826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29826"
},
{
"name": "worldcup-unspecified-xss(43214)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43214"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46395",
"refsource": "OSVDB",
"url": "http://osvdb.org/46395"
},
{
"name": "29826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29826"
},
{
"name": "worldcup-unspecified-xss(43214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43214"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6698",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0328
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 01:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38166 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38166"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0328",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:11:22.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55920
Vulnerability from cvelistv5
Published
2025-01-14 19:55
Modified
2025-01-14 19:55
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Dashboard Module” allows attackers to manipulate the victim’s dashboard configuration. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-qwx7-39pw-2mhr | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2025-005 | x_refsource_MISC |
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.48"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.42"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.25"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cDashboard Module\u201d allows attackers to manipulate the victim\u2019s dashboard configuration. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:55:42.459Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-qwx7-39pw-2mhr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-qwx7-39pw-2mhr"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-005",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-005"
}
],
"source": {
"advisory": "GHSA-qwx7-39pw-2mhr",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in Dashboard Module in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55920",
"datePublished": "2025-01-14T19:55:42.459Z",
"dateReserved": "2024-12-13T13:40:23.283Z",
"dateUpdated": "2025-01-14T19:55:42.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5796
Vulnerability from cvelistv5
Published
2008-12-31 11:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46468 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/32228 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32638 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "elunapagecomments-unspecified-sql-injection(46468)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46468"
},
{
"name": "32228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32228"
},
{
"name": "32638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32638"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "elunapagecomments-unspecified-sql-injection(46468)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46468"
},
{
"name": "32228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32228"
},
{
"name": "32638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32638"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "elunapagecomments-unspecified-sql-injection(46468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46468"
},
{
"name": "32228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32228"
},
{
"name": "32638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32638"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5796",
"datePublished": "2008-12-31T11:00:00",
"dateReserved": "2008-12-30T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4960
Vulnerability from cvelistv5
Published
2011-10-09 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61054 | vdb-entry, x_refsource_XF | |
| http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40951 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/42365 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/67032 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "branchenbuch-unspecified-xss(61054)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61054"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/"
},
{
"name": "40951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40951"
},
{
"name": "42365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42365"
},
{
"name": "67032",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/67032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "branchenbuch-unspecified-xss(61054)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61054"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/"
},
{
"name": "40951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40951"
},
{
"name": "42365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42365"
},
{
"name": "67032",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/67032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "branchenbuch-unspecified-xss(61054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61054"
},
{
"name": "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/"
},
{
"name": "40951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40951"
},
{
"name": "42365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42365"
},
{
"name": "67032",
"refsource": "OSVDB",
"url": "http://osvdb.org/67032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4960",
"datePublished": "2011-10-09T10:00:00",
"dateReserved": "2011-10-09T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6694
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43209 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29827 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/46391 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "steprayer-unspecified-sql-injection(43209)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43209"
},
{
"name": "29827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29827"
},
{
"name": "46391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46391"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "steprayer-unspecified-sql-injection(43209)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43209"
},
{
"name": "29827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29827"
},
{
"name": "46391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46391"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "steprayer-unspecified-sql-injection(43209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43209"
},
{
"name": "29827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29827"
},
{
"name": "46391",
"refsource": "OSVDB",
"url": "http://osvdb.org/46391"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6694",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4969
Vulnerability from cvelistv5
Published
2010-07-27 18:39
Modified
2024-09-17 00:30
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2411 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36137 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"name": "36137",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-27T18:39:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"name": "36137",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36137"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"name": "36137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36137"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4969",
"datePublished": "2010-07-27T18:39:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-17T00:30:46.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5888
Vulnerability from cvelistv5
Published
2012-11-17 21:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forge.typo3.org/issues/35532 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74483 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/52772 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forge.typo3.org/issues/35532"
},
{
"name": "typo3-seobasics-unspecified-xss(74483)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74483"
},
{
"name": "52772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forge.typo3.org/issues/35532"
},
{
"name": "typo3-seobasics-unspecified-xss(74483)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74483"
},
{
"name": "52772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forge.typo3.org/issues/35532",
"refsource": "MISC",
"url": "http://forge.typo3.org/issues/35532"
},
{
"name": "typo3-seobasics-unspecified-xss(74483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74483"
},
{
"name": "52772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52772"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5888",
"datePublished": "2012-11-17T21:00:00",
"dateReserved": "2012-11-17T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4626
Vulnerability from cvelistv5
Published
2019-11-06 16:07
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4626 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the \"JSwindow\" property of the typolink function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:07:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the \"JSwindow\" property of the typolink function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4626",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4626"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4626",
"datePublished": "2019-11-06T16:07:45",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4747
Vulnerability from cvelistv5
Published
2013-07-01 23:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/93819 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84674 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/60297 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93819"
},
{
"name": "typo3-accessible-unspecified-xss(84674)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84674"
},
{
"name": "60297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60297"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93819"
},
{
"name": "typo3-accessible-unspecified-xss(84674)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84674"
},
{
"name": "60297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60297"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93819",
"refsource": "OSVDB",
"url": "http://osvdb.org/93819"
},
{
"name": "typo3-accessible-unspecified-xss(84674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84674"
},
{
"name": "60297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60297"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4747",
"datePublished": "2013-07-01T23:00:00",
"dateReserved": "2013-07-01T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4887
Vulnerability from cvelistv5
Published
2011-10-07 10:00
Modified
2024-09-16 19:51
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4887",
"datePublished": "2011-10-07T10:00:00Z",
"dateReserved": "2011-10-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:51:09.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4159
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/direct_mail/2.6.5/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/37166 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-018/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37552 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/direct_mail/2.6.5/"
},
{
"name": "37166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-018/"
},
{
"name": "37552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/direct_mail/2.6.5/"
},
{
"name": "37166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-018/"
},
{
"name": "37552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/direct_mail/2.6.5/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/direct_mail/2.6.5/"
},
{
"name": "37166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37166"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-018/"
},
{
"name": "37552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4159",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-17T00:46:50.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12747
Vulnerability from cvelistv5
Published
2019-07-09 14:13
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/security/advisory/typo3-core-sa-2019-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-12T13:45:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2019-020/",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12747",
"datePublished": "2019-07-09T14:13:24",
"dateReserved": "2019-06-06T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6905
Vulnerability from cvelistv5
Published
2018-04-08 17:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forge.typo3.org/issues/84191 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040755 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/pradeepjairamani/TYPO3-XSS-POC | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forge.typo3.org/issues/84191"
},
{
"name": "1040755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040755"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pradeepjairamani/TYPO3-XSS-POC"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS[\u0027TYPO3_CONF_VARS\u0027][\u0027SYS\u0027][\u0027sitename\u0027], as demonstrated by an admin entering a crafted site name during the installation process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forge.typo3.org/issues/84191"
},
{
"name": "1040755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040755"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pradeepjairamani/TYPO3-XSS-POC"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS[\u0027TYPO3_CONF_VARS\u0027][\u0027SYS\u0027][\u0027sitename\u0027], as demonstrated by an admin entering a crafted site name during the installation process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forge.typo3.org/issues/84191",
"refsource": "MISC",
"url": "https://forge.typo3.org/issues/84191"
},
{
"name": "1040755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040755"
},
{
"name": "https://github.com/pradeepjairamani/TYPO3-XSS-POC",
"refsource": "MISC",
"url": "https://github.com/pradeepjairamani/TYPO3-XSS-POC"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6905",
"datePublished": "2018-04-08T17:00:00",
"dateReserved": "2018-02-11T00:00:00",
"dateUpdated": "2024-08-05T06:17:17.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1722
Vulnerability from cvelistv5
Published
2011-04-19 19:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/71674 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2011/0896 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44055 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66619 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/47257 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/wec_discussion/2.1.1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/71674"
},
{
"name": "ADV-2011-0896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/"
},
{
"name": "44055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44055"
},
{
"name": "wecdiscussionforum-multiple-sql-injection(66619)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66619"
},
{
"name": "47257",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion/2.1.1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "71674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/71674"
},
{
"name": "ADV-2011-0896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/"
},
{
"name": "44055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44055"
},
{
"name": "wecdiscussionforum-multiple-sql-injection(66619)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66619"
},
{
"name": "47257",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion/2.1.1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71674",
"refsource": "OSVDB",
"url": "http://osvdb.org/71674"
},
{
"name": "ADV-2011-0896",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0896"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/"
},
{
"name": "44055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44055"
},
{
"name": "wecdiscussionforum-multiple-sql-injection(66619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66619"
},
{
"name": "47257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47257"
},
{
"name": "http://typo3.org/extensions/repository/view/wec_discussion/2.1.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wec_discussion/2.1.1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1722",
"datePublished": "2011-04-19T19:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1020
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 23:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38796 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1020",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:10:30.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1081
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-17 03:52
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://osvdb.org/78795 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/ya_googlesearch/0.3.10/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/51851 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ya_googlesearch/0.3.10/"
},
{
"name": "51851",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ya_googlesearch/0.3.10/"
},
{
"name": "51851",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78795",
"refsource": "OSVDB",
"url": "http://osvdb.org/78795"
},
{
"name": "http://typo3.org/extensions/repository/view/ya_googlesearch/0.3.10/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ya_googlesearch/0.3.10/"
},
{
"name": "51851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1081",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-17T03:52:57.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6687
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/29815 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/dcdgooglemap/1.1.1/ | x_refsource_CONFIRM | |
| http://osvdb.org/46378 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/30773 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43199 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/46384 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/dcdgooglemap/1.1.1/"
},
{
"name": "46378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46378"
},
{
"name": "30773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30773"
},
{
"name": "dcdgooglemap-unspecified-xss(43199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43199"
},
{
"name": "46384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/dcdgooglemap/1.1.1/"
},
{
"name": "46378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46378"
},
{
"name": "30773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30773"
},
{
"name": "dcdgooglemap-unspecified-xss(43199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43199"
},
{
"name": "46384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29815"
},
{
"name": "http://typo3.org/extensions/repository/view/dcdgooglemap/1.1.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/dcdgooglemap/1.1.1/"
},
{
"name": "46378",
"refsource": "OSVDB",
"url": "http://osvdb.org/46378"
},
{
"name": "30773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30773"
},
{
"name": "dcdgooglemap-unspecified-xss(43199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43199"
},
{
"name": "46384",
"refsource": "OSVDB",
"url": "http://osvdb.org/46384"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6687",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5306
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/browser | x_refsource_CONFIRM | |
| http://osvdb.org/95963 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/61656 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86228 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/browser"
},
{
"name": "95963",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95963"
},
{
"name": "61656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61656"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "typo3-browser-unspecified-sql-injection(86228)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/browser"
},
{
"name": "95963",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95963"
},
{
"name": "61656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61656"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "typo3-browser-unspecified-sql-injection(86228)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/browser",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/browser"
},
{
"name": "95963",
"refsource": "OSVDB",
"url": "http://osvdb.org/95963"
},
{
"name": "61656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61656"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "typo3-browser-unspecified-sql-injection(86228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5306",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21340
Vulnerability from cvelistv5
Published
2021-03-23 01:50
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92 | x_refsource_CONFIRM | |
| https://packagist.org/packages/typo3/cms-backend | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-007 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T01:50:34",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-007"
}
],
"source": {
"advisory": "GHSA-fjh3-g8gq-9q92",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Content Preview",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21340",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Content Preview"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"version_value": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 ."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92"
},
{
"name": "https://packagist.org/packages/typo3/cms-backend",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-007",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-007"
}
]
},
"source": {
"advisory": "GHSA-fjh3-g8gq-9q92",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21340",
"datePublished": "2021-03-23T01:50:34",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31049
Vulnerability from cvelistv5
Published
2022-06-14 20:50
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-004 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T20:50:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004"
}
],
"source": {
"advisory": "GHSA-h4mx-xv96-2jgm",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Frontend Login Mailer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31049",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Frontend Login Mailer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
},
{
"name": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-004",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004"
}
]
},
"source": {
"advisory": "GHSA-h4mx-xv96-2jgm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31049",
"datePublished": "2022-06-14T20:50:12",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0798
Vulnerability from cvelistv5
Published
2010-03-02 20:00
Modified
2024-09-16 18:48
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38030 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/38388 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/t3blog/0.8.0/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38030",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38030"
},
{
"name": "38388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-02T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38030",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38030"
},
{
"name": "38388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38030"
},
{
"name": "38388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38388"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"name": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0798",
"datePublished": "2010-03-02T20:00:00Z",
"dateReserved": "2010-03-02T00:00:00Z",
"dateUpdated": "2024-09-16T18:48:34.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5099
Vulnerability from cvelistv5
Published
2012-05-30 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64180 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/35770 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/12/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.exploit-db.com/exploits/15856 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.openwall.com/lists/oss-security/2012/05/11/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/10/7 | mailing-list, x_refsource_MLIST | |
| http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "typo3-unspecified-file-include(64180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "15856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "typo3-unspecified-file-include(64180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "15856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "typo3-unspecified-file-include(64180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "15856",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"name": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html",
"refsource": "MISC",
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5099",
"datePublished": "2012-05-30T20:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1606
Vulnerability from cvelistv5
Published
2012-09-04 20:00
Modified
2024-09-16 17:54
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48647 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/48622 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/03/30/4 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/ | x_refsource_CONFIRM | |
| http://osvdb.org/80760 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2012/dsa-2445 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/52771 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48647"
},
{
"name": "48622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48622"
},
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "80760",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80760"
},
{
"name": "DSA-2445",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"name": "52771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48647"
},
{
"name": "48622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48622"
},
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "80760",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80760"
},
{
"name": "DSA-2445",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"name": "52771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52771"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48647"
},
{
"name": "48622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48622"
},
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "80760",
"refsource": "OSVDB",
"url": "http://osvdb.org/80760"
},
{
"name": "DSA-2445",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"name": "52771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52771"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1606",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:35.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4802
Vulnerability from cvelistv5
Published
2010-04-23 14:00
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/flatmgr/1.9.16/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34158 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/33998 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/"
},
{
"name": "34158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "33998",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-23T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/"
},
{
"name": "34158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "33998",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33998"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/"
},
{
"name": "34158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34158"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "33998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33998"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4802",
"datePublished": "2010-04-23T14:00:00Z",
"dateReserved": "2010-04-23T00:00:00Z",
"dateUpdated": "2024-09-17T01:06:05.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8756
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/ | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034486 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/"
},
{
"name": "1034486",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/"
},
{
"name": "1034486",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/"
},
{
"name": "1034486",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8756",
"datePublished": "2016-01-08T19:00:00Z",
"dateReserved": "2016-01-08T00:00:00Z",
"dateUpdated": "2024-09-16T23:41:30.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14251
Vulnerability from cvelistv5
Published
2017-09-11 09:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100620 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039295 | vdb-entry, x_refsource_SECTRACK | |
| http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"
},
{
"name": "100620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100620"
},
{
"name": "1039295",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039295"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-03T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"
},
{
"name": "100620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100620"
},
{
"name": "1039295",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039295"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/",
"refsource": "CONFIRM",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"
},
{
"name": "100620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100620"
},
{
"name": "1039295",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039295"
},
{
"name": "http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html",
"refsource": "MISC",
"url": "http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14251",
"datePublished": "2017-09-11T09:00:00",
"dateReserved": "2017-09-10T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7077
Vulnerability from cvelistv5
Published
2013-12-21 00:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/487 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89626 | vdb-entry, x_refsource_XF | |
| http://seclists.org/oss-sec/2013/q4/473 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004 | x_refsource_CONFIRM | |
| http://osvdb.org/100884 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "backenduseradministration-URL-xss(89626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89626"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "100884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "backenduseradministration-URL-xss(89626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89626"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "100884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "backenduseradministration-URL-xss(89626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89626"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "100884",
"refsource": "OSVDB",
"url": "http://osvdb.org/100884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7077",
"datePublished": "2013-12-21T00:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3820
Vulnerability from cvelistv5
Published
2009-10-28 10:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-10-28T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3820",
"datePublished": "2009-10-28T10:00:00Z",
"dateReserved": "2009-10-28T00:00:00Z",
"dateUpdated": "2024-09-16T22:36:39.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1605
Vulnerability from cvelistv5
Published
2012-09-04 20:00
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/03/30/4 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/80759 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52771 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"name": "80759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/80759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "52771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to \"a missing signature (HMAC) for a request argument.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"name": "80759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/80759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "52771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52771"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to \"a missing signature (HMAC) for a request argument.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"name": "80759",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80759"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "52771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52771"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1605",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-16T18:38:40.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0326
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/devlog/2.9.2/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38164 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/devlog/2.9.2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "38164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/devlog/2.9.2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "38164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/devlog/2.9.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/devlog/2.9.2/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "38164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0326",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T03:03:18.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4682
Vulnerability from cvelistv5
Published
2013-06-25 18:00
Modified
2024-09-17 01:11
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/53441 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/60271 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/multishop | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53441"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1/"
},
{
"name": "60271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60271"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/multishop"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-25T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53441"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1/"
},
{
"name": "60271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60271"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/multishop"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53441"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1/"
},
{
"name": "60271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60271"
},
{
"name": "http://typo3.org/extensions/repository/view/multishop",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/multishop"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4682",
"datePublished": "2013-06-25T18:00:00Z",
"dateReserved": "2013-06-25T00:00:00Z",
"dateUpdated": "2024-09-17T01:11:27.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7078
Vulnerability from cvelistv5
Published
2014-01-19 18:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/487 | mailing-list, x_refsource_MLIST | |
| http://seclists.org/oss-sec/2013/q4/473 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/64239 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89629 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/100885 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "64239",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64239"
},
{
"name": "extbase-actioncontroller-xss(89629)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89629"
},
{
"name": "100885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100885"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "64239",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64239"
},
{
"name": "extbase-actioncontroller-xss(89629)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89629"
},
{
"name": "100885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100885"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "64239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64239"
},
{
"name": "extbase-actioncontroller-xss(89629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89629"
},
{
"name": "100885",
"refsource": "OSVDB",
"url": "http://osvdb.org/100885"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7078",
"datePublished": "2014-01-19T18:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4164
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4164",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-17T03:23:50.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1006
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38798 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38798"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38798"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38798"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1006",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:38.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0344
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0344",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T02:37:24.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5609
Vulnerability from cvelistv5
Published
2008-12-17 01:00
Modified
2024-08-07 10:56
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2870 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/commerce/0.9.7/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:47.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/commerce/0.9.7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/commerce/0.9.7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/"
},
{
"name": "http://typo3.org/extensions/repository/view/commerce/0.9.7/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/commerce/0.9.7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5609",
"datePublished": "2008-12-17T01:00:00",
"dateReserved": "2008-12-16T00:00:00",
"dateUpdated": "2024-08-07T10:56:47.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5798
Vulnerability from cvelistv5
Published
2008-12-31 11:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46470 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/32231 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cmspoll-unspecified-sql-injection(46470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46470"
},
{
"name": "32231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cmspoll-unspecified-sql-injection(46470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46470"
},
{
"name": "32231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cmspoll-unspecified-sql-injection(46470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46470"
},
{
"name": "32231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32231"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5798",
"datePublished": "2008-12-31T11:00:00",
"dateReserved": "2008-12-30T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1086
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-17 00:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://osvdb.org/78801 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/51855 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78801"
},
{
"name": "51855",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78801"
},
{
"name": "51855",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51855"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78801",
"refsource": "OSVDB",
"url": "http://osvdb.org/78801"
},
{
"name": "51855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51855"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1086",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:30:52.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4740
Vulnerability from cvelistv5
Published
2010-03-26 20:00
Modified
2024-09-16 16:28
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-26T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4740",
"datePublished": "2010-03-26T20:00:00Z",
"dateReserved": "2010-03-26T00:00:00Z",
"dateUpdated": "2024-09-16T16:28:16.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4340
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54784 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:19.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-nis-xss(54784)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54784"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-nis-xss(54784)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54784"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-nis-xss(54784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54784"
},
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4340",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:19.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5570
Vulnerability from cvelistv5
Published
2013-08-23 15:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/53253 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/extensions/repository/view/js_css_optimizer | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81583 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53253"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/js_css_optimizer"
},
{
"name": "typo3-javascript-unspecified-xss(81583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53253"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/js_css_optimizer"
},
{
"name": "typo3-javascript-unspecified-xss(81583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53253"
},
{
"name": "http://typo3.org/extensions/repository/view/js_css_optimizer",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/js_css_optimizer"
},
{
"name": "typo3-javascript-unspecified-xss(81583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81583"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5570",
"datePublished": "2013-08-23T15:00:00",
"dateReserved": "2013-08-23T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3663
Vulnerability from cvelistv5
Published
2019-11-04 21:18
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3663 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3663"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T21:18:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3663"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3663",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3663"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3663",
"datePublished": "2019-11-04T21:18:24",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4870
Vulnerability from cvelistv5
Published
2013-07-18 01:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81580 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-newssearch-unspecified-sql-injection(81580)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81580"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-newssearch-unspecified-sql-injection(81580)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81580"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-newssearch-unspecified-sql-injection(81580)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81580"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4870",
"datePublished": "2013-07-18T01:00:00",
"dateReserved": "2013-07-17T00:00:00",
"dateUpdated": "2024-08-06T16:59:40.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4970
Vulnerability from cvelistv5
Published
2010-07-27 18:39
Modified
2024-09-16 19:19
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36138 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/2411 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36138"
},
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-27T18:39:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36138"
},
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36138"
},
{
"name": "ADV-2009-2411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4970",
"datePublished": "2010-07-27T18:39:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-16T19:19:07.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6338
Vulnerability from cvelistv5
Published
2009-02-27 17:00
Modified
2024-09-17 01:05
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32982 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/33302 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/extensions/repository/view/wes_facilities/2.0.1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"name": "32982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32982"
},
{
"name": "33302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/wes_facilities/2.0.1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-27T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"name": "32982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32982"
},
{
"name": "33302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/wes_facilities/2.0.1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"name": "32982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32982"
},
{
"name": "33302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33302"
},
{
"name": "http://typo3.org/extensions/repository/view/wes_facilities/2.0.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wes_facilities/2.0.1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6338",
"datePublished": "2009-02-27T17:00:00Z",
"dateReserved": "2009-02-27T00:00:00Z",
"dateUpdated": "2024-09-17T01:05:30.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4397
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-16 16:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4397",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-16T16:39:01.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5100
Vulnerability from cvelistv5
Published
2012-05-21 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/45470 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35770 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/70120 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2011/01/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/11/3 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64181 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/05/10/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "70120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70120"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-install-tool-xss(64181)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64181"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "70120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70120"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-install-tool-xss(64181)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64181"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35770"
},
{
"name": "70120",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70120"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-install-tool-xss(64181)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64181"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5100",
"datePublished": "2012-05-21T20:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:39.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23500
Vulnerability from cvelistv5
Published
2022-12-14 07:07
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.38"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.33"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.20"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T07:07:05.039Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h"
}
],
"source": {
"advisory": "GHSA-8c28-5mp7-v24h",
"discovery": "UNKNOWN"
},
"title": "TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23500",
"datePublished": "2022-12-14T07:07:05.039Z",
"dateReserved": "2022-01-19T21:23:53.769Z",
"dateUpdated": "2024-08-03T03:43:46.001Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3660
Vulnerability from cvelistv5
Published
2019-11-01 17:16
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3660 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | x_refsource_CONFIRM | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T17:16:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3660",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3660"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3660",
"datePublished": "2019-11-01T17:16:31",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7079
Vulnerability from cvelistv5
Published
2013-12-23 23:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/473 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/64252 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2014/dsa-2834 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "64252",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64252"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "64252",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64252"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "64252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64252"
},
{
"name": "DSA-2834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7079",
"datePublished": "2013-12-23T23:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32667
Vulnerability from cvelistv5
Published
2021-07-20 14:40
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-009 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.29"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.18"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web\u003eView_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T14:40:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-009"
}
],
"source": {
"advisory": "GHSA-8mq9-fqv8-59wf",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Page Preview",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32667",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Page Preview"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.29"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.18"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.3.1"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web\u003eView_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-009",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-009"
}
]
},
"source": {
"advisory": "GHSA-8mq9-fqv8-59wf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32667",
"datePublished": "2021-07-20T14:40:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4954
Vulnerability from cvelistv5
Published
2010-07-22 18:00
Modified
2024-09-16 19:57
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/sk_calendar/0.3.4/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sk_calendar/0.3.4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-22T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/sk_calendar/0.3.4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"name": "http://typo3.org/extensions/repository/view/sk_calendar/0.3.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sk_calendar/0.3.4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4954",
"datePublished": "2010-07-22T18:00:00Z",
"dateReserved": "2010-07-22T00:00:00Z",
"dateUpdated": "2024-09-16T19:57:39.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4875
Vulnerability from cvelistv5
Published
2008-05-19 10:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42457 | vdb-entry, x_refsource_XF | |
| http://bugs.typo3.org/view.php?id=1250 | x_refsource_MISC | |
| http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tyop3-debugscript-info-disclosure(42457)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.typo3.org/view.php?id=1250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "tyop3-debugscript-info-disclosure(42457)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.typo3.org/view.php?id=1250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tyop3-debugscript-info-disclosure(42457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42457"
},
{
"name": "http://bugs.typo3.org/view.php?id=1250",
"refsource": "MISC",
"url": "http://bugs.typo3.org/view.php?id=1250"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4875",
"datePublished": "2008-05-19T10:00:00",
"dateReserved": "2008-05-19T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4709
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-16 22:20
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35879 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35879",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35879"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35879",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35879"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35879"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4709",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T22:20:38.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4703
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-16 23:10
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4703",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:10:42.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6690
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46387 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43205 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29833 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46387"
},
{
"name": "ndantispam-unspecified-security-bypass(43205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43205"
},
{
"name": "29833",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46387"
},
{
"name": "ndantispam-unspecified-security-bypass(43205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43205"
},
{
"name": "29833",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46387",
"refsource": "OSVDB",
"url": "http://osvdb.org/46387"
},
{
"name": "ndantispam-unspecified-security-bypass(43205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43205"
},
{
"name": "29833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29833"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6690",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4628
Vulnerability from cvelistv5
Published
2019-11-06 16:22
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4628 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Authentication_Delay_Bypass | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Authentication_Delay_Bypass"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:22:56",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Authentication_Delay_Bypass"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4628",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4628"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Authentication_Delay_Bypass",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Authentication_Delay_Bypass"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4628",
"datePublished": "2019-11-06T16:22:56",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4390
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4390",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-17T02:31:21.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3635
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37122 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53928 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=oss-security&m=125632856206736&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/3009 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36801 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:28.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "typo3-installtool-auth-bypass(53928)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53928"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password\u0027s md5 hash as a credential."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "typo3-installtool-auth-bypass(53928)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53928"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password\u0027s md5 hash as a credential."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37122"
},
{
"name": "typo3-installtool-auth-bypass(53928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53928"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3635",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:28.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3674
Vulnerability from cvelistv5
Published
2019-11-05 19:34
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.4.1 allows XSS in the frontend search box.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3674 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | x_refsource_CONFIRM | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.4.1 allows XSS in the frontend search box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T19:34:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.4.1 allows XSS in the frontend search box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3674",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3674"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3674",
"datePublished": "2019-11-05T19:34:14",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1013
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 00:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38812 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38996 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/63034 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/"
},
{
"name": "38996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38996"
},
{
"name": "63034",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/"
},
{
"name": "38996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38996"
},
{
"name": "63034",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38812"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/"
},
{
"name": "38996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38996"
},
{
"name": "63034",
"refsource": "OSVDB",
"url": "http://osvdb.org/63034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1013",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:50:36.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1218
Vulnerability from cvelistv5
Published
2010-03-30 23:00
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38825 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57037 | vdb-entry, x_refsource_XF | |
| http://typo3.org/extensions/repository/view/mm_forum/1.8.3/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38825"
},
{
"name": "mmforum-unspecified-xss(57037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/mm_forum/1.8.3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38825"
},
{
"name": "mmforum-unspecified-xss(57037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/mm_forum/1.8.3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38825"
},
{
"name": "mmforum-unspecified-xss(57037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57037"
},
{
"name": "http://typo3.org/extensions/repository/view/mm_forum/1.8.3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/mm_forum/1.8.3/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1218",
"datePublished": "2010-03-30T23:00:00",
"dateReserved": "2010-03-30T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4903
Vulnerability from cvelistv5
Published
2019-11-06 16:55
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4903 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:55:59",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4903",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4903"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4903",
"datePublished": "2019-11-06T16:55:59",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6686
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46383 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43197 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/29821 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46383"
},
{
"name": "cooluri-unspecified-sql-injection(43197)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "29821",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29821"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46383"
},
{
"name": "cooluri-unspecified-sql-injection(43197)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "29821",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29821"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46383",
"refsource": "OSVDB",
"url": "http://osvdb.org/46383"
},
{
"name": "cooluri-unspecified-sql-injection(43197)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43197"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "29821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29821"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6686",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4953
Vulnerability from cvelistv5
Published
2011-10-09 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61057 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "jwcalendar-unspec-code-execution(61057)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "jwcalendar-unspec-code-execution(61057)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "jwcalendar-unspec-code-execution(61057)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4953",
"datePublished": "2011-10-09T10:00:00",
"dateReserved": "2011-10-09T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1017
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 02:26
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/63035 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/38994 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38806 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/sav_filter_months/1.0.5/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "63035",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63035"
},
{
"name": "38994",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38806"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_months/1.0.5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "63035",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63035"
},
{
"name": "38994",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38806"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_months/1.0.5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "63035",
"refsource": "OSVDB",
"url": "http://osvdb.org/63035"
},
{
"name": "38994",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38994"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38806"
},
{
"name": "http://typo3.org/extensions/repository/view/sav_filter_months/1.0.5/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sav_filter_months/1.0.5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1017",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T02:26:20.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47125
Vulnerability from cvelistv5
Published
2023-11-14 20:07
Modified
2024-08-29 20:25
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54 | x_refsource_CONFIRM | |
| https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2023-007 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | TYPO3 | html-sanitizer |
Version: >= 1.0.0, < 1.5.3 Version: >= 2.0.0, < 2.1.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54"
},
{
"name": "https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-007",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T20:25:20.598995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:25:31.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "html-sanitizer",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.5.3"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T20:07:56.433Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54"
},
{
"name": "https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-007",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-007"
}
],
"source": {
"advisory": "GHSA-mm79-jhqm-9j54",
"discovery": "UNKNOWN"
},
"title": "By-passing Cross-Site Scripting Protection in HTML Sanitizer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47125",
"datePublished": "2023-11-14T20:07:56.433Z",
"dateReserved": "2023-10-30T19:57:51.676Z",
"dateUpdated": "2024-08-29T20:25:31.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36108
Vulnerability from cvelistv5
Published
2022-09-13 17:20
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85 | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-010 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.3.0, \u003c 10.4.32"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:20:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010"
}
],
"source": {
"advisory": "GHSA-fv2m-9249-qx85",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in typo3/cms-core",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36108",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in typo3/cms-core"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 10.3.0, \u003c 10.4.32"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
},
{
"name": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-010",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010"
}
]
},
"source": {
"advisory": "GHSA-fv2m-9249-qx85",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36108",
"datePublished": "2022-09-13T17:20:13",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6685
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/29837 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/46382 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29837"
},
{
"name": "46382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46382"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29837"
},
{
"name": "46382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46382"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29837"
},
{
"name": "46382",
"refsource": "OSVDB",
"url": "http://osvdb.org/46382"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6685",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6459
Vulnerability from cvelistv5
Published
2009-03-13 10:00
Modified
2024-08-07 11:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45255 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/48272 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31239 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "autobeuser-unspecified-sql-injection(45255)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45255"
},
{
"name": "48272",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31239",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "autobeuser-unspecified-sql-injection(45255)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45255"
},
{
"name": "48272",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31239",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "autobeuser-unspecified-sql-injection(45255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45255"
},
{
"name": "48272",
"refsource": "OSVDB",
"url": "http://osvdb.org/48272"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6459",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38499
Vulnerability from cvelistv5
Published
2023-07-25 20:54
Modified
2024-10-15 18:40
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2023-003 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"
},
{
"name": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-003",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:16:37.969976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:40:37.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.4.0, \u003c 9.5.42"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.39"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.30"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T20:54:41.648Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"
},
{
"name": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-003",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"
}
],
"source": {
"advisory": "GHSA-jq6g-4v5m-wm9r",
"discovery": "UNKNOWN"
},
"title": "typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38499",
"datePublished": "2023-07-25T20:54:41.648Z",
"dateReserved": "2023-07-18T16:28:12.076Z",
"dateUpdated": "2024-10-15T18:40:37.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0286
Vulnerability from cvelistv5
Published
2010-02-21 21:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/0127 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55609 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38206 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/61680 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0127",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0127"
},
{
"name": "typo3-openid-security-bypass(55609)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/"
},
{
"name": "38206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38206"
},
{
"name": "61680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2010-0127",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0127"
},
{
"name": "typo3-openid-security-bypass(55609)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/"
},
{
"name": "38206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38206"
},
{
"name": "61680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0127",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0127"
},
{
"name": "typo3-openid-security-bypass(55609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55609"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/"
},
{
"name": "38206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38206"
},
{
"name": "61680",
"refsource": "OSVDB",
"url": "http://osvdb.org/61680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0286",
"datePublished": "2010-02-21T21:00:00",
"dateReserved": "2010-01-12T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5305
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/95961 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/54350 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86231 | vdb-entry, x_refsource_XF | |
| http://typo3.org/extensions/repository/view/locator | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/61606 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95961"
},
{
"name": "54350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "typo3-storelocator-unspecified-xss(86231)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"name": "61606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95961"
},
{
"name": "54350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "typo3-storelocator-unspecified-xss(86231)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"name": "61606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95961",
"refsource": "OSVDB",
"url": "http://osvdb.org/95961"
},
{
"name": "54350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54350"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "typo3-storelocator-unspecified-xss(86231)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86231"
},
{
"name": "http://typo3.org/extensions/repository/view/locator",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"name": "61606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5305",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21338
Vulnerability from cvelistv5
Published
2021-03-23 01:45
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp | x_refsource_CONFIRM | |
| https://packagist.org/packages/typo3/cms-core | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-001 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c= 6.2.56"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.6.50"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T01:45:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-001"
}
],
"source": {
"advisory": "GHSA-4jhw-2p6j-5wmp",
"discovery": "UNKNOWN"
},
"title": "Open Redirection in Login Handling",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21338",
"STATE": "PUBLIC",
"TITLE": "Open Redirection in Login Handling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2.0, \u003c= 6.2.56"
},
{
"version_value": "\u003e= 7.0.0, \u003c= 7.6.50"
},
{
"version_value": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"version_value": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"version_value": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"version_value": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp"
},
{
"name": "https://packagist.org/packages/typo3/cms-core",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-001",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-001"
}
]
},
"source": {
"advisory": "GHSA-4jhw-2p6j-5wmp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21338",
"datePublished": "2021-03-23T01:45:14",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4627
Vulnerability from cvelistv5
Published
2019-11-06 16:16
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4627 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:16:40",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4627",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4627"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4627",
"datePublished": "2019-11-06T16:16:40",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5101
Vulnerability from cvelistv5
Published
2012-05-21 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/ | x_refsource_CONFIRM | |
| http://www.osvdb.org/70119 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/45470 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64180 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/35770 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/12/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/11/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/10/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "70119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70119"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "typo3-unspecified-file-include(64180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the \"file inclusion functionality.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "70119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70119"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "typo3-unspecified-file-include(64180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the \"file inclusion functionality.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "70119",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70119"
},
{
"name": "45470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "typo3-unspecified-file-include(64180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5101",
"datePublished": "2012-05-21T20:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:39.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4391
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-16 23:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4391",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-16T23:40:28.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32768
Vulnerability from cvelistv5
Published
2021-08-10 16:30
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/security/advisory/typo3-core-sa-2021-013 | x_refsource_MISC | |
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.53"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.42"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.29"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.19"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag \u0026 attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T16:30:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v"
}
],
"source": {
"advisory": "GHSA-c5c9-8c6m-727v",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting via Rich-Text Content",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32768",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting via Rich-Text Content"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.53"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.42"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.29"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.19"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.3.2"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag \u0026 attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-013",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-013"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v"
}
]
},
"source": {
"advisory": "GHSA-c5c9-8c6m-727v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32768",
"datePublished": "2021-08-10T16:30:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1080
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51848 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/78794 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51848"
},
{
"name": "78794",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51848"
},
{
"name": "78794",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78794"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51848"
},
{
"name": "78794",
"refsource": "OSVDB",
"url": "http://osvdb.org/78794"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1080",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-17T01:10:43.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0343
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 18:12
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0343",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T18:12:58.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6146
Vulnerability from cvelistv5
Published
2014-05-20 14:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-20T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6146",
"datePublished": "2014-05-20T14:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1011
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38795 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38795"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1011",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:28:31.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26229
Vulnerability from cvelistv5
Published
2020-11-23 21:15
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2020-012 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T21:15:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-012"
}
],
"source": {
"advisory": "GHSA-q9cp-mc96-m4w2",
"discovery": "UNKNOWN"
},
"title": "XML External Entity in Dashboard Widget",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26229",
"STATE": "PUBLIC",
"TITLE": "XML External Entity in Dashboard Widget"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.10"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2020-012",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-012"
}
]
},
"source": {
"advisory": "GHSA-q9cp-mc96-m4w2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26229",
"datePublished": "2020-11-23T21:15:18",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0335
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 01:35
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0335",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:35:42.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6340
Vulnerability from cvelistv5
Published
2009-02-27 17:00
Modified
2024-09-16 23:00
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/33262 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/extensions/repository/view/mv_vox_populi/0.3.1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32980 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"name": "33262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/mv_vox_populi/0.3.1/"
},
{
"name": "32980",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-27T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"name": "33262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/mv_vox_populi/0.3.1/"
},
{
"name": "32980",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"name": "33262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33262"
},
{
"name": "http://typo3.org/extensions/repository/view/mv_vox_populi/0.3.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/mv_vox_populi/0.3.1/"
},
{
"name": "32980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6340",
"datePublished": "2009-02-27T17:00:00Z",
"dateReserved": "2009-02-27T00:00:00Z",
"dateUpdated": "2024-09-16T23:00:27.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4342
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54785 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-jobexchange-sql-injection(54785)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54785"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-jobexchange-sql-injection(54785)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54785"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-jobexchange-sql-injection(54785)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54785"
},
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4342",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6462
Vulnerability from cvelistv5
Published
2009-03-13 10:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31257 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/48278 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45262 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:45.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31257",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31257"
},
{
"name": "48278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48278"
},
{
"name": "myquizpoll-unspecified-sql-injection(45262)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31257",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31257"
},
{
"name": "48278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48278"
},
{
"name": "myquizpoll-unspecified-sql-injection(45262)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31257"
},
{
"name": "48278",
"refsource": "OSVDB",
"url": "http://osvdb.org/48278"
},
{
"name": "myquizpoll-unspecified-sql-injection(45262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45262"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6462",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:34:45.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0324
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 22:14
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/ref_list/1.0.2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ref_list/1.0.2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ref_list/1.0.2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "http://typo3.org/extensions/repository/view/ref_list/1.0.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ref_list/1.0.2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0324",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T22:14:28.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6697
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46396 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43213 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29826 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46396"
},
{
"name": "worldcup-unspecified-sql-injection(43213)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43213"
},
{
"name": "29826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46396"
},
{
"name": "worldcup-unspecified-sql-injection(43213)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43213"
},
{
"name": "29826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46396",
"refsource": "OSVDB",
"url": "http://osvdb.org/46396"
},
{
"name": "worldcup-unspecified-sql-injection(43213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43213"
},
{
"name": "29826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29826"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6697",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6690
Vulnerability from cvelistv5
Published
2006-12-21 21:00
Modified
2024-08-07 20:33
Severity ?
EPSS score ?
Summary
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/454944/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/23466 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.sec-consult.com/272.html | x_refsource_MISC | |
| http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html | mailing-list, x_refsource_MLIST | |
| http://securitytracker.com/id?1017428 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/2056 | third-party-advisory, x_refsource_SREASON | |
| http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/23446 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/5094 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/21680 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061220 SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454944/100/0/threaded"
},
{
"name": "23466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-consult.com/272.html"
},
{
"name": "[TYPO3-announce] 20061219 Pre-announcement for important security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html"
},
{
"name": "1017428",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017428"
},
{
"name": "2056",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2056"
},
{
"name": "[TYPO3-announce] 20061220 TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html"
},
{
"name": "23446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23446"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0\u0026cHash=e4a40a11a9"
},
{
"name": "ADV-2006-5094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5094"
},
{
"name": "21680",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061220 SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454944/100/0/threaded"
},
{
"name": "23466",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-consult.com/272.html"
},
{
"name": "[TYPO3-announce] 20061219 Pre-announcement for important security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html"
},
{
"name": "1017428",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017428"
},
{
"name": "2056",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2056"
},
{
"name": "[TYPO3-announce] 20061220 TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html"
},
{
"name": "23446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23446"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0\u0026cHash=e4a40a11a9"
},
{
"name": "ADV-2006-5094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5094"
},
{
"name": "21680",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061220 SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454944/100/0/threaded"
},
{
"name": "23466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23466"
},
{
"name": "http://www.sec-consult.com/272.html",
"refsource": "MISC",
"url": "http://www.sec-consult.com/272.html"
},
{
"name": "[TYPO3-announce] 20061219 Pre-announcement for important security update",
"refsource": "MLIST",
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html"
},
{
"name": "1017428",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017428"
},
{
"name": "2056",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2056"
},
{
"name": "[TYPO3-announce] 20061220 TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3",
"refsource": "MLIST",
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html"
},
{
"name": "23446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23446"
},
{
"name": "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0\u0026cHash=e4a40a11a9",
"refsource": "CONFIRM",
"url": "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0\u0026cHash=e4a40a11a9"
},
{
"name": "ADV-2006-5094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5094"
},
{
"name": "21680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6690",
"datePublished": "2006-12-21T21:00:00",
"dateReserved": "2006-12-21T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19848
Vulnerability from cvelistv5
Published
2019-12-17 16:02
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/security/advisory/typo3-core-sa-2019-024/ | x_refsource_MISC | |
| https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T16:02:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:U/UI:R",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2019-024/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024/"
},
{
"name": "https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security",
"refsource": "MISC",
"url": "https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19848",
"datePublished": "2019-12-17T16:02:50",
"dateReserved": "2019-12-17T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11069
Vulnerability from cvelistv5
Published
2020-05-13 23:35
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.17"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims\u0027 user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it\u0027s actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T23:35:37",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4"
}
],
"source": {
"advisory": "GHSA-pqg8-crx9-g8m4",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in TYPO3 CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11069",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.17"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.2"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims\u0027 user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it\u0027s actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-346: Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4"
}
]
},
"source": {
"advisory": "GHSA-pqg8-crx9-g8m4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11069",
"datePublished": "2020-05-13T23:35:37",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8755
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-09-17 00:15
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034483 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/79236 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034483",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034483"
},
{
"name": "79236",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1034483",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034483"
},
{
"name": "79236",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034483",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034483"
},
{
"name": "79236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79236"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8755",
"datePublished": "2016-01-08T19:00:00Z",
"dateReserved": "2016-01-08T00:00:00Z",
"dateUpdated": "2024-09-17T00:15:49.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7081
Vulnerability from cvelistv5
Published
2013-12-23 23:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/473 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2834 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "DSA-2834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7081",
"datePublished": "2013-12-23T23:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3632
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53924 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37122 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=oss-security&m=125632856206736&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/3009 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36801 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:29.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-editing-sql-injection(53924)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53924"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "typo3-editing-sql-injection(53924)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53924"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-editing-sql-injection(53924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53924"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3632",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:29.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1019
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 00:00
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38796 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1019",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:00:41.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0345
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 01:07
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0345",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:07:07.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6696
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/toto/0.1.2/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43212 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29824 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/46394 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/toto/0.1.2/"
},
{
"name": "toto-unspecified-sql-injection(43212)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43212"
},
{
"name": "29824",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29824"
},
{
"name": "46394",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/toto/0.1.2/"
},
{
"name": "toto-unspecified-sql-injection(43212)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43212"
},
{
"name": "29824",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29824"
},
{
"name": "46394",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/toto/0.1.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/toto/0.1.2/"
},
{
"name": "toto-unspecified-sql-injection(43212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43212"
},
{
"name": "29824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29824"
},
{
"name": "46394",
"refsource": "OSVDB",
"url": "http://osvdb.org/46394"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6696",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5087
Vulnerability from cvelistv5
Published
2008-11-14 19:00
Modified
2024-09-16 22:20
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31266 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31266"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31266"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31266"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5087",
"datePublished": "2008-11-14T19:00:00Z",
"dateReserved": "2008-11-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:20:03.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21359
Vulnerability from cvelistv5
Published
2021-03-23 01:55
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packagist.org/packages/typo3/cms-core | x_refsource_MISC | |
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-005 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T01:55:19",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-005"
}
],
"source": {
"advisory": "GHSA-4p9g-qgx9-397p",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in Page Error Handling",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21359",
"STATE": "PUBLIC",
"TITLE": "Denial of Service in Page Error Handling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"version_value": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"version_value": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-674 Uncontrolled Recursion"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-405 Asymmetric Resource Consumption (Amplification)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packagist.org/packages/typo3/cms-core",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-005",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-005"
}
]
},
"source": {
"advisory": "GHSA-4p9g-qgx9-397p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21359",
"datePublished": "2021-03-23T01:55:19",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3666
Vulnerability from cvelistv5
Published
2019-11-04 21:27
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3666 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3666"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T21:27:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3666"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3666",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3666"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3666",
"datePublished": "2019-11-04T21:27:20",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4630
Vulnerability from cvelistv5
Published
2019-11-06 16:34
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4630 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4630"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:34:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4630"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4630",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4630"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4630",
"datePublished": "2019-11-06T16:34:04",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8091
Vulnerability from cvelistv5
Published
2020-01-27 21:48
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/security/advisory/typo3-psa-2019-003/ | x_refsource_MISC | |
| https://www.purplemet.com/blog/typo3-xss-vulnerability | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-psa-2019-003/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.purplemet.com/blog/typo3-xss-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:N/C:L/I:L/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T14:21:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-psa-2019-003/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.purplemet.com/blog/typo3-xss-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:N/C:L/I:L/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-psa-2019-003/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-psa-2019-003/"
},
{
"name": "https://www.purplemet.com/blog/typo3-xss-vulnerability",
"refsource": "MISC",
"url": "https://www.purplemet.com/blog/typo3-xss-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8091",
"datePublished": "2020-01-27T21:48:39",
"dateReserved": "2020-01-27T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-34358
Vulnerability from cvelistv5
Published
2024-05-14 14:26
Modified
2024-08-02 02:51
Severity ?
EPSS score ?
Summary
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957 | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14 | x_refsource_MISC | |
| https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5 | x_refsource_MISC | |
| https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2024-010 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "typo3",
"vendor": "typo3",
"versions": [
{
"lessThan": "9.5.48",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
},
{
"lessThan": "10.4.45",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThan": "11.5.37",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"lessThan": "12.4.15",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.1",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:43:40.290858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:46:38.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957"
},
{
"name": "https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14"
},
{
"name": "https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5"
},
{
"name": "https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-010",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.48"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.45"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.37"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.15"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3\u0026...\u0026frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T14:26:36.422Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957"
},
{
"name": "https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14"
},
{
"name": "https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5"
},
{
"name": "https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-010",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-010"
}
],
"source": {
"advisory": "GHSA-36g8-62qv-5957",
"discovery": "UNKNOWN"
},
"title": "TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34358",
"datePublished": "2024-05-14T14:26:36.422Z",
"dateReserved": "2024-05-02T06:36:32.438Z",
"dateUpdated": "2024-08-02T02:51:11.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55894
Vulnerability from cvelistv5
Published
2025-01-14 19:57
Modified
2025-01-14 19:57
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Backend User Module” allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.48"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.42"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.25"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cBackend User Module\u201d allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:57:28.172Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v"
}
],
"source": {
"advisory": "GHSA-6w4x-gcx3-8p7v",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in Backend User Module in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55894",
"datePublished": "2025-01-14T19:57:28.172Z",
"dateReserved": "2024-12-12T15:03:39.206Z",
"dateUpdated": "2025-01-14T19:57:28.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24814
Vulnerability from cvelistv5
Published
2023-02-07 18:14
Modified
2024-08-02 11:03
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:19.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3"
},
{
"name": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a"
},
{
"name": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix"
},
{
"name": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484"
},
{
"name": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-001",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-001"
},
{
"name": "https://typo3.org/security/advisory/typo3-psa-2023-001",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-psa-2023-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.7.0, \u003c 8.7.51"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.40"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.36"
},
{
"status": "affected",
"version": "11.0.0, \u003c 11.5.23"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv(\u0027SCRIPT_NAME\u0027)` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-07T18:14:29.388Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3"
},
{
"name": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a"
},
{
"name": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix"
},
{
"name": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484"
},
{
"name": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-001",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-001"
},
{
"name": "https://typo3.org/security/advisory/typo3-psa-2023-001",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-psa-2023-001"
}
],
"source": {
"advisory": "GHSA-r4f8-f93x-5qh3",
"discovery": "UNKNOWN"
},
"title": "Persisted Cross-Site Scripting in Frontend Rendering in typo3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-24814",
"datePublished": "2023-02-07T18:14:29.388Z",
"dateReserved": "2023-01-30T14:43:33.704Z",
"dateUpdated": "2024-08-02T11:03:19.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47127
Vulnerability from cvelistv5
Published
2023-11-14 19:26
Modified
2024-08-29 20:42
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2023-006 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm"
},
{
"name": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-006",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-006"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T20:41:35.630256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:42:22.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.55"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.44"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.41"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.33"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T17:11:29.026Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm"
},
{
"name": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-006",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-006"
}
],
"source": {
"advisory": "GHSA-3vmm-7h4j-69rm",
"discovery": "UNKNOWN"
},
"title": "Weak Authentication in Session Handling in typo3/cms-core"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47127",
"datePublished": "2023-11-14T19:26:07.849Z",
"dateReserved": "2023-10-30T19:57:51.677Z",
"dateUpdated": "2024-08-29T20:42:22.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4721
Vulnerability from cvelistv5
Published
2013-06-27 20:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82218 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/90411 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-rssfeed-unspecified-sql-injection(82218)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82218"
},
{
"name": "90411",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-rssfeed-unspecified-sql-injection(82218)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82218"
},
{
"name": "90411",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-rssfeed-unspecified-sql-injection(82218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82218"
},
{
"name": "90411",
"refsource": "OSVDB",
"url": "http://osvdb.org/90411"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4721",
"datePublished": "2013-06-27T20:00:00",
"dateReserved": "2013-06-27T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55892
Vulnerability from cvelistv5
Published
2025-01-14 20:01
Modified
2025-01-14 20:13
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2025-002 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T20:12:41.686181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:13:02.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.49"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.48"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.42"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.25"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\\CMS\\Core\\Http\\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:01:55.952Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-002",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-002"
}
],
"source": {
"advisory": "GHSA-2fx5-pggv-6jjr",
"discovery": "UNKNOWN"
},
"title": "Potential Open Redirect via Parsing Differences in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55892",
"datePublished": "2025-01-14T20:01:55.952Z",
"dateReserved": "2024-12-12T15:03:39.206Z",
"dateUpdated": "2025-01-14T20:13:02.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0323
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0323",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:45.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6370
Vulnerability from cvelistv5
Published
2017-03-17 17:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97071 | vdb-entry, x_refsource_BID | |
| https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97071"
},
{
"name": "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request",
"refsource": "MISC",
"url": "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6370",
"datePublished": "2017-03-17T17:00:00",
"dateReserved": "2017-02-28T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0255
Vulnerability from cvelistv5
Published
2009-01-22 23:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/33617 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1711 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/33376 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/33679 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33617"
},
{
"name": "DSA-1711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "typo3-installtool-weak-security(48132)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
},
{
"name": "33376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "33679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33617"
},
{
"name": "DSA-1711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "typo3-installtool-weak-security(48132)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
},
{
"name": "33376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "33679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33679"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33617"
},
{
"name": "DSA-1711",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "typo3-installtool-weak-security(48132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
},
{
"name": "33376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "33679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0255",
"datePublished": "2009-01-22T23:00:00",
"dateReserved": "2009-01-22T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21357
Vulnerability from cvelistv5
Published
2021-03-23 01:50
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packagist.org/packages/typo3/cms-form | x_refsource_MISC | |
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-003 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T01:50:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003"
}
],
"source": {
"advisory": "GHSA-3vg7-jw9m-pc3f",
"discovery": "UNKNOWN"
},
"title": "Broken Access Control in Form Framework",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21357",
"STATE": "PUBLIC",
"TITLE": "Broken Access Control in Form Framework"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"version_value": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"version_value": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"version_value": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packagist.org/packages/typo3/cms-form",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-003",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003"
}
]
},
"source": {
"advisory": "GHSA-3vg7-jw9m-pc3f",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21357",
"datePublished": "2021-03-23T01:50:23",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5103
Vulnerability from cvelistv5
Published
2012-05-21 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/45470 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35770 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/12/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/11/3 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64184 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/70117 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2012/05/10/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-listmodule-sql-injection(64184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64184"
},
{
"name": "70117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70117"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-listmodule-sql-injection(64184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64184"
},
{
"name": "70117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70117"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-listmodule-sql-injection(64184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64184"
},
{
"name": "70117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70117"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5103",
"datePublished": "2012-05-21T20:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6289
Vulnerability from cvelistv5
Published
2013-10-28 22:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/62674 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/ | x_refsource_MISC | |
| http://secunia.com/advisories/54978 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/extensions/repository/view/solr | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"name": "54978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/solr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"name": "54978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/solr"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62674"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"name": "54978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54978"
},
{
"name": "http://typo3.org/extensions/repository/view/solr",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/solr"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6289",
"datePublished": "2013-10-28T22:00:00",
"dateReserved": "2013-10-28T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0333
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 20:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0333",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T20:41:53.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3980
Vulnerability from cvelistv5
Published
2011-10-04 10:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-010/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69694 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/49516 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-010/"
},
{
"name": "dragdrop-typo3-file-upload(69694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69694"
},
{
"name": "49516",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-010/"
},
{
"name": "dragdrop-typo3-file-upload(69694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69694"
},
{
"name": "49516",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-010/"
},
{
"name": "dragdrop-typo3-file-upload(69694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69694"
},
{
"name": "49516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3980",
"datePublished": "2011-10-04T10:00:00",
"dateReserved": "2011-10-03T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36106
Vulnerability from cvelistv5
Published
2022-09-13 17:35
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2 | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-008 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.4.0, \u003c 10.4.32"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:35:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008"
}
],
"source": {
"advisory": "GHSA-5959-4x58-r8c2",
"discovery": "UNKNOWN"
},
"title": "Missing check for expiration time of password reset token in TYPO3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36106",
"STATE": "PUBLIC",
"TITLE": "Missing check for expiration time of password reset token in TYPO3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 10.4.0, \u003c 10.4.32"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
},
{
"name": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-008",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008"
}
]
},
"source": {
"advisory": "GHSA-5959-4x58-r8c2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36106",
"datePublished": "2022-09-13T17:35:11",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6688
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46385 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/29828 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43202 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:58.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46385"
},
{
"name": "29828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29828"
},
{
"name": "dmmjobcontrol-unspecified-xss(43202)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46385"
},
{
"name": "29828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29828"
},
{
"name": "dmmjobcontrol-unspecified-xss(43202)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46385",
"refsource": "OSVDB",
"url": "http://osvdb.org/46385"
},
{
"name": "29828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29828"
},
{
"name": "dmmjobcontrol-unspecified-xss(43202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6688",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:58.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2106
Vulnerability from cvelistv5
Published
2009-06-17 17:00
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/civserv/4.3.3/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/35395 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/55121 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/35479 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/civserv/4.3.3/"
},
{
"name": "35395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35395"
},
{
"name": "55121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/"
},
{
"name": "35479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/civserv/4.3.3/"
},
{
"name": "35395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35395"
},
{
"name": "55121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/"
},
{
"name": "35479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/civserv/4.3.3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/civserv/4.3.3/"
},
{
"name": "35395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35395"
},
{
"name": "55121",
"refsource": "OSVDB",
"url": "http://osvdb.org/55121"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/"
},
{
"name": "35479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2106",
"datePublished": "2009-06-17T17:00:00",
"dateReserved": "2009-06-17T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1018
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38803 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38803"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38803"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38803"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1018",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:56:22.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1010
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38792 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1010",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:01:37.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1009
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38789 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38789"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38789"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38789"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1009",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:01:34.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2047
Vulnerability from cvelistv5
Published
2015-02-23 17:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/72763 | vdb-entry, x_refsource_BID | |
| https://review.typo3.org/#/c/37013/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1031824 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2015/02/22/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/02/22/8 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3164 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.typo3.org/#/c/37013/"
},
{
"name": "openSUSE-SU-2016:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"name": "1031824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031824"
},
{
"name": "[oss-security] 20150222 CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/4"
},
{
"name": "[oss-security] 20150222 Re: CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/"
},
{
"name": "DSA-3164",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "72763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.typo3.org/#/c/37013/"
},
{
"name": "openSUSE-SU-2016:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"name": "1031824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031824"
},
{
"name": "[oss-security] 20150222 CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/4"
},
{
"name": "[oss-security] 20150222 Re: CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/"
},
{
"name": "DSA-3164",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-2047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72763"
},
{
"name": "https://review.typo3.org/#/c/37013/",
"refsource": "CONFIRM",
"url": "https://review.typo3.org/#/c/37013/"
},
{
"name": "openSUSE-SU-2016:2169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"name": "1031824",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031824"
},
{
"name": "[oss-security] 20150222 CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/4"
},
{
"name": "[oss-security] 20150222 Re: CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/8"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/"
},
{
"name": "DSA-3164",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-2047",
"datePublished": "2015-02-23T17:00:00",
"dateReserved": "2015-02-22T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6630
Vulnerability from cvelistv5
Published
2009-04-07 10:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/30217 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080513-1/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42364 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29182 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/45050 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080513-1/"
},
{
"name": "wtgallery-image-info-disclosure(42364)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42364"
},
{
"name": "29182",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29182"
},
{
"name": "45050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080513-1/"
},
{
"name": "wtgallery-image-info-disclosure(42364)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42364"
},
{
"name": "29182",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29182"
},
{
"name": "45050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30217"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080513-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080513-1/"
},
{
"name": "wtgallery-image-info-disclosure(42364)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42364"
},
{
"name": "29182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29182"
},
{
"name": "45050",
"refsource": "OSVDB",
"url": "http://osvdb.org/45050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6630",
"datePublished": "2009-04-07T10:00:00",
"dateReserved": "2009-04-06T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0341
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0341",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T18:39:33.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4339
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54782 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:19.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-subscription-sql-injection(54782)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54782"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-subscription-sql-injection(54782)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54782"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-subscription-sql-injection(54782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54782"
},
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4339",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:19.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3633
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37122 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53925 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=oss-security&m=125633199111438&w=2 | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=oss-security&m=125632856206736&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/3009 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36801 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:29.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "typo3-t3libdivquotejsvalue-xss(53925)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53925"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "typo3-t3libdivquotejsvalue-xss(53925)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53925"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37122"
},
{
"name": "typo3-t3libdivquotejsvalue-xss(53925)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53925"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3633",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:29.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0258
Vulnerability from cvelistv5
Published
2009-01-22 23:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/33617 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1711 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48138 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/33376 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2009/01/23/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/33679 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33617"
},
{
"name": "DSA-1711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "typo3-indexedsearch-command-execution(48138)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48138"
},
{
"name": "33376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "[oss-security] 20090123 Re: CVE id request: typo3 SA-2009-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/23/4"
},
{
"name": "33679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33617"
},
{
"name": "DSA-1711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "typo3-indexedsearch-command-execution(48138)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48138"
},
{
"name": "33376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "[oss-security] 20090123 Re: CVE id request: typo3 SA-2009-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/23/4"
},
{
"name": "33679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33679"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33617"
},
{
"name": "DSA-1711",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "typo3-indexedsearch-command-execution(48138)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48138"
},
{
"name": "33376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "[oss-security] 20090123 Re: CVE id request: typo3 SA-2009-001",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/23/4"
},
{
"name": "33679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0258",
"datePublished": "2009-01-22T23:00:00",
"dateReserved": "2009-01-22T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26227
Vulnerability from cvelistv5
Published
2020-11-23 21:05
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2020-010 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.23"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T21:05:18",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-010"
}
],
"source": {
"advisory": "GHSA-vqqx-jw6p-q3rf",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Fluid view helpers",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26227",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Fluid view helpers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.23"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.10"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2020-010",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-010"
}
]
},
"source": {
"advisory": "GHSA-vqqx-jw6p-q3rf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26227",
"datePublished": "2020-11-23T21:05:18",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1087
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://osvdb.org/78789 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78789",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78789"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78789",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78789"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78789",
"refsource": "OSVDB",
"url": "http://osvdb.org/78789"
},
{
"name": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1087",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:56:38.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4953
Vulnerability from cvelistv5
Published
2010-07-22 18:00
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-22T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4953",
"datePublished": "2010-07-22T18:00:00Z",
"dateReserved": "2010-07-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:22:04.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4701
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4701",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T19:30:52.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1079
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_CONFIRM | |
| http://osvdb.org/78792 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/51843 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72965 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78792",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78792"
},
{
"name": "51843",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51843"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/"
},
{
"name": "typo3-webservices-unspecified-code-execution(72965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78792",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78792"
},
{
"name": "51843",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51843"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/"
},
{
"name": "typo3-webservices-unspecified-code-execution(72965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78792",
"refsource": "OSVDB",
"url": "http://osvdb.org/78792"
},
{
"name": "51843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51843"
},
{
"name": "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/",
"refsource": "MISC",
"url": "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/"
},
{
"name": "typo3-webservices-unspecified-code-execution(72965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1079",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1007
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 16:18
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38811 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38811",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38811"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38811",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38811"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38811"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1007",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T16:18:49.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-34356
Vulnerability from cvelistv5
Published
2024-05-14 14:05
Modified
2024-08-02 02:51
Severity ?
EPSS score ?
Summary
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3 | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156 | x_refsource_MISC | |
| https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5 | x_refsource_MISC | |
| https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2024-008 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:21:11.529326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:04.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3"
},
{
"name": "https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156"
},
{
"name": "https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5"
},
{
"name": "https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-008",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.48"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.45"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.37"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.15"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T14:05:19.851Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3"
},
{
"name": "https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156"
},
{
"name": "https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5"
},
{
"name": "https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-008",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-008"
}
],
"source": {
"advisory": "GHSA-v6mw-h7w6-59w3",
"discovery": "UNKNOWN"
},
"title": "TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34356",
"datePublished": "2024-05-14T14:05:19.851Z",
"dateReserved": "2024-05-02T06:36:32.438Z",
"dateUpdated": "2024-08-02T02:51:11.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0336
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 04:03
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0336",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T04:03:49.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3671
Vulnerability from cvelistv5
Published
2019-11-05 19:19
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3671 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3671"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim\u0027s session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T19:19:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3671"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim\u0027s session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3671",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3671"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3671",
"datePublished": "2019-11-05T19:19:02",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4957
Vulnerability from cvelistv5
Published
2011-10-09 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61042 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/42369 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/67031 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40950 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "questionnaire-unspecified-sql-injection(61042)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61042"
},
{
"name": "42369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42369"
},
{
"name": "67031",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/67031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3"
},
{
"name": "40950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "questionnaire-unspecified-sql-injection(61042)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61042"
},
{
"name": "42369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42369"
},
{
"name": "67031",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/67031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3"
},
{
"name": "40950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "questionnaire-unspecified-sql-injection(61042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61042"
},
{
"name": "42369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42369"
},
{
"name": "67031",
"refsource": "OSVDB",
"url": "http://osvdb.org/67031"
},
{
"name": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3"
},
{
"name": "40950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4957",
"datePublished": "2011-10-09T10:00:00",
"dateReserved": "2011-10-09T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3605
Vulnerability from cvelistv5
Published
2010-09-24 19:44
Modified
2024-09-17 00:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019 | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/powermail/1.5.4 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41530 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"name": "41530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-24T19:44:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"name": "41530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"name": "http://typo3.org/extensions/repository/view/powermail/1.5.4",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"name": "41530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3605",
"datePublished": "2010-09-24T19:44:00Z",
"dateReserved": "2010-09-24T00:00:00Z",
"dateUpdated": "2024-09-17T00:17:31.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5995
Vulnerability from cvelistv5
Published
2009-01-28 15:00
Modified
2024-08-07 11:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/sr_freecap/1.0.4/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45379 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080924-2/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/31946 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31370 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sr_freecap/1.0.4/"
},
{
"name": "freecapcaptcha-unspecified-xss(45379)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080924-2/"
},
{
"name": "31946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31946"
},
{
"name": "31370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/sr_freecap/1.0.4/"
},
{
"name": "freecapcaptcha-unspecified-xss(45379)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080924-2/"
},
{
"name": "31946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31946"
},
{
"name": "31370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/sr_freecap/1.0.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sr_freecap/1.0.4/"
},
{
"name": "freecapcaptcha-unspecified-xss(45379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45379"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080924-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080924-2/"
},
{
"name": "31946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31946"
},
{
"name": "31370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5995",
"datePublished": "2009-01-28T15:00:00",
"dateReserved": "2009-01-28T00:00:00",
"dateUpdated": "2024-08-07T11:13:13.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6695
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43210 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30737 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29823 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/ | x_refsource_CONFIRM | |
| http://osvdb.org/46392 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "timtabsociable-unspecified-sql-injection(43210)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43210"
},
{
"name": "30737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30737"
},
{
"name": "29823",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/"
},
{
"name": "46392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "timtabsociable-unspecified-sql-injection(43210)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43210"
},
{
"name": "30737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30737"
},
{
"name": "29823",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/"
},
{
"name": "46392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "timtabsociable-unspecified-sql-injection(43210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43210"
},
{
"name": "30737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30737"
},
{
"name": "29823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29823"
},
{
"name": "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/"
},
{
"name": "46392",
"refsource": "OSVDB",
"url": "http://osvdb.org/46392"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6695",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3941
Vulnerability from cvelistv5
Published
2014-06-03 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2014/dsa-2942 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html | vendor-advisory, x_refsource_SUSE | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/06/03/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:2025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"name": "openSUSE-SU-2014:0813",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "openSUSE-SU-2016:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to \"Host Spoofing.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:2025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"name": "openSUSE-SU-2014:0813",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "openSUSE-SU-2016:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to \"Host Spoofing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"name": "openSUSE-SU-2014:0813",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "openSUSE-SU-2016:2114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3941",
"datePublished": "2014-06-03T14:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21365
Vulnerability from cvelistv5
Published
2021-04-27 19:30
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx | x_refsource_CONFIRM | |
| https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-ext-sa-2021-007 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | benjaminkott | bootstrap_package |
Version: >= 7.1.0, < 7.1.2 Version: >= 8.0.0, < 8.0.8 Version: >= 9.0.0, < 9.0.4 Version: >= 9.1.0, < 9.1.3 Version: >= 10.0.0, < 10.0.10 Version: >= 11.0.0, < 11.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bootstrap_package",
"vendor": "benjaminkott",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.1.0, \u003c 7.1.2"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.8"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.0.4"
},
{
"status": "affected",
"version": "\u003e= 9.1.0, \u003c 9.1.3"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.0.10"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-27T19:30:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-007"
}
],
"source": {
"advisory": "GHSA-p48w-vf3c-rqjx",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Content Rendering",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21365",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Content Rendering"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bootstrap_package",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.1.0, \u003c 7.1.2"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.0.8"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.0.4"
},
{
"version_value": "\u003e= 9.1.0, \u003c 9.1.3"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.0.10"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.0.3"
}
]
}
}
]
},
"vendor_name": "benjaminkott"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx",
"refsource": "CONFIRM",
"url": "https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx"
},
{
"name": "https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b",
"refsource": "MISC",
"url": "https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b"
},
{
"name": "https://typo3.org/security/advisory/typo3-ext-sa-2021-007",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-007"
}
]
},
"source": {
"advisory": "GHSA-p48w-vf3c-rqjx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21365",
"datePublished": "2021-04-27T19:30:17",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23503
Vulnerability from cvelistv5
Published
2022-12-14 07:51
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.49"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.38"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.33"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.20"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T07:51:03.984Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm"
}
],
"source": {
"advisory": "GHSA-c5wx-6c2c-f7rm",
"discovery": "UNKNOWN"
},
"title": "TYPO3 vulnerable to Arbitrary Code Execution via Form Framework"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23503",
"datePublished": "2022-12-14T07:51:03.984Z",
"dateReserved": "2022-01-19T21:23:53.770Z",
"dateUpdated": "2024-08-03T03:43:46.542Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4705
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-17 02:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4705",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-17T02:32:42.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4888
Vulnerability from cvelistv5
Published
2011-10-07 10:00
Modified
2024-09-16 20:26
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4888",
"datePublished": "2011-10-07T10:00:00Z",
"dateReserved": "2011-10-07T00:00:00Z",
"dateUpdated": "2024-09-16T20:26:39.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1027
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56980 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/38802 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "travelmates-unspecified-sql-injection(56980)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56980"
},
{
"name": "38802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "travelmates-unspecified-sql-injection(56980)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56980"
},
{
"name": "38802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "travelmates-unspecified-sql-injection(56980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56980"
},
{
"name": "38802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38802"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1027",
"datePublished": "2010-03-19T18:35:00",
"dateReserved": "2010-03-19T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55924
Vulnerability from cvelistv5
Published
2025-01-14 19:16
Modified
2025-01-14 19:16
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Scheduler Module” allows attackers to trigger pre-defined command classes - which can lead to unauthorized import or export of data in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-7835-fcv3-g256 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2025-009 | x_refsource_MISC |
{
"containers": {
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cScheduler Module\u201d allows attackers to trigger pre-defined command classes - which can lead to unauthorized import or export of data in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:16:46.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-7835-fcv3-g256",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-7835-fcv3-g256"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-009",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-009"
}
],
"source": {
"advisory": "GHSA-7835-fcv3-g256",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in Scheduler Module in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55924",
"datePublished": "2025-01-14T19:16:46.693Z",
"dateReserved": "2024-12-13T13:40:23.284Z",
"dateUpdated": "2025-01-14T19:16:46.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4614
Vulnerability from cvelistv5
Published
2012-02-18 00:00
Modified
2024-09-17 04:24
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/77776 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/47201 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2011/12/16/1 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/ | x_refsource_CONFIRM | |
| http://typo3.org/fileadmin/security-team/bug32571/32571.diff | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77776",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77776"
},
{
"name": "47201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47201"
},
{
"name": "[oss-security] 20111216 TYPO3 typo3-core-sa-2011-004",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/12/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/fileadmin/security-team/bug32571/32571.diff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-18T00:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "77776",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77776"
},
{
"name": "47201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47201"
},
{
"name": "[oss-security] 20111216 TYPO3 typo3-core-sa-2011-004",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/12/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/fileadmin/security-team/bug32571/32571.diff"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77776",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77776"
},
{
"name": "47201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47201"
},
{
"name": "[oss-security] 20111216 TYPO3 typo3-core-sa-2011-004",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/12/16/1"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/"
},
{
"name": "http://typo3.org/fileadmin/security-team/bug32571/32571.diff",
"refsource": "CONFIRM",
"url": "http://typo3.org/fileadmin/security-team/bug32571/32571.diff"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4614",
"datePublished": "2012-02-18T00:00:00Z",
"dateReserved": "2011-11-29T00:00:00Z",
"dateUpdated": "2024-09-17T04:24:23.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15099
Vulnerability from cvelistv5
Published
2020-07-29 16:15
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2020-007 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.20"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, 10.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-29T16:15:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-007"
}
],
"source": {
"advisory": "GHSA-3x94-fv5h-5q2c",
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15099",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.20"
},
{
"version_value": "\u003e= 10.0.0, 10.4.6"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2020-007",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-007"
}
]
},
"source": {
"advisory": "GHSA-3x94-fv5h-5q2c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15099",
"datePublished": "2020-07-29T16:15:15",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3630
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37122 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53920 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=oss-security&m=125632856206736&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/3009 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36801 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:28.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "typo3-url-hijacking(53920)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53920"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a \"frame hijacking\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "typo3-url-hijacking(53920)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53920"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a \"frame hijacking\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37122"
},
{
"name": "typo3-url-hijacking(53920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53920"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3630",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:28.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55923
Vulnerability from cvelistv5
Published
2025-01-14 19:20
Modified
2025-01-14 19:20
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Indexed Search Module” allows attackers to delete items of the component. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-7r5q-4qgx-v545 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2025-008 | x_refsource_MISC |
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.48"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.42"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.25"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cIndexed Search Module\u201d allows attackers to delete items of the component. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:20:11.061Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-7r5q-4qgx-v545",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-7r5q-4qgx-v545"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-008",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-008"
}
],
"source": {
"advisory": "GHSA-7r5q-4qgx-v545",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in Indexed Search Module in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55923",
"datePublished": "2025-01-14T19:20:11.061Z",
"dateReserved": "2024-12-13T13:40:23.283Z",
"dateUpdated": "2025-01-14T19:20:11.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5797
Vulnerability from cvelistv5
Published
2008-12-31 11:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46469 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/32230 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "advcalendar-unspecified-sql-injection(46469)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46469"
},
{
"name": "32230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "advcalendar-unspecified-sql-injection(46469)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46469"
},
{
"name": "32230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "advcalendar-unspecified-sql-injection(46469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46469"
},
{
"name": "32230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32230"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5797",
"datePublished": "2008-12-31T11:00:00",
"dateReserved": "2008-12-30T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4702
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4702",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T17:03:04.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1607
Vulnerability from cvelistv5
Published
2012-09-04 20:00
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48647 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/48622 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/03/30/4 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/80761 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2445 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/52771 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48647"
},
{
"name": "48622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48622"
},
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"name": "80761",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "DSA-2445",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"name": "52771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48647"
},
{
"name": "48622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48622"
},
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"name": "80761",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "DSA-2445",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"name": "52771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52771"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48647"
},
{
"name": "48622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48622"
},
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"name": "80761",
"refsource": "OSVDB",
"url": "http://osvdb.org/80761"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "DSA-2445",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"name": "52771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52771"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1607",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-16T19:35:52.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5569
Vulnerability from cvelistv5
Published
2013-08-23 15:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/ | x_refsource_MISC | |
| http://osvdb.org/90417 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82219 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"name": "90417",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90417"
},
{
"name": "typo3-slideshare-unspecified-sql-injection(82219)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"name": "90417",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90417"
},
{
"name": "typo3-slideshare-unspecified-sql-injection(82219)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"name": "90417",
"refsource": "OSVDB",
"url": "http://osvdb.org/90417"
},
{
"name": "typo3-slideshare-unspecified-sql-injection(82219)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5569",
"datePublished": "2013-08-23T15:00:00",
"dateReserved": "2013-08-23T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4961
Vulnerability from cvelistv5
Published
2011-10-09 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61059 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/42381 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/webkitpdf/1.1.4 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "webkit-unspecified-sql-injection(61059)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61059"
},
{
"name": "42381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "webkit-unspecified-sql-injection(61059)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61059"
},
{
"name": "42381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "webkit-unspecified-sql-injection(61059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61059"
},
{
"name": "42381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42381"
},
{
"name": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4961",
"datePublished": "2011-10-09T10:00:00",
"dateReserved": "2011-10-09T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0256
Vulnerability from cvelistv5
Published
2009-01-22 23:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/33617 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1711 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/33376 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48133 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/33679 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33617"
},
{
"name": "DSA-1711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "33376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "typo3-library-session-hijacking(48133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
},
{
"name": "33679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33617"
},
{
"name": "DSA-1711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "33376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "typo3-library-session-hijacking(48133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
},
{
"name": "33679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33679"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33617"
},
{
"name": "DSA-1711",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "33376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "typo3-library-session-hijacking(48133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
},
{
"name": "33679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0256",
"datePublished": "2009-01-22T23:00:00",
"dateReserved": "2009-01-22T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4165
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4165",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-16T22:36:44.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4803
Vulnerability from cvelistv5
Published
2010-04-23 14:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/33997 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "33997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-23T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "33997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "33997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4803",
"datePublished": "2010-04-23T14:00:00Z",
"dateReserved": "2010-04-23T00:00:00Z",
"dateUpdated": "2024-09-16T19:10:59.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4748
Vulnerability from cvelistv5
Published
2013-07-01 23:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/ | x_refsource_MISC | |
| http://typo3.org/extensions/repository/view/news | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81192 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/89134 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/news"
},
{
"name": "typo3-news-unspecified-sql-injection(81192)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81192"
},
{
"name": "89134",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/news"
},
{
"name": "typo3-news-unspecified-sql-injection(81192)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81192"
},
{
"name": "89134",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/"
},
{
"name": "http://typo3.org/extensions/repository/view/news",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/news"
},
{
"name": "typo3-news-unspecified-sql-injection(81192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81192"
},
{
"name": "89134",
"refsource": "OSVDB",
"url": "http://osvdb.org/89134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4748",
"datePublished": "2013-07-01T23:00:00",
"dateReserved": "2013-07-01T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7076
Vulnerability from cvelistv5
Published
2013-12-21 00:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/487 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/100883 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89624 | vdb-entry, x_refsource_XF | |
| http://seclists.org/oss-sec/2013/q4/473 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/64247 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2014/dsa-2834 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "100883",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100883"
},
{
"name": "extensionmanager-url-xss(89624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89624"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "64247",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64247"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "100883",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100883"
},
{
"name": "extensionmanager-url-xss(89624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89624"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "64247",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64247"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "100883",
"refsource": "OSVDB",
"url": "http://osvdb.org/100883"
},
{
"name": "extensionmanager-url-xss(89624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89624"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "64247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64247"
},
{
"name": "DSA-2834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7076",
"datePublished": "2013-12-21T00:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5096
Vulnerability from cvelistv5
Published
2008-11-14 19:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31262 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45258 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31262"
},
{
"name": "filelist-unspecified-information-disclosure(45258)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31262"
},
{
"name": "filelist-unspecified-information-disclosure(45258)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31262"
},
{
"name": "filelist-unspecified-information-disclosure(45258)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45258"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5096",
"datePublished": "2008-11-14T19:00:00",
"dateReserved": "2008-11-14T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21358
Vulnerability from cvelistv5
Published
2021-03-23 01:50
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 | x_refsource_CONFIRM | |
| https://packagist.org/packages/typo3/cms-form | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-004 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.2.0, \u003c= 10.4.13"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T01:50:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-004"
}
],
"source": {
"advisory": "GHSA-x79j-wgqv-g8h2",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in typo3/cms-form",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21358",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in typo3/cms-form"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 10.2.0, \u003c= 10.4.13"
},
{
"version_value": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2"
},
{
"name": "https://packagist.org/packages/typo3/cms-form",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-004",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-004"
}
]
},
"source": {
"advisory": "GHSA-x79j-wgqv-g8h2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21358",
"datePublished": "2021-03-23T01:50:16",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21339
Vulnerability from cvelistv5
Published
2021-03-23 01:50
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packagist.org/packages/typo3/cms-core | x_refsource_MISC | |
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-006 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c= 6.2.56"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.6.50"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T01:50:40",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006"
}
],
"source": {
"advisory": "GHSA-qx3w-4864-94ch",
"discovery": "UNKNOWN"
},
"title": "Cleartext storage of session identifier",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21339",
"STATE": "PUBLIC",
"TITLE": "Cleartext storage of session identifier"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2.0, \u003c= 6.2.56"
},
{
"version_value": "\u003e= 7.0.0, \u003c= 7.6.50"
},
{
"version_value": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"version_value": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"version_value": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"version_value": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packagist.org/packages/typo3/cms-core",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-006",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006"
}
]
},
"source": {
"advisory": "GHSA-qx3w-4864-94ch",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21339",
"datePublished": "2021-03-23T01:50:40",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0257
Vulnerability from cvelistv5
Published
2009-01-22 23:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/33617 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48135 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2009/dsa-1711 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48136 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48137 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/33376 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48133 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/33679 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33617"
},
{
"name": "typo3-indexedsearchengine-xss(48135)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
},
{
"name": "DSA-1711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "typo3-workspace-xss(48136)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
},
{
"name": "typo3-adodb-xss(48137)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
},
{
"name": "33376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "typo3-library-session-hijacking(48133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
},
{
"name": "33679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33617"
},
{
"name": "typo3-indexedsearchengine-xss(48135)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
},
{
"name": "DSA-1711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "typo3-workspace-xss(48136)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
},
{
"name": "typo3-adodb-xss(48137)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
},
{
"name": "33376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "typo3-library-session-hijacking(48133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
},
{
"name": "33679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33679"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"name": "33617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33617"
},
{
"name": "typo3-indexedsearchengine-xss(48135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
},
{
"name": "DSA-1711",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"name": "typo3-workspace-xss(48136)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
},
{
"name": "typo3-adodb-xss(48137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
},
{
"name": "33376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"name": "typo3-library-session-hijacking(48133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
},
{
"name": "33679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0257",
"datePublished": "2009-01-22T23:00:00",
"dateReserved": "2009-01-22T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4904
Vulnerability from cvelistv5
Published
2019-11-06 16:58
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4904 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:58:37",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4904",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4904"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4904",
"datePublished": "2019-11-06T16:58:37",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4163
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-16 18:23
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4163",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-16T18:23:38.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3529
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77793 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2012/dsa-2537 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/08/22/8 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/50287 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/84775 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "typo3-config-module-info-disc(77793)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "50287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50287"
},
{
"name": "84775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/84775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "typo3-config-module-info-disc(77793)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "50287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50287"
},
{
"name": "84775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/84775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "typo3-config-module-info-disc(77793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793"
},
{
"name": "DSA-2537",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "50287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50287"
},
{
"name": "84775",
"refsource": "OSVDB",
"url": "http://osvdb.org/84775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3529",
"datePublished": "2012-09-05T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36105
Vulnerability from cvelistv5
Published
2022-09-13 17:40
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-007 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:40:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
],
"source": {
"advisory": "GHSA-m392-235j-9r7r",
"discovery": "UNKNOWN"
},
"title": "User Enumeration via Response Timing in TYPO3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36105",
"STATE": "PUBLIC",
"TITLE": "User Enumeration via Response Timing in TYPO3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"name": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-007",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
]
},
"source": {
"advisory": "GHSA-m392-235j-9r7r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36105",
"datePublished": "2022-09-13T17:40:13",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6343
Vulnerability from cvelistv5
Published
2009-02-27 17:00
Modified
2024-09-17 02:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-27T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6343",
"datePublished": "2009-02-27T17:00:00Z",
"dateReserved": "2009-02-27T00:00:00Z",
"dateUpdated": "2024-09-17T02:53:09.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6461
Vulnerability from cvelistv5
Published
2009-03-13 10:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31264 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/48280 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45264 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:45.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31264"
},
{
"name": "48280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48280"
},
{
"name": "steprayer2-unspecified-sql-injection(45264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31264"
},
{
"name": "48280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48280"
},
{
"name": "steprayer2-unspecified-sql-injection(45264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31264"
},
{
"name": "48280",
"refsource": "OSVDB",
"url": "http://osvdb.org/48280"
},
{
"name": "steprayer2-unspecified-sql-injection(45264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45264"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6461",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:34:45.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0339
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0339",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:05.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5069
Vulnerability from cvelistv5
Published
2006-09-28 00:00
Modified
2024-08-07 19:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/3782 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/22071 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29128 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/20173 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/1646 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/446885/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=full-disclosure&m=115918334930694&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:23.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3782",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3782"
},
{
"name": "22071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22071"
},
{
"name": "typo3-search-xss(29128)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29128"
},
{
"name": "20173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20173"
},
{
"name": "1646",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1646"
},
{
"name": "20060925 Typo3 v4.x: XSS in extension \"Indexed Search\" v2.9.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446885/100/0/threaded"
},
{
"name": "20060925 Typo3 v4.x: XSS in extension \"Indexed Search\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115918334930694\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3782",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3782"
},
{
"name": "22071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22071"
},
{
"name": "typo3-search-xss(29128)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29128"
},
{
"name": "20173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20173"
},
{
"name": "1646",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1646"
},
{
"name": "20060925 Typo3 v4.x: XSS in extension \"Indexed Search\" v2.9.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446885/100/0/threaded"
},
{
"name": "20060925 Typo3 v4.x: XSS in extension \"Indexed Search\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115918334930694\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3782",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3782"
},
{
"name": "22071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22071"
},
{
"name": "typo3-search-xss(29128)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29128"
},
{
"name": "20173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20173"
},
{
"name": "1646",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1646"
},
{
"name": "20060925 Typo3 v4.x: XSS in extension \"Indexed Search\" v2.9.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446885/100/0/threaded"
},
{
"name": "20060925 Typo3 v4.x: XSS in extension \"Indexed Search\"",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115918334930694\u0026w=2"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5069",
"datePublished": "2006-09-28T00:00:00",
"dateReserved": "2006-09-27T00:00:00",
"dateUpdated": "2024-08-07T19:32:23.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7080
Vulnerability from cvelistv5
Published
2013-12-23 23:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/473 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2834 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka \"Mass Assignment.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka \"Mass Assignment.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "DSA-2834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7080",
"datePublished": "2013-12-23T23:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3628
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37122 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53917 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=oss-security&m=125632856206736&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/3009 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36801 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:28.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016"
},
{
"name": "typo3-ttcontent-info-disclosure(53917)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53917"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016"
},
{
"name": "typo3-ttcontent-info-disclosure(53917)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53917"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37122"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016"
},
{
"name": "typo3-ttcontent-info-disclosure(53917)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53917"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3628",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:28.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6145
Vulnerability from cvelistv5
Published
2009-02-16 17:00
Modified
2024-08-07 11:20
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33254 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/3502 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33254"
},
{
"name": "ADV-2008-3502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33254"
},
{
"name": "ADV-2008-3502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33254"
},
{
"name": "ADV-2008-3502",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3502"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"name": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6145",
"datePublished": "2009-02-16T17:00:00",
"dateReserved": "2009-02-16T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4343
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54786 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:19.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-tcd-xss(54786)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54786"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-tcd-xss(54786)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54786"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-tcd-xss(54786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54786"
},
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4343",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:19.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3665
Vulnerability from cvelistv5
Published
2019-11-04 21:23
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3665 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | x_refsource_CONFIRM | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T21:23:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3665",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3665"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3665",
"datePublished": "2019-11-04T21:23:51",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-25118
Vulnerability from cvelistv5
Published
2024-02-13 22:19
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2024-003 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T17:58:02.961049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:53.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-003",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.0.1"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.11"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.35"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.43"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.46"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.57"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T22:19:22.690Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-003",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-003"
}
],
"source": {
"advisory": "GHSA-38r2-5695-334w",
"discovery": "UNKNOWN"
},
"title": "Information Disclosure of Hashed Passwords in TYPO3 Backend Forms"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25118",
"datePublished": "2024-02-13T22:19:22.690Z",
"dateReserved": "2024-02-05T14:14:46.379Z",
"dateUpdated": "2024-08-01T23:36:21.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6344
Vulnerability from cvelistv5
Published
2009-02-27 17:00
Modified
2024-09-17 03:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-4 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32981 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4"
},
{
"name": "32981",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-27T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4"
},
{
"name": "32981",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4"
},
{
"name": "32981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6344",
"datePublished": "2009-02-27T17:00:00Z",
"dateReserved": "2009-02-27T00:00:00Z",
"dateUpdated": "2024-09-17T03:59:12.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1608
Vulnerability from cvelistv5
Published
2012-09-04 20:00
Modified
2024-09-17 00:15
Severity ?
EPSS score ?
Summary
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48647 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/03/30/4 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2445 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.osvdb.org/80762 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/52771 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48647"
},
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "DSA-2445",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"name": "80762",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/80762"
},
{
"name": "52771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48647"
},
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "DSA-2445",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"name": "80762",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/80762"
},
{
"name": "52771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52771"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48647"
},
{
"name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"name": "DSA-2445",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"name": "80762",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80762"
},
{
"name": "52771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52771"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1608",
"datePublished": "2012-09-04T20:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-17T00:15:45.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-25119
Vulnerability from cvelistv5
Published
2024-02-13 22:16
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2024-004 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T15:01:19.406111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:39.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-004",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.0.1"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.11"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.35"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.43"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.46"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.57"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS[\u0027SYS\u0027][\u0027encryptionKey\u0027]` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T22:16:37.103Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-004",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-004"
}
],
"source": {
"advisory": "GHSA-h47m-3f78-qp9g",
"discovery": "UNKNOWN"
},
"title": "Information Disclosure of Encryption Key in TYPO3 Install Tool"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25119",
"datePublished": "2024-02-13T22:16:37.103Z",
"dateReserved": "2024-02-05T14:14:46.379Z",
"dateUpdated": "2024-08-01T23:36:21.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0325
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 03:33
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0325",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T03:33:53.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4336
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54780 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:19.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-dpc-xss(54780)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54780"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-dpc-xss(54780)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54780"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-dpc-xss(54780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54780"
},
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4336",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:19.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4886
Vulnerability from cvelistv5
Published
2011-10-07 10:00
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/42941 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/41268 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/tweetbutton/1.0.5/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42941"
},
{
"name": "41268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/tweetbutton/1.0.5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"official twitter tweet button for your page\" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42941"
},
{
"name": "41268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/tweetbutton/1.0.5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"official twitter tweet button for your page\" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42941"
},
{
"name": "41268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41268"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"name": "http://typo3.org/extensions/repository/view/tweetbutton/1.0.5/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/tweetbutton/1.0.5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4886",
"datePublished": "2011-10-07T10:00:00Z",
"dateReserved": "2011-10-07T00:00:00Z",
"dateUpdated": "2024-09-17T04:09:58.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4891
Vulnerability from cvelistv5
Published
2011-10-07 10:00
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/42945 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/ke_yac/1.1.2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42945"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"name": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4891",
"datePublished": "2011-10-07T10:00:00Z",
"dateReserved": "2011-10-07T00:00:00Z",
"dateUpdated": "2024-09-17T03:22:47.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3672
Vulnerability from cvelistv5
Published
2019-11-05 19:25
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3672 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | x_refsource_CONFIRM | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T19:25:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3672",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3672"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3672",
"datePublished": "2019-11-05T19:25:17",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23504
Vulnerability from cvelistv5
Published
2022-12-14 07:58
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.38"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.33"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.20"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T07:58:05.232Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
}
],
"source": {
"advisory": "GHSA-8w3p-qh3x-6gjr",
"discovery": "UNKNOWN"
},
"title": "TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23504",
"datePublished": "2022-12-14T07:58:05.232Z",
"dateReserved": "2022-01-19T21:23:53.772Z",
"dateUpdated": "2024-08-03T03:43:46.501Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1022
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 22:26
Severity ?
EPSS score ?
Summary
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/t3sec_saltedpw/0.2.13/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38992 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/38799 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/t3sec_saltedpw/0.2.13/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38992"
},
{
"name": "38799",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/t3sec_saltedpw/0.2.13/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38992"
},
{
"name": "38799",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/t3sec_saltedpw/0.2.13/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/t3sec_saltedpw/0.2.13/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38992"
},
{
"name": "38799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1022",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T22:26:18.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3714
Vulnerability from cvelistv5
Published
2010-10-25 19:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/43786 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/15856 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.debian.org/security/2010/dsa-2121 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/ | x_refsource_CONFIRM | |
| http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "15856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-01T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "15856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "15856",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"name": "DSA-2121",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"name": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html",
"refsource": "MISC",
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3714",
"datePublished": "2010-10-25T19:00:00",
"dateReserved": "2010-10-01T00:00:00",
"dateUpdated": "2024-08-07T03:18:53.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4967
Vulnerability from cvelistv5
Published
2010-07-27 18:39
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2411 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36131 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36131",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36131"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-27T18:39:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36131",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36131"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36131"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4967",
"datePublished": "2010-07-27T18:39:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:14.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5308
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61654 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86237 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 | x_refsource_MISC | |
| http://osvdb.org/95958 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61654",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61654"
},
{
"name": "typo3-realurlmanagement-unspecified-xss(86237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86237"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "95958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61654",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61654"
},
{
"name": "typo3-realurlmanagement-unspecified-xss(86237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86237"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "95958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61654"
},
{
"name": "typo3-realurlmanagement-unspecified-xss(86237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86237"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "95958",
"refsource": "OSVDB",
"url": "http://osvdb.org/95958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5308",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1024
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56978 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38805 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"name": "tgmnewsletter-unspecified-sql-injection(56978)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38805"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"name": "tgmnewsletter-unspecified-sql-injection(56978)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38805"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"name": "tgmnewsletter-unspecified-sql-injection(56978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56978"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38805"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1024",
"datePublished": "2010-03-19T18:35:00",
"dateReserved": "2010-03-19T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4956
Vulnerability from cvelistv5
Published
2010-07-22 18:00
Modified
2024-09-17 03:37
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/ws_stats/0.1.2/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ws_stats/0.1.2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-22T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ws_stats/0.1.2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/ws_stats/0.1.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ws_stats/0.1.2/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4956",
"datePublished": "2010-07-22T18:00:00Z",
"dateReserved": "2010-07-22T00:00:00Z",
"dateUpdated": "2024-09-17T03:37:52.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3528
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/84771 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77792 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2012/dsa-2537 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/08/22/8 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/50287 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "84771",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/84771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "typo3-backend-unspec-xss(77792)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77792"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "50287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "84771",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/84771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "typo3-backend-unspec-xss(77792)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77792"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "50287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84771",
"refsource": "OSVDB",
"url": "http://osvdb.org/84771"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "typo3-backend-unspec-xss(77792)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77792"
},
{
"name": "DSA-2537",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "50287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3528",
"datePublished": "2012-09-05T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1085
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51852 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/78799 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72973 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51852"
},
{
"name": "78799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78799"
},
{
"name": "typo3-beuserswitch-unspec-info-disclosure(72973)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51852"
},
{
"name": "78799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78799"
},
{
"name": "typo3-beuserswitch-unspec-info-disclosure(72973)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51852"
},
{
"name": "78799",
"refsource": "OSVDB",
"url": "http://osvdb.org/78799"
},
{
"name": "typo3-beuserswitch-unspec-info-disclosure(72973)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1085",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4710
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-17 00:02
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35876 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/36084 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35876",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35876"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"name": "36084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35876",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35876"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"name": "36084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35876"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"name": "36084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4710",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-17T00:02:31.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4395
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4395",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:20.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1075
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72961 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/78788 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/rtg_files/1.5.2/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47842 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/51838 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "typo3-documents-unspecified-sql-injection(72961)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72961"
},
{
"name": "78788",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"name": "47842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47842"
},
{
"name": "51838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51838"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "typo3-documents-unspecified-sql-injection(72961)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72961"
},
{
"name": "78788",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"name": "47842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47842"
},
{
"name": "51838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51838"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "typo3-documents-unspecified-sql-injection(72961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72961"
},
{
"name": "78788",
"refsource": "OSVDB",
"url": "http://osvdb.org/78788"
},
{
"name": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"name": "47842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47842"
},
{
"name": "51838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51838"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1075",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1014
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38823 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38823",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38823",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38823"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1014",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:14:40.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47780
Vulnerability from cvelistv5
Published
2024-10-08 17:57
Modified
2024-10-08 18:17
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2024-012 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:17:16.402927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:17:24.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.46"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.40"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.21"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to \"everybody.\" However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:57:21.523Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-012",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-012"
}
],
"source": {
"advisory": "GHSA-rf5m-h8q9-9w6q",
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in TYPO3 Page Tree"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47780",
"datePublished": "2024-10-08T17:57:21.523Z",
"dateReserved": "2024-09-30T21:28:53.236Z",
"dateUpdated": "2024-10-08T18:17:24.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4959
Vulnerability from cvelistv5
Published
2010-07-27 18:39
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2410 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36140 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012"
},
{
"name": "36140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-27T18:39:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012"
},
{
"name": "36140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2410",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2410"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012"
},
{
"name": "36140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4959",
"datePublished": "2010-07-27T18:39:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:22.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36104
Vulnerability from cvelistv5
Published
2022-09-13 17:20
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-006 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.4.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:20:19",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-006"
}
],
"source": {
"advisory": "GHSA-fffr-7x4x-f98q",
"discovery": "UNKNOWN"
},
"title": "Denial of Service via Page Error Handling in TYPO3/cms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36104",
"STATE": "PUBLIC",
"TITLE": "Denial of Service via Page Error Handling in TYPO3/cms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 11.4.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
},
{
"name": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-006",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-006"
}
]
},
"source": {
"advisory": "GHSA-fffr-7x4x-f98q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36104",
"datePublished": "2022-09-13T17:20:19",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4320
Vulnerability from cvelistv5
Published
2014-05-20 14:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:02.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-20T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/",
"refsource": "CONFIRM",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4320",
"datePublished": "2014-05-20T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:02.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3819
Vulnerability from cvelistv5
Published
2009-10-28 10:00
Modified
2024-09-17 02:20
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37095 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-10-28T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37095"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3819",
"datePublished": "2009-10-28T10:00:00Z",
"dateReserved": "2009-10-28T00:00:00Z",
"dateUpdated": "2024-09-17T02:20:58.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26228
Vulnerability from cvelistv5
Published
2020-11-23 21:10
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2020-011 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.23"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T21:10:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-011"
}
],
"source": {
"advisory": "GHSA-954j-f27r-cj52",
"discovery": "UNKNOWN"
},
"title": "Cleartext storage of session identifier",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26228",
"STATE": "PUBLIC",
"TITLE": "Cleartext storage of session identifier"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.23"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.10"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2020-011",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-011"
}
]
},
"source": {
"advisory": "GHSA-954j-f27r-cj52",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26228",
"datePublished": "2020-11-23T21:10:16",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9508
Vulnerability from cvelistv5
Published
2015-01-04 21:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html | vendor-advisory, x_refsource_SUSE | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9508",
"datePublished": "2015-01-04T21:00:00",
"dateReserved": "2015-01-04T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1153
Vulnerability from cvelistv5
Published
2010-04-20 19:00
Modified
2024-09-17 01:27
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/ | x_refsource_CONFIRM | |
| http://marc.info/?l=oss-security&m=127092306209177&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2010/04/12/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/"
},
{
"name": "[oss-security] 20100410 CVE request: typo3 remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127092306209177\u0026w=2"
},
{
"name": "[oss-security] 20100412 Re: CVE request: typo3 remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/12/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-20T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/"
},
{
"name": "[oss-security] 20100410 CVE request: typo3 remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127092306209177\u0026w=2"
},
{
"name": "[oss-security] 20100412 Re: CVE request: typo3 remote command execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/12/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/"
},
{
"name": "[oss-security] 20100410 CVE request: typo3 remote command execution",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127092306209177\u0026w=2"
},
{
"name": "[oss-security] 20100412 Re: CVE request: typo3 remote command execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/12/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1153",
"datePublished": "2010-04-20T19:00:00Z",
"dateReserved": "2010-03-29T00:00:00Z",
"dateUpdated": "2024-09-17T01:27:09.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31046
Vulnerability from cvelistv5
Published
2022-06-14 20:40
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-001 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.57"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T22:00:32",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001"
}
],
"source": {
"advisory": "GHSA-8gmv-9hwg-w89g",
"discovery": "UNKNOWN"
},
"title": "Information Disclosure via Export Module in TYPO3 CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31046",
"STATE": "PUBLIC",
"TITLE": "Information Disclosure via Export Module in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.57"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
},
{
"name": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-001",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001"
}
]
},
"source": {
"advisory": "GHSA-8gmv-9hwg-w89g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31046",
"datePublished": "2022-06-14T20:40:22",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0329
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38167 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/powermail/1.5.2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the \"SQL selection field\" and \"typoscript.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the \"SQL selection field\" and \"typoscript.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38167"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/"
},
{
"name": "http://typo3.org/extensions/repository/view/powermail/1.5.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0329",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T22:03:28.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8760
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034485 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/79210 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034485"
},
{
"name": "79210",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka \"Cross-Site Flashing.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1034485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034485"
},
{
"name": "79210",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka \"Cross-Site Flashing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034485",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034485"
},
{
"name": "79210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79210"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8760",
"datePublished": "2016-01-08T19:00:00Z",
"dateReserved": "2016-01-08T00:00:00Z",
"dateUpdated": "2024-09-16T20:16:51.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3634
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37122 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=oss-security&m=125633199111438&w=2 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53926 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=oss-security&m=125632856206736&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/3009 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36801 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:29.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "typo3-login-xss(53926)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53926"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "typo3-login-xss(53926)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53926"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "typo3-login-xss(53926)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53926"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3634",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:29.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5098
Vulnerability from cvelistv5
Published
2012-05-21 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/70122 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/45470 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35770 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/12/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/11/3 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64179 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/05/10/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-form-xss(64179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64179"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "70122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-form-xss(64179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64179"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70122",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70122"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-form-xss(64179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64179"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5098",
"datePublished": "2012-05-21T20:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8758
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-09-17 04:19
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034484 | vdb-entry, x_refsource_SECTRACK | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/79240 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:22.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034484",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/"
},
{
"name": "79240",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1034484",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/"
},
{
"name": "79240",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034484"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/"
},
{
"name": "79240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8758",
"datePublished": "2016-01-08T19:00:00Z",
"dateReserved": "2016-01-08T00:00:00Z",
"dateUpdated": "2024-09-17T04:19:06.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1077
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-16 16:38
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://osvdb.org/78790 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78790"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78790"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78790",
"refsource": "OSVDB",
"url": "http://osvdb.org/78790"
},
{
"name": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1077",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-16T16:38:24.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4344
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54789 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-zid-xss(54789)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54789"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-zid-xss(54789)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54789"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-zid-xss(54789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54789"
},
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4344",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6458
Vulnerability from cvelistv5
Published
2009-03-13 10:00
Modified
2024-08-07 11:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/48274 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/31259 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45257 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48274"
},
{
"name": "31259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "dmaddredit-unspecified-sql-injection(45257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the FE address edit for tt_address \u0026 direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48274"
},
{
"name": "31259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "dmaddredit-unspecified-sql-injection(45257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45257"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the FE address edit for tt_address \u0026 direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48274",
"refsource": "OSVDB",
"url": "http://osvdb.org/48274"
},
{
"name": "31259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31259"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "dmaddredit-unspecified-sql-injection(45257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45257"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6458",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3944
Vulnerability from cvelistv5
Published
2014-06-03 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2014/dsa-2942 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/06/03/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-03T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3944",
"datePublished": "2014-06-03T14:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21370
Vulnerability from cvelistv5
Published
2021-03-23 01:55
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packagist.org/packages/typo3/cms-backend | x_refsource_MISC | |
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-008 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.6.50"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T01:55:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-008"
}
],
"source": {
"advisory": "GHSA-x7hc-x7fm-f7qh",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Content Preview (CType menu)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21370",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Content Preview (CType menu)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c= 7.6.50"
},
{
"version_value": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"version_value": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"version_value": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"version_value": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packagist.org/packages/typo3/cms-backend",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-008",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-008"
}
]
},
"source": {
"advisory": "GHSA-x7hc-x7fm-f7qh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21370",
"datePublished": "2021-03-23T01:55:12",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4389
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-16 18:40
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37770 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37770"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4389",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-16T18:40:03.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1078
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory."
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/sysutils/1.0.4/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51844 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72964 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/78791 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sysutils/1.0.4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51844"
},
{
"name": "typo3-sysutils-unspecified-info-disclosure(72964)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72964"
},
{
"name": "78791",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper \"protection\" of the \"backup output directory.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/sysutils/1.0.4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51844"
},
{
"name": "typo3-sysutils-unspecified-info-disclosure(72964)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72964"
},
{
"name": "78791",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78791"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper \"protection\" of the \"backup output directory.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/sysutils/1.0.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sysutils/1.0.4/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51844"
},
{
"name": "typo3-sysutils-unspecified-info-disclosure(72964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72964"
},
{
"name": "78791",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78791"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1078",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4949
Vulnerability from cvelistv5
Published
2010-07-22 18:00
Modified
2024-09-17 00:00
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/34573 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/extensions/repository/view/locator/1.2.8/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-22T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34573"
},
{
"name": "http://typo3.org/extensions/repository/view/locator/1.2.8/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4949",
"datePublished": "2010-07-22T18:00:00Z",
"dateReserved": "2010-07-22T00:00:00Z",
"dateUpdated": "2024-09-17T00:00:31.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1070
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter."
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51845 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47823 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/78749 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51845"
},
{
"name": "47823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47823"
},
{
"name": "78749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the \"return url parameter.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51845"
},
{
"name": "47823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47823"
},
{
"name": "78749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the \"return url parameter.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51845"
},
{
"name": "47823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47823"
},
{
"name": "78749",
"refsource": "OSVDB",
"url": "http://osvdb.org/78749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1070",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-16T16:58:39.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23501
Vulnerability from cvelistv5
Published
2022-12-14 07:23
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.49"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.38"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.33"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.20"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T07:23:46.127Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf"
}
],
"source": {
"advisory": "GHSA-jfp7-79g7-89rf",
"discovery": "UNKNOWN"
},
"title": "TYPO3 vulnerable to Improper Authentication in Frontend Login"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23501",
"datePublished": "2022-12-14T07:23:46.127Z",
"dateReserved": "2022-01-19T21:23:53.770Z",
"dateUpdated": "2024-08-03T03:43:46.437Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3664
Vulnerability from cvelistv5
Published
2019-11-04 21:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3664 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T21:21:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3664",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3664"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3664",
"datePublished": "2019-11-04T21:21:10",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:53.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0332
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0332",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T21:07:45.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4400
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4400",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-16T22:56:15.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4680
Vulnerability from cvelistv5
Published
2013-06-25 18:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84670 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/93818 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/60298 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-maagform-unspecified-open-redirect(84670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84670"
},
{
"name": "93818",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93818"
},
{
"name": "60298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60298"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-maagform-unspecified-open-redirect(84670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84670"
},
{
"name": "93818",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93818"
},
{
"name": "60298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60298"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-maagform-unspecified-open-redirect(84670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84670"
},
{
"name": "93818",
"refsource": "OSVDB",
"url": "http://osvdb.org/93818"
},
{
"name": "60298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60298"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4680",
"datePublished": "2013-06-25T18:00:00",
"dateReserved": "2013-06-25T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19850
Vulnerability from cvelistv5
Published
2019-12-17 16:03
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/security/advisory/typo3-core-sa-2019-025/ | x_refsource_MISC | |
| https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:L/PR:H/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T16:03:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:L/PR:H/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2019-025/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025/"
},
{
"name": "https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security",
"refsource": "MISC",
"url": "https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19850",
"datePublished": "2019-12-17T16:03:15",
"dateReserved": "2019-12-17T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6145
Vulnerability from cvelistv5
Published
2013-07-01 21:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/87116 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79965 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2013/06/19/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "87116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"name": "typo3-backendhistory-unspecified-xss(79965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79965"
},
{
"name": "[oss-security] 20130619 Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "87116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"name": "typo3-backendhistory-unspecified-xss(79965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79965"
},
{
"name": "[oss-security] 20130619 Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "87116",
"refsource": "OSVDB",
"url": "http://osvdb.org/87116"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"name": "typo3-backendhistory-unspecified-xss(79965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79965"
},
{
"name": "[oss-security] 20130619 Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6145",
"datePublished": "2013-07-01T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6341
Vulnerability from cvelistv5
Published
2009-02-27 17:00
Modified
2024-09-16 17:24
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-27T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6341",
"datePublished": "2009-02-27T17:00:00Z",
"dateReserved": "2009-02-27T00:00:00Z",
"dateUpdated": "2024-09-16T17:24:02.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1005
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/yatse/0.3.2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38808 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/yatse/0.3.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38808"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1005",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:40:42.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4166
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-17 02:37
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/mchtrips/2.0.1/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4166",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-17T02:37:22.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3669
Vulnerability from cvelistv5
Published
2019-11-04 22:04
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3669 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | x_refsource_CONFIRM | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T22:04:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3669",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3669"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3669",
"datePublished": "2019-11-04T22:04:56",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4855
Vulnerability from cvelistv5
Published
2010-05-10 20:00
Modified
2024-08-07 07:17
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/ | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/9380 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52308 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/35975 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/"
},
{
"name": "9380",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9380"
},
{
"name": "typo3-showuid-sql-injection(52308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52308"
},
{
"name": "35975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that \"there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/"
},
{
"name": "9380",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9380"
},
{
"name": "typo3-showuid-sql-injection(52308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52308"
},
{
"name": "35975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35975"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that \"there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/",
"refsource": "MISC",
"url": "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/"
},
{
"name": "9380",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9380"
},
{
"name": "typo3-showuid-sql-injection(52308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52308"
},
{
"name": "35975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4855",
"datePublished": "2010-05-10T20:00:00",
"dateReserved": "2010-05-10T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41114
Vulnerability from cvelistv5
Published
2021-10-05 17:15
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-015 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS[\u0027TYPO3_CONF_VARS\u0027][\u0027SYS\u0027][\u0027trustedHostsPattern\u0027] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T17:15:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-015"
}
],
"source": {
"advisory": "GHSA-m2jh-fxw4-gphm",
"discovery": "UNKNOWN"
},
"title": " HTTP Host Header Injection in Request Handling in Typo3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41114",
"STATE": "PUBLIC",
"TITLE": " HTTP Host Header Injection in Request Handling in Typo3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS[\u0027TYPO3_CONF_VARS\u0027][\u0027SYS\u0027][\u0027trustedHostsPattern\u0027] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm"
},
{
"name": "https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-015",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-015"
}
]
},
"source": {
"advisory": "GHSA-m2jh-fxw4-gphm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41114",
"datePublished": "2021-10-05T17:15:11",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3943
Vulnerability from cvelistv5
Published
2014-06-03 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2014/dsa-2942 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/06/03/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/67625 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0813",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"name": "67625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:0813",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"name": "67625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0813",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"name": "67625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3943",
"datePublished": "2014-06-03T14:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55921
Vulnerability from cvelistv5
Published
2025-01-14 19:36
Modified
2025-01-14 19:36
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Extension Manager Module” allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-4g52-pq8j-6qv5 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2025-006 | x_refsource_MISC |
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.48"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.42"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.25"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cExtension Manager Module\u201d allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:36:32.439Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-4g52-pq8j-6qv5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-4g52-pq8j-6qv5"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-006",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-006"
}
],
"source": {
"advisory": "GHSA-4g52-pq8j-6qv5",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in Extension Manager Module in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55921",
"datePublished": "2025-01-14T19:36:32.439Z",
"dateReserved": "2024-12-13T13:40:23.283Z",
"dateUpdated": "2025-01-14T19:36:32.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4948
Vulnerability from cvelistv5
Published
2010-07-22 18:00
Modified
2024-09-16 20:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/34573 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/extensions/repository/view/locator/1.2.8/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-22T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34573"
},
{
"name": "http://typo3.org/extensions/repository/view/locator/1.2.8/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4948",
"datePublished": "2010-07-22T18:00:00Z",
"dateReserved": "2010-07-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:03:50.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3583
Vulnerability from cvelistv5
Published
2019-11-25 23:21
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-3583 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2011-3583 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-002/ | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | TYPO3 Core | TYPO3 Core |
Version: 4.5.0 - 4.5.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 Core",
"vendor": "TYPO3 Core",
"versions": [
{
"status": "affected",
"version": "4.5.0 - 4.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T23:21:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 Core",
"version": {
"version_data": [
{
"version_value": "4.5.0 - 4.5.5"
}
]
}
}
]
},
"vendor_name": "TYPO3 Core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3583",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-3583",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3583",
"datePublished": "2019-11-25T23:21:26",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6689
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46386 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43204 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "dmmjobcontrol-unspecified-sql-injection(43204)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "dmmjobcontrol-unspecified-sql-injection(43204)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46386",
"refsource": "OSVDB",
"url": "http://osvdb.org/46386"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "dmmjobcontrol-unspecified-sql-injection(43204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6689",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11067
Vulnerability from cvelistv5
Published
2020-05-13 23:25
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.17"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER-\u003euc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T23:25:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp"
}
],
"source": {
"advisory": "GHSA-2wj9-434x-9hvp",
"discovery": "UNKNOWN"
},
"title": "Deserialization of Untrusted Data in TYPO3 CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11067",
"STATE": "PUBLIC",
"TITLE": "Deserialization of Untrusted Data in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.17"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.2"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER-\u003euc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp"
}
]
},
"source": {
"advisory": "GHSA-2wj9-434x-9hvp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11067",
"datePublished": "2020-05-13T23:25:13",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1004
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 04:04
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/yatse/0.3.2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38808 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/yatse/0.3.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38808"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1004",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T04:04:26.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31047
Vulnerability from cvelistv5
Published
2022-06-14 20:40
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99 | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-002 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.57"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T22:00:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"
}
],
"source": {
"advisory": "GHSA-fh99-4pgr-8j99",
"discovery": "UNKNOWN"
},
"title": "Insertion of Sensitive Information into Log File in typo3/cms-core",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31047",
"STATE": "PUBLIC",
"TITLE": "Insertion of Sensitive Information into Log File in typo3/cms-core"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.57"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
},
{
"name": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-002",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"
}
]
},
"source": {
"advisory": "GHSA-fh99-4pgr-8j99",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31047",
"datePublished": "2022-06-14T20:40:10",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5097
Vulnerability from cvelistv5
Published
2012-05-21 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/45470 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35770 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64178 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/05/12/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/11/3 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/70123 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2012/05/10/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "typo3-clickenlarge-xss(64178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64178"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "70123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70123"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "typo3-clickenlarge-xss(64178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64178"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "70123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70123"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35770"
},
{
"name": "typo3-clickenlarge-xss(64178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64178"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "70123",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70123"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5097",
"datePublished": "2012-05-21T20:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4394
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4394",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-17T00:21:17.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11065
Vulnerability from cvelistv5
Published
2020-05-13 23:05
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.5.12, \u003c 9.5.17"
},
{
"status": "affected",
"version": "\u003e= 10.2.0, \u003c 10.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T23:05:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864"
}
],
"source": {
"advisory": "GHSA-4j77-gg36-9864",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in TYPO3 CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11065",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.5.12, \u003c 9.5.17"
},
{
"version_value": "\u003e= 10.2.0, \u003c 10.4.2"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864"
}
]
},
"source": {
"advisory": "GHSA-4j77-gg36-9864",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11065",
"datePublished": "2020-05-13T23:05:13",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1084
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51852 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72974 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/78798 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51852"
},
{
"name": "typo3-beuserswitch-unspecified-xss(72974)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72974"
},
{
"name": "78798",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78798"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51852"
},
{
"name": "typo3-beuserswitch-unspecified-xss(72974)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72974"
},
{
"name": "78798",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78798"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51852"
},
{
"name": "typo3-beuserswitch-unspecified-xss(72974)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72974"
},
{
"name": "78798",
"refsource": "OSVDB",
"url": "http://osvdb.org/78798"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1084",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1021
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38993 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/38818 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://osvdb.org/63036 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"name": "38993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38993"
},
{
"name": "38818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "63036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"name": "38993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38993"
},
{
"name": "38818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "63036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"name": "38993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38993"
},
{
"name": "38818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38818"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "63036",
"refsource": "OSVDB",
"url": "http://osvdb.org/63036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1021",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:09:23.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2112
Vulnerability from cvelistv5
Published
2012-08-27 21:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74920 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/53047 | vdb-entry, x_refsource_BID | |
| http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/17/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2012/dsa-2455 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:07.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[TYPO3-announce] 20120417 Cross-Site Scripting Vulnerability in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html"
},
{
"name": "exceptionhandler-exceptionmessages-xss(74920)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920"
},
{
"name": "53047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53047"
},
{
"name": "[TYPO3-announce] 20120417 Announcing TYPO3 4.4.15, 4.5.15 and 4.6.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html"
},
{
"name": "[oss-security] 20120417 CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/17/5"
},
{
"name": "[oss-security] 20120417 Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/18/1"
},
{
"name": "DSA-2455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2455"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[TYPO3-announce] 20120417 Cross-Site Scripting Vulnerability in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html"
},
{
"name": "exceptionhandler-exceptionmessages-xss(74920)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920"
},
{
"name": "53047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53047"
},
{
"name": "[TYPO3-announce] 20120417 Announcing TYPO3 4.4.15, 4.5.15 and 4.6.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html"
},
{
"name": "[oss-security] 20120417 CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/17/5"
},
{
"name": "[oss-security] 20120417 Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/18/1"
},
{
"name": "DSA-2455",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2455"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[TYPO3-announce] 20120417 Cross-Site Scripting Vulnerability in TYPO3 Core",
"refsource": "MLIST",
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html"
},
{
"name": "exceptionhandler-exceptionmessages-xss(74920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920"
},
{
"name": "53047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53047"
},
{
"name": "[TYPO3-announce] 20120417 Announcing TYPO3 4.4.15, 4.5.15 and 4.6.8",
"refsource": "MLIST",
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html"
},
{
"name": "[oss-security] 20120417 CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/17/5"
},
{
"name": "[oss-security] 20120417 Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/18/1"
},
{
"name": "DSA-2455",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2455"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2112",
"datePublished": "2012-08-27T21:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:07.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4660
Vulnerability from cvelistv5
Published
2008-10-21 22:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45999 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/2870 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31845 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "m1intern-unspecified-sql-injection(45999)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45999"
},
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "m1intern-unspecified-sql-injection(45999)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45999"
},
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "m1intern-unspecified-sql-injection(45999)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45999"
},
{
"name": "ADV-2008-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4660",
"datePublished": "2008-10-21T22:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3821
Vulnerability from cvelistv5
Published
2009-10-28 10:00
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-10-28T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3821",
"datePublished": "2009-10-28T10:00:00Z",
"dateReserved": "2009-10-28T00:00:00Z",
"dateUpdated": "2024-09-16T18:34:06.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3673
Vulnerability from cvelistv5
Published
2019-11-05 19:32
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3673 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3673"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T19:32:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3673"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3673",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3673"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3673",
"datePublished": "2019-11-05T19:32:21",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4956
Vulnerability from cvelistv5
Published
2011-10-09 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/42369 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/67030 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40950 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61043 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "42369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42369"
},
{
"name": "67030",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/67030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/"
},
{
"name": "40950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40950"
},
{
"name": "questionnaire-unspecified-xss(61043)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "42369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42369"
},
{
"name": "67030",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/67030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/"
},
{
"name": "40950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40950"
},
{
"name": "questionnaire-unspecified-xss(61043)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "42369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42369"
},
{
"name": "67030",
"refsource": "OSVDB",
"url": "http://osvdb.org/67030"
},
{
"name": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/"
},
{
"name": "40950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40950"
},
{
"name": "questionnaire-unspecified-xss(61043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4956",
"datePublished": "2011-10-09T10:00:00",
"dateReserved": "2011-10-09T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6457
Vulnerability from cvelistv5
Published
2009-03-13 10:00
Modified
2024-08-07 11:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/48273 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/31258 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45256 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48273",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48273"
},
{
"name": "31258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31258"
},
{
"name": "cgswigmore-unspecified-sql-injection(45256)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48273",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48273"
},
{
"name": "31258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31258"
},
{
"name": "cgswigmore-unspecified-sql-injection(45256)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48273",
"refsource": "OSVDB",
"url": "http://osvdb.org/48273"
},
{
"name": "31258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31258"
},
{
"name": "cgswigmore-unspecified-sql-injection(45256)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45256"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6457",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47126
Vulnerability from cvelistv5
Published
2023-11-14 20:01
Modified
2024-08-29 20:34
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55 | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2023-005 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55"
},
{
"name": "https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-005",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T20:34:24.244678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:34:33.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.2.0, \u003c 12.4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - \u201cclassic\u201d non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T20:01:16.570Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55"
},
{
"name": "https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-005",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-005"
}
],
"source": {
"advisory": "GHSA-p2jh-95jg-2w55",
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in Install Tool in typo3/cms-install"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47126",
"datePublished": "2023-11-14T20:01:16.570Z",
"dateReserved": "2023-10-30T19:57:51.676Z",
"dateUpdated": "2024-08-29T20:34:33.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4656
Vulnerability from cvelistv5
Published
2008-10-21 22:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2870 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31843 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:21.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31843",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31843",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4656",
"datePublished": "2008-10-21T22:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:21.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1081
Vulnerability from cvelistv5
Published
2007-02-22 23:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-20070221-1 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32630 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/24207 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/0697 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/33471 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/22668 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20070221-1"
},
{
"name": "typo3-t3libformmail-header-injection(32630)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32630"
},
{
"name": "24207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24207"
},
{
"name": "ADV-2007-0697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0697"
},
{
"name": "33471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33471"
},
{
"name": "22668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20070221-1"
},
{
"name": "typo3-t3libformmail-header-injection(32630)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32630"
},
{
"name": "24207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24207"
},
{
"name": "ADV-2007-0697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0697"
},
{
"name": "33471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33471"
},
{
"name": "22668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22668"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20070221-1",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20070221-1"
},
{
"name": "typo3-t3libformmail-header-injection(32630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32630"
},
{
"name": "24207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24207"
},
{
"name": "ADV-2007-0697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0697"
},
{
"name": "33471",
"refsource": "OSVDB",
"url": "http://osvdb.org/33471"
},
{
"name": "22668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22668"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1081",
"datePublished": "2007-02-22T23:00:00",
"dateReserved": "2007-02-22T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4683
Vulnerability from cvelistv5
Published
2013-06-25 18:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84661 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/93806 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-metafeedit-unspecified-sql-injection(84661)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84661"
},
{
"name": "93806",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93806"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-metafeedit-unspecified-sql-injection(84661)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84661"
},
{
"name": "93806",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93806"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-metafeedit-unspecified-sql-injection(84661)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84661"
},
{
"name": "93806",
"refsource": "OSVDB",
"url": "http://osvdb.org/93806"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4683",
"datePublished": "2013-06-25T18:00:00",
"dateReserved": "2013-06-25T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4890
Vulnerability from cvelistv5
Published
2011-10-07 10:00
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/42945 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/ke_yac/1.1.2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42945"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"name": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4890",
"datePublished": "2011-10-07T10:00:00Z",
"dateReserved": "2011-10-07T00:00:00Z",
"dateUpdated": "2024-09-16T23:16:18.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4345
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54787 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:19.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "typo3-vshoutbox-xss(54787)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "typo3-vshoutbox-xss(54787)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "typo3-vshoutbox-xss(54787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54787"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4345",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:19.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4337
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54779 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:19.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-dpc-sql-injection(54779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54779"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-dpc-sql-injection(54779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54779"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-dpc-sql-injection(54779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54779"
},
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4337",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:19.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4966
Vulnerability from cvelistv5
Published
2010-07-27 18:39
Modified
2024-09-16 19:24
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2411 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36135 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-27T18:39:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36135"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4966",
"datePublished": "2010-07-27T18:39:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-16T19:24:38.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6463
Vulnerability from cvelistv5
Published
2009-03-13 10:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/48279 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31260 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:45.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48279",
"refsource": "OSVDB",
"url": "http://osvdb.org/48279"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6463",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:34:45.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7075
Vulnerability from cvelistv5
Published
2013-12-23 23:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/473 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2834 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a \"missing signature.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a \"missing signature.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "DSA-2834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7075",
"datePublished": "2013-12-23T23:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1026
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38800 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56979 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "cleandbdbal-unspecified-sql-injection(56979)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "cleandbdbal-unspecified-sql-injection(56979)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38800"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "cleandbdbal-unspecified-sql-injection(56979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1026",
"datePublished": "2010-03-19T18:35:00",
"dateReserved": "2010-03-19T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1842
Vulnerability from cvelistv5
Published
2013-03-20 15:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/03/12/3 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2013/dsa-2646 | vendor-advisory, x_refsource_DEBIAN | |
| http://osvdb.org/90925 | vdb-entry, x_refsource_OSVDB | |
| http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/52638 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/58330 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/52433 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"name": "DSA-2646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"name": "90925",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90925"
},
{
"name": "openSUSE-SU-2013:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"name": "52638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52638"
},
{
"name": "58330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58330"
},
{
"name": "52433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to \"the Query Object Model and relation values.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-05T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"name": "DSA-2646",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"name": "90925",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90925"
},
{
"name": "openSUSE-SU-2013:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"name": "52638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52638"
},
{
"name": "58330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58330"
},
{
"name": "52433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to \"the Query Object Model and relation values.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"name": "DSA-2646",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"name": "90925",
"refsource": "OSVDB",
"url": "http://osvdb.org/90925"
},
{
"name": "openSUSE-SU-2013:0510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"name": "52638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52638"
},
{
"name": "58330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58330"
},
{
"name": "52433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52433"
},
{
"name": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/",
"refsource": "CONFIRM",
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1842",
"datePublished": "2013-03-20T15:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4346
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-17T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4346",
"datePublished": "2009-12-17T17:00:00Z",
"dateReserved": "2009-12-17T00:00:00Z",
"dateUpdated": "2024-09-17T02:42:39.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41113
Vulnerability from cvelistv5
Published
2021-10-05 17:20
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2020-006 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.2.0, \u003c 11.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-05T17:20:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-006"
}
],
"source": {
"advisory": "GHSA-657m-v5vm-f6rw",
"discovery": "UNKNOWN"
},
"title": " Cross-Site-Request-Forgery in Backend URI Handling in Typo3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41113",
"STATE": "PUBLIC",
"TITLE": " Cross-Site-Request-Forgery in Backend URI Handling in Typo3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 11.2.0, \u003c 11.5.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw"
},
{
"name": "https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2020-006",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-006"
}
]
},
"source": {
"advisory": "GHSA-657m-v5vm-f6rw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41113",
"datePublished": "2021-10-05T17:20:12",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4892
Vulnerability from cvelistv5
Published
2011-10-07 10:00
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-021 | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/powermail/1.5.5 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41962 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.5"
},
{
"name": "41962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.5"
},
{
"name": "41962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-021",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-021"
},
{
"name": "http://typo3.org/extensions/repository/view/powermail/1.5.5",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.5"
},
{
"name": "41962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4892",
"datePublished": "2011-10-07T10:00:00Z",
"dateReserved": "2011-10-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:19.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6346
Vulnerability from cvelistv5
Published
2009-02-27 17:00
Modified
2024-09-17 02:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33256 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-3/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-27T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33256"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6346",
"datePublished": "2009-02-27T17:00:00Z",
"dateReserved": "2009-02-27T00:00:00Z",
"dateUpdated": "2024-09-17T02:05:35.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4901
Vulnerability from cvelistv5
Published
2019-11-06 16:49
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4901 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:49:21",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4901",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4901"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4901",
"datePublished": "2019-11-06T16:49:21",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6381
Vulnerability from cvelistv5
Published
2007-12-15 02:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/28243 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/ | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/4205 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/39506 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1019146 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/26871 | vdb-entry, x_refsource_BID | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39017 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/27969 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2007/dsa-1439 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/"
},
{
"name": "ADV-2007-4205",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4205"
},
{
"name": "39506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39506"
},
{
"name": "1019146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019146"
},
{
"name": "26871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446"
},
{
"name": "typo3-indexedsearch-sql-injection(39017)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39017"
},
{
"name": "27969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27969"
},
{
"name": "DSA-1439",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/"
},
{
"name": "ADV-2007-4205",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4205"
},
{
"name": "39506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39506"
},
{
"name": "1019146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019146"
},
{
"name": "26871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446"
},
{
"name": "typo3-indexedsearch-sql-injection(39017)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39017"
},
{
"name": "27969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27969"
},
{
"name": "DSA-1439",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28243"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/"
},
{
"name": "ADV-2007-4205",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4205"
},
{
"name": "39506",
"refsource": "OSVDB",
"url": "http://osvdb.org/39506"
},
{
"name": "1019146",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019146"
},
{
"name": "26871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26871"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446"
},
{
"name": "typo3-indexedsearch-sql-injection(39017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39017"
},
{
"name": "27969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27969"
},
{
"name": "DSA-1439",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6381",
"datePublished": "2007-12-15T02:00:00",
"dateReserved": "2007-12-14T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7074
Vulnerability from cvelistv5
Published
2013-12-21 00:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/487 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/64245 | vdb-entry, x_refsource_BID | |
| http://seclists.org/oss-sec/2013/q4/473 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89620 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2834 | vendor-advisory, x_refsource_DEBIAN | |
| http://osvdb.org/100881 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "64245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64245"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "contenteditingwizards-url-xss(89620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"name": "100881",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "64245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64245"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "contenteditingwizards-url-xss(89620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"name": "100881",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "64245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64245"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "contenteditingwizards-url-xss(89620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89620"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"name": "DSA-2834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"name": "100881",
"refsource": "OSVDB",
"url": "http://osvdb.org/100881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7074",
"datePublished": "2013-12-21T00:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55922
Vulnerability from cvelistv5
Published
2025-01-14 19:23
Modified
2025-01-14 19:42
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none The vulnerability in the affected downstream component “Form Framework Module” allows attackers to manipulate or delete persisted form definitions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2025-007 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T19:42:02.361225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:42:15.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.48"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.42"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.25"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none The vulnerability in the affected downstream component \u201cForm Framework Module\u201d allows attackers to manipulate or delete persisted form definitions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:23:16.769Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-007",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-007"
}
],
"source": {
"advisory": "GHSA-ww7h-g2qf-7xv6",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in Form Framework Module in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55922",
"datePublished": "2025-01-14T19:23:16.769Z",
"dateReserved": "2024-12-13T13:40:23.283Z",
"dateUpdated": "2025-01-14T19:42:15.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1083
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-17 04:19
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://osvdb.org/78797 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/51849 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78797"
},
{
"name": "51849",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78797"
},
{
"name": "51849",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51849"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78797",
"refsource": "OSVDB",
"url": "http://osvdb.org/78797"
},
{
"name": "51849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51849"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1083",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-17T04:19:44.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5307
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/95960 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86236 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/54306 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/61609 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/ke_search | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95960",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95960"
},
{
"name": "typo3-facetedsearch-unspecified-xss(86236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86236"
},
{
"name": "54306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54306"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "61609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ke_search"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95960",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95960"
},
{
"name": "typo3-facetedsearch-unspecified-xss(86236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86236"
},
{
"name": "54306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54306"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "61609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ke_search"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95960",
"refsource": "OSVDB",
"url": "http://osvdb.org/95960"
},
{
"name": "typo3-facetedsearch-unspecified-xss(86236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86236"
},
{
"name": "54306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54306"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "61609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61609"
},
{
"name": "http://typo3.org/extensions/repository/view/ke_search",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ke_search"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5307",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4161
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37165 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37165"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4161",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-17T01:16:18.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5304
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54350 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/95962 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86230 | vdb-entry, x_refsource_XF | |
| http://typo3.org/extensions/repository/view/locator | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/61606 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54350"
},
{
"name": "95962",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95962"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "typo3-storeloactor-unspecified-sql-injection(86230)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"name": "61606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54350"
},
{
"name": "95962",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95962"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "typo3-storeloactor-unspecified-sql-injection(86230)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"name": "61606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54350"
},
{
"name": "95962",
"refsource": "OSVDB",
"url": "http://osvdb.org/95962"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "typo3-storeloactor-unspecified-sql-injection(86230)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86230"
},
{
"name": "http://typo3.org/extensions/repository/view/locator",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"name": "61606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5304",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1264
Vulnerability from cvelistv5
Published
2009-04-07 23:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/ | x_refsource_CONFIRM | |
| http://osvdb.org/53278 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2009/0938 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/34586 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34374 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/"
},
{
"name": "53278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53278"
},
{
"name": "ADV-2009-0938",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0938"
},
{
"name": "34586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34586"
},
{
"name": "34374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34374"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-07T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/"
},
{
"name": "53278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53278"
},
{
"name": "ADV-2009-0938",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0938"
},
{
"name": "34586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34586"
},
{
"name": "34374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34374"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/"
},
{
"name": "53278",
"refsource": "OSVDB",
"url": "http://osvdb.org/53278"
},
{
"name": "ADV-2009-0938",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0938"
},
{
"name": "34586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34586"
},
{
"name": "34374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34374"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1264",
"datePublished": "2009-04-07T23:00:00Z",
"dateReserved": "2009-04-07T00:00:00Z",
"dateUpdated": "2024-09-16T20:57:34.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6288
Vulnerability from cvelistv5
Published
2013-10-28 22:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/62674 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/ | x_refsource_MISC | |
| http://secunia.com/advisories/54978 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/extensions/repository/view/solr | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"name": "54978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/solr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to \"Insecure Unserialize.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"name": "54978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/solr"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to \"Insecure Unserialize.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62674"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"name": "54978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54978"
},
{
"name": "http://typo3.org/extensions/repository/view/solr",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/solr"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6288",
"datePublished": "2013-10-28T22:00:00",
"dateReserved": "2013-10-28T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6693
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46390 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/30737 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29825 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43208 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46390"
},
{
"name": "30737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30737"
},
{
"name": "29825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29825"
},
{
"name": "sbdownloader-unspecified-sql-injection(43208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46390"
},
{
"name": "30737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30737"
},
{
"name": "29825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29825"
},
{
"name": "sbdownloader-unspecified-sql-injection(43208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46390",
"refsource": "OSVDB",
"url": "http://osvdb.org/46390"
},
{
"name": "30737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30737"
},
{
"name": "29825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29825"
},
{
"name": "sbdownloader-unspecified-sql-injection(43208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43208"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6693",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6577
Vulnerability from cvelistv5
Published
2013-06-27 20:00
Modified
2024-08-06 21:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/formhandler | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79670 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/formhandler"
},
{
"name": "typo3-formhandler-unspecified-sql-injection(79670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79670"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/formhandler"
},
{
"name": "typo3-formhandler-unspecified-sql-injection(79670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79670"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/formhandler",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/formhandler"
},
{
"name": "typo3-formhandler-unspecified-sql-injection(79670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79670"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6577",
"datePublished": "2013-06-27T20:00:00",
"dateReserved": "2013-06-27T00:00:00",
"dateUpdated": "2024-08-06T21:36:01.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11064
Vulnerability from cvelistv5
Published
2020-05-13 22:50
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.17"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T22:50:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46"
}
],
"source": {
"advisory": "GHSA-43gj-mj2w-wh46",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in TYPO3 CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11064",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.17"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.2"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46"
}
]
},
"source": {
"advisory": "GHSA-43gj-mj2w-wh46",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11064",
"datePublished": "2020-05-13T22:50:11",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4871
Vulnerability from cvelistv5
Published
2013-07-18 01:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84660 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/93816 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/53634 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/60274 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/tq_seo | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-teqneers-unspecified-csrf(84660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84660"
},
{
"name": "93816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93816"
},
{
"name": "53634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53634"
},
{
"name": "60274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/tq_seo"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-teqneers-unspecified-csrf(84660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84660"
},
{
"name": "93816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93816"
},
{
"name": "53634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53634"
},
{
"name": "60274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/tq_seo"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-teqneers-unspecified-csrf(84660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84660"
},
{
"name": "93816",
"refsource": "OSVDB",
"url": "http://osvdb.org/93816"
},
{
"name": "53634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53634"
},
{
"name": "60274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60274"
},
{
"name": "http://typo3.org/extensions/repository/view/tq_seo",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/tq_seo"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4871",
"datePublished": "2013-07-18T01:00:00",
"dateReserved": "2013-07-17T00:00:00",
"dateUpdated": "2024-08-06T16:59:40.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6691
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/30737 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29819 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43206 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/46388 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30737"
},
{
"name": "29819",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29819"
},
{
"name": "pdcalendartoday-unspecified-sql-injection(43206)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43206"
},
{
"name": "46388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30737"
},
{
"name": "29819",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29819"
},
{
"name": "pdcalendartoday-unspecified-sql-injection(43206)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43206"
},
{
"name": "46388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30737"
},
{
"name": "29819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29819"
},
{
"name": "pdcalendartoday-unspecified-sql-injection(43206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43206"
},
{
"name": "46388",
"refsource": "OSVDB",
"url": "http://osvdb.org/46388"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6691",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4950
Vulnerability from cvelistv5
Published
2010-07-22 18:00
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-22T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4950",
"datePublished": "2010-07-22T18:00:00Z",
"dateReserved": "2010-07-22T00:00:00Z",
"dateUpdated": "2024-09-16T19:14:24.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6460
Vulnerability from cvelistv5
Published
2009-03-13 10:00
Modified
2024-08-07 11:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45261 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/48277 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/31254 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mwrandomobjects-unspecified-sql-injection(45261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45261"
},
{
"name": "48277",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48277"
},
{
"name": "31254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mwrandomobjects-unspecified-sql-injection(45261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45261"
},
{
"name": "48277",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48277"
},
{
"name": "31254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mwrandomobjects-unspecified-sql-injection(45261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45261"
},
{
"name": "48277",
"refsource": "OSVDB",
"url": "http://osvdb.org/48277"
},
{
"name": "31254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31254"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6460",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1076
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://typo3.org/extensions/repository/view/rtg_files/1.5.2/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47842 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/78787 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/51838 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72960 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"name": "47842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47842"
},
{
"name": "78787",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78787"
},
{
"name": "51838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51838"
},
{
"name": "typo3-documents-unspecified-xss(72960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"name": "47842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47842"
},
{
"name": "78787",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78787"
},
{
"name": "51838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51838"
},
{
"name": "typo3-documents-unspecified-xss(72960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72960"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"name": "47842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47842"
},
{
"name": "78787",
"refsource": "OSVDB",
"url": "http://osvdb.org/78787"
},
{
"name": "51838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51838"
},
{
"name": "typo3-documents-unspecified-xss(72960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72960"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1076",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0815
Vulnerability from cvelistv5
Published
2009-03-05 02:00
Modified
2024-08-07 04:48
Severity ?
EPSS score ?
Summary
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2009/02/10/6 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2009/dsa-1720 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id?1021710 | vdb-entry, x_refsource_SECTRACK | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"name": "DSA-1720",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"name": "1021710",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"name": "DSA-1720",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"name": "1021710",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"name": "DSA-1720",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"name": "1021710",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021710"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0815",
"datePublished": "2009-03-05T02:00:00",
"dateReserved": "2009-03-04T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4399
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4399",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:19.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0338
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0338",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:16.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23502
Vulnerability from cvelistv5
Published
2022-12-14 07:34
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.33"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.20"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T07:34:21.327Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
}
],
"source": {
"advisory": "GHSA-mgj2-q8wp-29rr",
"discovery": "UNKNOWN"
},
"title": "TYPO3 contains Insufficient Session Expiration after Password Reset"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23502",
"datePublished": "2022-12-14T07:34:21.327Z",
"dateReserved": "2022-01-19T21:23:53.770Z",
"dateUpdated": "2024-08-03T03:43:46.456Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5956
Vulnerability from cvelistv5
Published
2015-09-16 14:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/ | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2015/Sep/57 | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id/1033551 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/536464/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:06:34.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/"
},
{
"name": "20150915 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/57"
},
{
"name": "1033551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html"
},
{
"name": "20150914 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536464/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/"
},
{
"name": "20150915 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/57"
},
{
"name": "1033551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html"
},
{
"name": "20150914 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536464/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/",
"refsource": "CONFIRM",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/"
},
{
"name": "20150915 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/57"
},
{
"name": "1033551",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033551"
},
{
"name": "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html"
},
{
"name": "20150914 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536464/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5956",
"datePublished": "2015-09-16T14:00:00",
"dateReserved": "2015-08-06T00:00:00",
"dateUpdated": "2024-08-06T07:06:34.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2718
Vulnerability from cvelistv5
Published
2008-06-16 22:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42986 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29657 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/30619 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/493270/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2008/dsa-1596 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.vupen.com/english/advisories/2008/1802 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30660 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/ | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/3945 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:15.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-feadminlibinc-xss(42986)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42986"
},
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-feadminlibinc-xss(42986)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42986"
},
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-feadminlibinc-xss(42986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42986"
},
{
"name": "29657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"name": "30619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "DSA-1596",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30660"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2718",
"datePublished": "2008-06-16T22:00:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:15.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-25120
Vulnerability from cvelistv5
Published
2024-02-13 22:15
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c | x_refsource_CONFIRM | |
| https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2024-005 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T15:55:10.696116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:11.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c"
},
{
"name": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-005",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.0.1"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.11"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.35"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.43"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.46"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.57"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users\u0027 permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T22:15:13.294Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c"
},
{
"name": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-005",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-005"
}
],
"source": {
"advisory": "GHSA-wf85-8hx9-gj7c",
"discovery": "UNKNOWN"
},
"title": "Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25120",
"datePublished": "2024-02-13T22:15:13.294Z",
"dateReserved": "2024-02-05T14:14:46.379Z",
"dateUpdated": "2024-08-01T23:36:21.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3667
Vulnerability from cvelistv5
Published
2019-11-04 21:58
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3667 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3667"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T21:58:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3667"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3667",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3667"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3667",
"datePublished": "2019-11-04T21:58:31",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-34355
Vulnerability from cvelistv5
Published
2024-05-14 14:01
Modified
2024-08-02 02:51
Severity ?
EPSS score ?
Summary
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2024-007 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:21:14.096134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:41.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc"
},
{
"name": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-007",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T14:01:32.753Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc"
},
{
"name": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-007",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-007"
}
],
"source": {
"advisory": "GHSA-xjwx-78x7-q6jc",
"discovery": "UNKNOWN"
},
"title": "TYPO3 vulnerable to an HTML Injection in the History Module"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34355",
"datePublished": "2024-05-14T14:01:32.753Z",
"dateReserved": "2024-05-02T06:36:32.438Z",
"dateUpdated": "2024-08-02T02:51:11.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4745
Vulnerability from cvelistv5
Published
2013-07-01 23:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/90410 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/myquizpoll | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90410",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-01T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "90410",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90410",
"refsource": "OSVDB",
"url": "http://osvdb.org/90410"
},
{
"name": "http://typo3.org/extensions/repository/view/myquizpoll",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4745",
"datePublished": "2013-07-01T23:00:00Z",
"dateReserved": "2013-07-01T00:00:00Z",
"dateUpdated": "2024-09-16T18:39:10.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36107
Vulnerability from cvelistv5
Published
2022-09-13 17:30
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25 | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-009 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:30:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009"
}
],
"source": {
"advisory": "GHSA-9c6w-55cp-5w25",
"discovery": "UNKNOWN"
},
"title": "Stored Cross-Site Scripting via FileDumpController",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36107",
"STATE": "PUBLIC",
"TITLE": "Stored Cross-Site Scripting via FileDumpController"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
},
{
"name": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-009",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009"
}
]
},
"source": {
"advisory": "GHSA-9c6w-55cp-5w25",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36107",
"datePublished": "2022-09-13T17:30:13",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4341
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54783 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-nis-sql-injection(54783)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54783"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-nis-sql-injection(54783)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54783"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-nis-sql-injection(54783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54783"
},
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4341",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4162
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37551 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37551"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4162",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:05.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6699
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/46393 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43211 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29832 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46393"
},
{
"name": "tjsreslib-unspecified-xss(43211)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43211"
},
{
"name": "29832",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46393"
},
{
"name": "tjsreslib-unspecified-xss(43211)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43211"
},
{
"name": "29832",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46393",
"refsource": "OSVDB",
"url": "http://osvdb.org/46393"
},
{
"name": "tjsreslib-unspecified-xss(43211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43211"
},
{
"name": "29832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29832"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6699",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2104
Vulnerability from cvelistv5
Published
2009-06-17 17:00
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/ | x_refsource_CONFIRM | |
| http://osvdb.org/55122 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/35397 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35483 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:21.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/"
},
{
"name": "55122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/"
},
{
"name": "35397",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35397"
},
{
"name": "35483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/"
},
{
"name": "55122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/"
},
{
"name": "35397",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35397"
},
{
"name": "35483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/"
},
{
"name": "55122",
"refsource": "OSVDB",
"url": "http://osvdb.org/55122"
},
{
"name": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/"
},
{
"name": "35397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35397"
},
{
"name": "35483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2104",
"datePublished": "2009-06-17T17:00:00",
"dateReserved": "2009-06-17T00:00:00",
"dateUpdated": "2024-08-07T05:36:21.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6147
Vulnerability from cvelistv5
Published
2013-07-01 21:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79967 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/87113 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2013/06/19/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"name": "typo3-backend-treerender-xss(79967)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79967"
},
{
"name": "87113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87113"
},
{
"name": "[oss-security] 20130619 Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"name": "typo3-backend-treerender-xss(79967)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79967"
},
{
"name": "87113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87113"
},
{
"name": "[oss-security] 20130619 Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"name": "typo3-backend-treerender-xss(79967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79967"
},
{
"name": "87113",
"refsource": "OSVDB",
"url": "http://osvdb.org/87113"
},
{
"name": "[oss-security] 20130619 Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6147",
"datePublished": "2013-07-01T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21355
Vulnerability from cvelistv5
Published
2021-03-23 01:50
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packagist.org/packages/typo3/cms-form | x_refsource_MISC | |
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-002 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T01:50:29",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-002"
}
],
"source": {
"advisory": "GHSA-2r6j-862c-m2v2",
"discovery": "UNKNOWN"
},
"title": "Unrestricted File Upload in Form Framework",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21355",
"STATE": "PUBLIC",
"TITLE": "Unrestricted File Upload in Form Framework"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c= 8.7.39"
},
{
"version_value": "\u003e= 9.0.0, \u003c= 9.5.24"
},
{
"version_value": "\u003e= 10.0.0, \u003c= 10.4.13"
},
{
"version_value": "\u003e= 11.0.0, \u003c= 11.1.0"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packagist.org/packages/typo3/cms-form",
"refsource": "MISC",
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-002",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-002"
}
]
},
"source": {
"advisory": "GHSA-2r6j-862c-m2v2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21355",
"datePublished": "2021-03-23T01:50:29",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5799
Vulnerability from cvelistv5
Published
2008-12-31 11:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46471 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32237 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wirberuns-unspecified-xss(46471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"name": "32237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wirberuns-unspecified-xss(46471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"name": "32237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wirberuns-unspecified-xss(46471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46471"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"name": "32237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5799",
"datePublished": "2008-12-31T11:00:00",
"dateReserved": "2008-12-30T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1008
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 18:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38816 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/chsellector/0.1.2/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/chsellector/0.1.2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/chsellector/0.1.2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38816"
},
{
"name": "http://typo3.org/extensions/repository/view/chsellector/0.1.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/chsellector/0.1.2/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1008",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:55:12.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0337
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0337",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:46.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4708
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4708",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:30:46.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6144
Vulnerability from cvelistv5
Published
2009-02-16 17:00
Modified
2024-08-07 11:20
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33254 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/3502 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33254"
},
{
"name": "ADV-2008-3502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33254"
},
{
"name": "ADV-2008-3502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33254"
},
{
"name": "ADV-2008-3502",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3502"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"name": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6144",
"datePublished": "2009-02-16T17:00:00",
"dateReserved": "2009-02-16T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4631
Vulnerability from cvelistv5
Published
2019-11-06 16:36
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4631 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4631"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:36:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4631"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4631",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4631"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4631",
"datePublished": "2019-11-06T16:36:09",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4655
Vulnerability from cvelistv5
Published
2008-10-21 22:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2870 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/32369 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "32369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32369"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "32369",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32369"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "32369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32369"
},
{
"name": "http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4655",
"datePublished": "2008-10-21T22:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1016
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38804 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38804"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1016",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:32.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8757
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/79254 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1034482 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/"
},
{
"name": "79254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79254"
},
{
"name": "1034482",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/"
},
{
"name": "79254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79254"
},
{
"name": "1034482",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034482"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/"
},
{
"name": "79254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79254"
},
{
"name": "1034482",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034482"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8757",
"datePublished": "2016-01-08T19:00:00Z",
"dateReserved": "2016-01-08T00:00:00Z",
"dateUpdated": "2024-09-16T22:46:11.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5303
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/95967 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/54350 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86233 | vdb-entry, x_refsource_XF | |
| http://typo3.org/extensions/repository/view/locator | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/61606 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95967",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95967"
},
{
"name": "54350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "storelocator-unserialize-code-execution(86233)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"name": "61606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to \"Insecure Unserialize.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95967",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95967"
},
{
"name": "54350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "storelocator-unserialize-code-execution(86233)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"name": "61606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to \"Insecure Unserialize.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95967",
"refsource": "OSVDB",
"url": "http://osvdb.org/95967"
},
{
"name": "54350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54350"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "storelocator-unserialize-code-execution(86233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86233"
},
{
"name": "http://typo3.org/extensions/repository/view/locator",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"name": "61606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5303",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4971
Vulnerability from cvelistv5
Published
2010-07-27 18:39
Modified
2024-09-16 18:23
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2411 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36141 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36141"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-27T18:39:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36141"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36141"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4971",
"datePublished": "2010-07-27T18:39:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-16T18:23:23.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32767
Vulnerability from cvelistv5
Published
2021-07-20 16:00
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-012 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.28"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.18"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T15:28:30",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-012"
}
],
"source": {
"advisory": "GHSA-34fr-fhqr-7235",
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in User Authentication",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32767",
"STATE": "PUBLIC",
"TITLE": "Information Disclosure in User Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.28"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.18"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.3.1"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-012",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-012"
}
]
},
"source": {
"advisory": "GHSA-34fr-fhqr-7235",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32767",
"datePublished": "2021-07-20T16:00:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4951
Vulnerability from cvelistv5
Published
2011-10-09 10:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/42373 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/vx_xajax_shoutbox/1.0.1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "42373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/vx_xajax_shoutbox/1.0.1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-09T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "42373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/vx_xajax_shoutbox/1.0.1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "42373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42373"
},
{
"name": "http://typo3.org/extensions/repository/view/vx_xajax_shoutbox/1.0.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/vx_xajax_shoutbox/1.0.1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4951",
"datePublished": "2011-10-09T10:00:00Z",
"dateReserved": "2011-10-09T00:00:00Z",
"dateUpdated": "2024-09-17T03:23:21.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4661
Vulnerability from cvelistv5
Published
2008-10-21 22:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2870 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/sm_pageimprovements/0.3.0/info/ChangeLog/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sm_pageimprovements/0.3.0/info/ChangeLog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/extensions/repository/view/sm_pageimprovements/0.3.0/info/ChangeLog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "http://typo3.org/extensions/repository/view/sm_pageimprovements/0.3.0/info/ChangeLog/",
"refsource": "MISC",
"url": "http://typo3.org/extensions/repository/view/sm_pageimprovements/0.3.0/info/ChangeLog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4661",
"datePublished": "2008-10-21T22:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3629
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53918 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37122 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=oss-security&m=125633199111438&w=2 | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=oss-security&m=125632856206736&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/3009 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36801 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:28.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-backend-xss(53918)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53918"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "typo3-backend-xss(53918)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53918"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-backend-xss(53918)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53918"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3629",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:28.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6456
Vulnerability from cvelistv5
Published
2009-03-13 10:00
Modified
2024-08-07 11:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45259 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31261 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/48276 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "hbook-unspecified-sql-injection(45259)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31261"
},
{
"name": "48276",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "hbook-unspecified-sql-injection(45259)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31261"
},
{
"name": "48276",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hbook-unspecified-sql-injection(45259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45259"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31261"
},
{
"name": "48276",
"refsource": "OSVDB",
"url": "http://osvdb.org/48276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6456",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4392
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4392",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-16T19:30:42.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4632
Vulnerability from cvelistv5
Published
2019-11-06 16:39
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4632 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:39:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4632",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4632"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4632",
"datePublished": "2019-11-06T16:39:08",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4962
Vulnerability from cvelistv5
Published
2011-10-09 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61058 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/42381 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/"
},
{
"name": "webkit-unspecified-command-execution(61058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61058"
},
{
"name": "42381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/"
},
{
"name": "webkit-unspecified-command-execution(61058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61058"
},
{
"name": "42381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/"
},
{
"name": "webkit-unspecified-command-execution(61058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61058"
},
{
"name": "42381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4962",
"datePublished": "2011-10-09T10:00:00",
"dateReserved": "2011-10-09T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4965
Vulnerability from cvelistv5
Published
2010-07-27 18:39
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2411 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36130 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-27T18:39:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36130"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4965",
"datePublished": "2010-07-27T18:39:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-16T23:41:02.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4950
Vulnerability from cvelistv5
Published
2011-10-09 10:00
Modified
2024-09-16 18:08
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/event/0.3.7/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/event/0.3.7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-09T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/extensions/repository/view/event/0.3.7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "http://typo3.org/extensions/repository/view/event/0.3.7/",
"refsource": "MISC",
"url": "http://typo3.org/extensions/repository/view/event/0.3.7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4950",
"datePublished": "2011-10-09T10:00:00Z",
"dateReserved": "2011-10-09T00:00:00Z",
"dateUpdated": "2024-09-16T18:08:29.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1074
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51837 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72959 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/78786 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51837"
},
{
"name": "typo3-whitepapers-unspecified-sql-injection(72959)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72959"
},
{
"name": "78786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78786"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51837"
},
{
"name": "typo3-whitepapers-unspecified-sql-injection(72959)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72959"
},
{
"name": "78786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78786"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51837"
},
{
"name": "typo3-whitepapers-unspecified-sql-injection(72959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72959"
},
{
"name": "78786",
"refsource": "OSVDB",
"url": "http://osvdb.org/78786"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1074",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4658
Vulnerability from cvelistv5
Published
2008-10-21 22:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31840 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/ | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2008/2870 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/32342 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31840",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31840"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/"
},
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "32342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32342"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31840",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31840"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/"
},
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "32342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32342"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31840"
},
{
"name": "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/",
"refsource": "MISC",
"url": "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/"
},
{
"name": "ADV-2008-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "32342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32342"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4658",
"datePublished": "2008-10-21T22:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4338
Vulnerability from cvelistv5
Published
2009-12-17 17:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54781 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3550 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:19.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-flashslideshow-sql-injection(54781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54781"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-flashslideshow-sql-injection(54781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54781"
},
{
"name": "ADV-2009-3550",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-flashslideshow-sql-injection(54781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54781"
},
{
"name": "ADV-2009-3550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4338",
"datePublished": "2009-12-17T17:00:00",
"dateReserved": "2009-12-17T00:00:00",
"dateUpdated": "2024-08-07T07:01:19.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3631
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53923 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37122 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=oss-security&m=125632856206736&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/3009 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36801 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:29.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-uploads-command-execution(53923)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "typo3-uploads-command-execution(53923)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-uploads-command-execution(53923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53923"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3631",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:29.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5310
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/95957 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86238 | vdb-entry, x_refsource_XF | |
| http://typo3.org/extensions/repository/view/wfqbe | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/61653 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95957",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/"
},
{
"name": "typo3-dbintegration-unspec-sql-injection(86238)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/wfqbe"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "61653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95957",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/"
},
{
"name": "typo3-dbintegration-unspec-sql-injection(86238)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/wfqbe"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "61653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95957",
"refsource": "OSVDB",
"url": "http://osvdb.org/95957"
},
{
"name": "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/"
},
{
"name": "typo3-dbintegration-unspec-sql-injection(86238)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86238"
},
{
"name": "http://typo3.org/extensions/repository/view/wfqbe",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wfqbe"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "61653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5310",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3717
Vulnerability from cvelistv5
Published
2010-10-25 19:00
Modified
2024-09-16 16:47
Severity ?
EPSS score ?
Summary
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/43786 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2010/dsa-2121 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-25T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3717",
"datePublished": "2010-10-25T19:00:00Z",
"dateReserved": "2010-10-01T00:00:00Z",
"dateUpdated": "2024-09-16T16:47:44.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4804
Vulnerability from cvelistv5
Published
2010-04-23 14:00
Modified
2024-09-16 20:52
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/cal/1.1.1/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34155 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/33996 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.1.1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "34155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34155"
},
{
"name": "33996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via \"search parameters.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-23T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.1.1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "34155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34155"
},
{
"name": "33996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via \"search parameters.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/cal/1.1.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/cal/1.1.1/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "34155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34155"
},
{
"name": "33996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4804",
"datePublished": "2010-04-23T14:00:00Z",
"dateReserved": "2010-04-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:52:15.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3661
Vulnerability from cvelistv5
Published
2019-11-01 17:26
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3661 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T17:26:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3661",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3661"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3661",
"datePublished": "2019-11-01T17:26:21",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1072
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51834 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/78785 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72958 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51834"
},
{
"name": "78785",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78785"
},
{
"name": "typo3-category-unspecified-sql-injection(72958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51834"
},
{
"name": "78785",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78785"
},
{
"name": "typo3-category-unspecified-sql-injection(72958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51834"
},
{
"name": "78785",
"refsource": "OSVDB",
"url": "http://osvdb.org/78785"
},
{
"name": "typo3-category-unspecified-sql-injection(72958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1072",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4659
Vulnerability from cvelistv5
Published
2008-10-21 22:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2870 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31844 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4659",
"datePublished": "2008-10-21T22:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3670
Vulnerability from cvelistv5
Published
2019-11-05 19:10
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3670 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3670"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the \"forgot password\" function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T19:10:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3670"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the \"forgot password\" function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3670",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3670"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3670",
"datePublished": "2019-11-05T19:10:11",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-25121
Vulnerability from cvelistv5
Published
2024-02-13 22:14
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2024-006 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-006",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.0.1"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.11"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.35"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.43"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.46"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.57"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage (\"zero-storage\") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` \u0026 `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler-\u003eisImporting = true;`.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T22:14:40.926Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-006",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-006"
}
],
"source": {
"advisory": "GHSA-rj3x-wvc6-5j66",
"discovery": "UNKNOWN"
},
"title": "Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25121",
"datePublished": "2024-02-13T22:14:40.926Z",
"dateReserved": "2024-02-05T14:14:46.379Z",
"dateUpdated": "2024-08-01T23:36:21.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3715
Vulnerability from cvelistv5
Published
2010-10-25 19:00
Modified
2024-09-17 03:32
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/43786 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2010/dsa-2121 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-25T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3715",
"datePublished": "2010-10-25T19:00:00Z",
"dateReserved": "2010-10-01T00:00:00Z",
"dateUpdated": "2024-09-17T03:32:35.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1082
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-17 01:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51849 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/78796 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51849",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51849"
},
{
"name": "78796",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51849",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51849"
},
{
"name": "78796",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51849"
},
{
"name": "78796",
"refsource": "OSVDB",
"url": "http://osvdb.org/78796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1082",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-17T01:57:01.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4749
Vulnerability from cvelistv5
Published
2013-07-01 23:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81584 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-usertaskcenter-unspecified-xss(81584)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-usertaskcenter-unspecified-xss(81584)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-usertaskcenter-unspecified-xss(81584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81584"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4749",
"datePublished": "2013-07-01T23:00:00",
"dateReserved": "2013-07-01T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4711
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-17 03:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35872 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/36082 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35872"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"name": "36082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35872"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"name": "36082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35872"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"name": "36082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4711",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-17T03:27:43.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4393
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4393",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-17T02:16:20.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4952
Vulnerability from cvelistv5
Published
2011-10-09 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/festat/0.2.4/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61056 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/42366 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/festat/0.2.4/"
},
{
"name": "feuser-unspec-sql-injection(61056)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61056"
},
{
"name": "42366",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/festat/0.2.4/"
},
{
"name": "feuser-unspec-sql-injection(61056)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61056"
},
{
"name": "42366",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"name": "http://typo3.org/extensions/repository/view/festat/0.2.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/festat/0.2.4/"
},
{
"name": "feuser-unspec-sql-injection(61056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61056"
},
{
"name": "42366",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4952",
"datePublished": "2011-10-09T10:00:00",
"dateReserved": "2011-10-09T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0331
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 00:07
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0331",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T00:07:04.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55945
Vulnerability from cvelistv5
Published
2025-01-14 19:14
Modified
2025-01-14 19:46
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to `lax` or `none`. The vulnerability in the affected downstream component “DB Check Module” allows attackers to manipulate data through unauthorized actions. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-8mv3-37rc-pvxj | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2025-010 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T19:46:09.784893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:46:24.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to `lax` or `none`. The vulnerability in the affected downstream component \u201cDB Check Module\u201d allows attackers to manipulate data through unauthorized actions. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:14:33.725Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8mv3-37rc-pvxj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8mv3-37rc-pvxj"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-010",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-010"
}
],
"source": {
"advisory": "GHSA-8mv3-37rc-pvxj",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in DB Check Module in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55945",
"datePublished": "2025-01-14T19:14:33.725Z",
"dateReserved": "2024-12-13T17:39:32.959Z",
"dateUpdated": "2025-01-14T19:46:24.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0350
Vulnerability from cvelistv5
Published
2010-01-15 20:00
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0350",
"datePublished": "2010-01-15T20:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T00:06:56.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6144
Vulnerability from cvelistv5
Published
2013-07-01 21:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79964 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/06/19/4 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/87115 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-backendhistory-unspec-sql-injection(79964)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79964"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"name": "[oss-security] 20130619 Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
},
{
"name": "87115",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "typo3-backendhistory-unspec-sql-injection(79964)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79964"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"name": "[oss-security] 20130619 Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
},
{
"name": "87115",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-backendhistory-unspec-sql-injection(79964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79964"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"name": "[oss-security] 20130619 Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
},
{
"name": "87115",
"refsource": "OSVDB",
"url": "http://osvdb.org/87115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6144",
"datePublished": "2013-07-01T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3945
Vulnerability from cvelistv5
Published
2014-06-03 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2014/dsa-2942 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/06/03/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-03T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3945",
"datePublished": "2014-06-03T14:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19849
Vulnerability from cvelistv5
Published
2019-12-17 16:03
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/security/advisory/typo3-core-sa-2019-026/ | x_refsource_MISC | |
| https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T16:03:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2019-026/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026/"
},
{
"name": "https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security",
"refsource": "MISC",
"url": "https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19849",
"datePublished": "2019-12-17T16:03:31",
"dateReserved": "2019-12-17T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0330
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/jf_easymaps/1.0.3/ | x_refsource_MISC | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/jf_easymaps/1.0.3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/extensions/repository/view/jf_easymaps/1.0.3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/jf_easymaps/1.0.3/",
"refsource": "MISC",
"url": "http://typo3.org/extensions/repository/view/jf_easymaps/1.0.3/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0330",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T00:16:02.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3818
Vulnerability from cvelistv5
Published
2009-10-28 10:00
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37094 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-10-28T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37094"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3818",
"datePublished": "2009-10-28T10:00:00Z",
"dateReserved": "2009-10-28T00:00:00Z",
"dateUpdated": "2024-09-16T23:16:40.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3604
Vulnerability from cvelistv5
Published
2010-09-24 19:44
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019 | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/powermail/1.5.4/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41530 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4/"
},
{
"name": "41530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-24T19:44:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4/"
},
{
"name": "41530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"name": "http://typo3.org/extensions/repository/view/powermail/1.5.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4/"
},
{
"name": "41530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3604",
"datePublished": "2010-09-24T19:44:00Z",
"dateReserved": "2010-09-24T00:00:00Z",
"dateUpdated": "2024-09-16T22:36:42.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4902
Vulnerability from cvelistv5
Published
2019-11-06 16:53
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4902 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "General Configuration Problem",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:53:14",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "General Configuration Problem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4902",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4902"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4902",
"datePublished": "2019-11-06T16:53:14",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4056
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/04/21/1 | mailing-list, x_refsource_MLIST | |
| https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/ | x_refsource_MISC | |
| https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160416 Re: CVE Request: Stored Cross-Site Scripting in TYPO3 Bookmarks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/21/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-23T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160416 Re: CVE Request: Stored Cross-Site Scripting in TYPO3 Bookmarks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/21/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160416 Re: CVE Request: Stored Cross-Site Scripting in TYPO3 Bookmarks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/21/1"
},
{
"name": "https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/",
"refsource": "MISC",
"url": "https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/"
},
{
"name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/",
"refsource": "CONFIRM",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4056",
"datePublished": "2017-01-23T21:00:00",
"dateReserved": "2016-04-21T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4388
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-16 20:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37771 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37771",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37771"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4388",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:21:37.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4900
Vulnerability from cvelistv5
Published
2019-11-06 16:46
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4900 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4900"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.5.4 allows Information Disclosure in the backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:46:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4900"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.5.4 allows Information Disclosure in the backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4900",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4900"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4900",
"datePublished": "2019-11-06T16:46:02",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30451
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-02 14:21
Severity ?
EPSS score ?
Summary
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-25T05:02:47.293044",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30451",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-04-08T00:00:00",
"dateUpdated": "2024-08-02T14:21:44.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4707
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4707",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T22:03:23.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3946
Vulnerability from cvelistv5
Published
2014-06-03 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2014/dsa-2942 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/06/03/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-03T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2942",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3946",
"datePublished": "2014-06-03T14:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4968
Vulnerability from cvelistv5
Published
2010-07-27 18:39
Modified
2024-09-16 22:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36136 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/2411 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36136"
},
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-27T18:39:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36136"
},
{
"name": "ADV-2009-2411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36136"
},
{
"name": "ADV-2009-2411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4968",
"datePublished": "2010-07-27T18:39:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-16T22:41:20.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4167
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-16 17:13
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37169 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct \"Cache spoofing\" attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct \"Cache spoofing\" attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37169"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4167",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-16T17:13:52.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0347
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 23:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0347",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:20:25.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5104
Vulnerability from cvelistv5
Published
2012-05-21 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/45470 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35770 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/12/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/70116 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2012/05/11/3 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64185 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/05/10/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "70116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70116"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-escapestrforlike-info-disc(64185)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64185"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "70116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70116"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-escapestrforlike-info-disc(64185)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64185"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "45470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "35770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "70116",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70116"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-escapestrforlike-info-disc(64185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64185"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5104",
"datePublished": "2012-05-21T20:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:39.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11063
Vulnerability from cvelistv5
Published
2020-05-13 22:15
Modified
2024-12-03 19:08
Severity ?
EPSS score ?
Summary
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-347x-877p-hcwx | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/14929b98ecda0ce67329b0f25ca7c01ee85df574 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-347x-877p-hcwx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.4.0, \u003c= 10.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T19:08:03.534Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-347x-877p-hcwx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-347x-877p-hcwx"
},
{
"name": "https://github.com/TYPO3/typo3/commit/14929b98ecda0ce67329b0f25ca7c01ee85df574",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/14929b98ecda0ce67329b0f25ca7c01ee85df574"
}
],
"source": {
"advisory": "GHSA-347x-877p-hcwx",
"discovery": "UNKNOWN"
},
"title": "Observable Response Discrepancy in TYPO3 CMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11063",
"datePublished": "2020-05-13T22:15:12",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-12-03T19:08:03.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5889
Vulnerability from cvelistv5
Published
2012-11-17 21:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74461 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004/"
},
{
"name": "typo3-powermail-unspecified-xss(74461)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004/"
},
{
"name": "typo3-powermail-unspecified-xss(74461)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004/"
},
{
"name": "typo3-powermail-unspecified-xss(74461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5889",
"datePublished": "2012-11-17T21:00:00",
"dateReserved": "2012-11-17T00:00:00",
"dateUpdated": "2024-08-06T21:21:27.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0797
Vulnerability from cvelistv5
Published
2010-03-02 20:00
Modified
2024-09-16 17:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38030 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/38388 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/t3blog/0.8.0/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38030",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38030"
},
{
"name": "38388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-02T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38030",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38030"
},
{
"name": "38388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38030"
},
{
"name": "38388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38388"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"name": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0797",
"datePublished": "2010-03-02T20:00:00Z",
"dateReserved": "2010-03-02T00:00:00Z",
"dateUpdated": "2024-09-16T17:34:15.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5656
Vulnerability from cvelistv5
Published
2008-12-17 20:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46591 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32284 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:43.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-felogin-xss(46591)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/"
},
{
"name": "32284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-felogin-xss(46591)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/"
},
{
"name": "32284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-felogin-xss(46591)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46591"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/"
},
{
"name": "32284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5656",
"datePublished": "2008-12-17T20:00:00",
"dateReserved": "2008-12-17T00:00:00",
"dateUpdated": "2024-08-07T11:04:43.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4160
Vulnerability from cvelistv5
Published
2009-12-02 17:00
Modified
2024-09-16 22:10
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37168 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/37550 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37168",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37168"
},
{
"name": "37550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37168",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37168"
},
{
"name": "37550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37168"
},
{
"name": "37550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37550"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4160",
"datePublished": "2009-12-02T17:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-16T22:10:19.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4629
Vulnerability from cvelistv5
Published
2019-11-06 16:30
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4629 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "before 4.5.4"
}
]
}
],
"datePublic": "2011-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T16:30:30",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3",
"version": {
"version_data": [
{
"version_value": "before 4.5.4"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4629",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4629"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4629",
"datePublished": "2019-11-06T16:30:30",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3948
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/powermail | x_refsource_CONFIRM | |
| http://secunia.com/advisories/58909 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/06/03/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/powermail"
},
{
"name": "58909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/powermail"
},
{
"name": "58909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/powermail",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail"
},
{
"name": "58909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58909"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3948",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6148
Vulnerability from cvelistv5
Published
2013-07-01 21:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/87114 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79968 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "87114",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87114"
},
{
"name": "typo3-backend-functionmenu-xss(79968)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79968"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "87114",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87114"
},
{
"name": "typo3-backend-functionmenu-xss(79968)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79968"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "87114",
"refsource": "OSVDB",
"url": "http://osvdb.org/87114"
},
{
"name": "typo3-backend-functionmenu-xss(79968)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79968"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6148",
"datePublished": "2013-07-01T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8759
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/79250 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/"
},
{
"name": "79250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/"
},
{
"name": "79250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/"
},
{
"name": "79250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8759",
"datePublished": "2016-01-08T19:00:00Z",
"dateReserved": "2016-01-08T00:00:00Z",
"dateUpdated": "2024-09-16T19:10:11.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31050
Vulnerability from cvelistv5
Published
2022-06-14 20:55
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-005 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T20:55:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005"
}
],
"source": {
"advisory": "GHSA-wwjw-r3gj-39fq",
"discovery": "UNKNOWN"
},
"title": "Insufficient Session Expiration in TYPO3 Admin Tool",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31050",
"STATE": "PUBLIC",
"TITLE": "Insufficient Session Expiration in TYPO3 Admin Tool"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613: Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"name": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-005",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005"
}
]
},
"source": {
"advisory": "GHSA-wwjw-r3gj-39fq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31050",
"datePublished": "2022-06-14T20:55:11",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5080
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637&rev_to=51568 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/51854 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/78800 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637\u0026rev_to=51568"
},
{
"name": "51854",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51854"
},
{
"name": "78800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637\u0026rev_to=51568"
},
{
"name": "51854",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51854"
},
{
"name": "78800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78800"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637\u0026rev_to=51568",
"refsource": "CONFIRM",
"url": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637\u0026rev_to=51568"
},
{
"name": "51854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51854"
},
{
"name": "78800",
"refsource": "OSVDB",
"url": "http://osvdb.org/78800"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5080",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-17T04:20:40.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4720
Vulnerability from cvelistv5
Published
2013-06-27 20:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/58054 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82217 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/ | x_refsource_MISC | |
| http://typo3.org/extensions/repository/view/wec_discussion | x_refsource_CONFIRM | |
| http://osvdb.org/90413 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58054",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58054"
},
{
"name": "typo3-wecdiscussion-unspec-sql-injection(82217)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion"
},
{
"name": "90413",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "58054",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58054"
},
{
"name": "typo3-wecdiscussion-unspec-sql-injection(82217)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion"
},
{
"name": "90413",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58054"
},
{
"name": "typo3-wecdiscussion-unspec-sql-injection(82217)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82217"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"name": "http://typo3.org/extensions/repository/view/wec_discussion",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wec_discussion"
},
{
"name": "90413",
"refsource": "OSVDB",
"url": "http://osvdb.org/90413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4720",
"datePublished": "2013-06-27T20:00:00",
"dateReserved": "2013-06-27T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32669
Vulnerability from cvelistv5
Published
2021-07-20 15:35
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-011 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.29"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.18"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T15:35:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-011"
}
],
"source": {
"advisory": "GHSA-rgcg-28xm-8mmw",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Backend Grid View",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32669",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Backend Grid View"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.29"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.18"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.3.1"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-011",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-011"
}
]
},
"source": {
"advisory": "GHSA-rgcg-28xm-8mmw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32669",
"datePublished": "2021-07-20T15:35:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-34357
Vulnerability from cvelistv5
Published
2024-05-14 14:13
Modified
2024-08-02 02:51
Severity ?
EPSS score ?
Summary
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController` (`_eID tx_cms_showpic_`) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7 | x_refsource_MISC | |
| https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee | x_refsource_MISC | |
| https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2024-009 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:47:12.578608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:47:27.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m"
},
{
"name": "https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7"
},
{
"name": "https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee"
},
{
"name": "https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-009",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.48"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.45"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.37"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.15"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController` (`_eID tx_cms_showpic_`) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T14:25:53.339Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m"
},
{
"name": "https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7"
},
{
"name": "https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee"
},
{
"name": "https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2024-009",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-009"
}
],
"source": {
"advisory": "GHSA-hw6c-6gwq-3m3m",
"discovery": "UNKNOWN"
},
"title": "TYPO3 vulnerable to Cross-Site Scripting in ShowImageController"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34357",
"datePublished": "2024-05-14T14:13:11.860Z",
"dateReserved": "2024-05-02T06:36:32.438Z",
"dateUpdated": "2024-08-02T02:51:11.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4321
Vulnerability from cvelistv5
Published
2014-05-20 14:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-20T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/",
"refsource": "CONFIRM",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4321",
"datePublished": "2014-05-20T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4398
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4398",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-16T18:39:48.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11832
Vulnerability from cvelistv5
Published
2019-05-09 04:09
Modified
2024-08-04 23:03
Severity ?
EPSS score ?
Summary
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/security/advisory/typo3-core-sa-2019-012/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108305 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/"
},
{
"name": "108305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T16:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/"
},
{
"name": "108305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/"
},
{
"name": "108305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11832",
"datePublished": "2019-05-09T04:09:11",
"dateReserved": "2019-05-09T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5644
Vulnerability from cvelistv5
Published
2008-12-17 18:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/3144 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46585 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32689 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/32284 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:43.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-3144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/"
},
{
"name": "typo3-file-backend-xss(46585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46585"
},
{
"name": "32689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32689"
},
{
"name": "32284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-3144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/"
},
{
"name": "typo3-file-backend-xss(46585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46585"
},
{
"name": "32689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32689"
},
{
"name": "32284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3144"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/"
},
{
"name": "typo3-file-backend-xss(46585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46585"
},
{
"name": "32689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32689"
},
{
"name": "32284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5644",
"datePublished": "2008-12-17T18:00:00",
"dateReserved": "2008-12-17T00:00:00",
"dateUpdated": "2024-08-07T11:04:43.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2717
Vulnerability from cvelistv5
Published
2008-06-16 22:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/29657 | vdb-entry, x_refsource_BID | |
| http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/30619 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/493270/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42988 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2008/dsa-1596 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.vupen.com/english/advisories/2008/1802 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30660 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/ | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/3945 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"name": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/",
"refsource": "CONFIRM",
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30660"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2717",
"datePublished": "2008-06-16T22:00:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55893
Vulnerability from cvelistv5
Published
2025-01-14 20:00
Modified
2025-01-14 20:00
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Log Module” allows attackers to remove log entries. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-cjfr-9f5r-3q93 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2025-003 | x_refsource_MISC |
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.48"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.42"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.25"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cLog Module\u201d allows attackers to remove log entries. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:00:15.247Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-cjfr-9f5r-3q93",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-cjfr-9f5r-3q93"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-003",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-003"
}
],
"source": {
"advisory": "GHSA-cjfr-9f5r-3q93",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in Log Module in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55893",
"datePublished": "2025-01-14T20:00:15.247Z",
"dateReserved": "2024-12-12T15:03:39.206Z",
"dateUpdated": "2025-01-14T20:00:15.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4657
Vulnerability from cvelistv5
Published
2008-10-21 22:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2870 | vdb-entry, x_refsource_VUPEN | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31841 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/econda/0.0.4/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31841",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31841"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/econda/0.0.4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31841",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31841"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/econda/0.0.4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"name": "31841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31841"
},
{
"name": "http://typo3.org/extensions/repository/view/econda/0.0.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/econda/0.0.4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4657",
"datePublished": "2008-10-21T22:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4681
Vulnerability from cvelistv5
Published
2013-06-25 18:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/sofortueberweisung2commerce | x_refsource_CONFIRM | |
| http://secunia.com/advisories/53280 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81585 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce"
},
{
"name": "53280",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53280"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"name": "typo3-sofortue-unspecified-sql-injection(81585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce"
},
{
"name": "53280",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53280"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"name": "typo3-sofortue-unspecified-sql-injection(81585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce"
},
{
"name": "53280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53280"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"name": "typo3-sofortue-unspecified-sql-injection(81585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4681",
"datePublished": "2013-06-25T18:00:00",
"dateReserved": "2013-06-25T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4068
Vulnerability from cvelistv5
Published
2010-10-25 19:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/43786 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2010/dsa-2121 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:36.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-25T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4068",
"datePublished": "2010-10-25T19:00:00Z",
"dateReserved": "2010-10-25T00:00:00Z",
"dateUpdated": "2024-09-16T17:03:21.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55891
Vulnerability from cvelistv5
Published
2025-01-14 19:11
Modified
2025-01-14 19:11
Severity ?
EPSS score ?
Summary
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2025-001 | x_refsource_MISC |
{
"containers": {
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003c 13.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:11:58.861Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-001",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-001"
}
],
"source": {
"advisory": "GHSA-38x7-cc6w-j27q",
"discovery": "UNKNOWN"
},
"title": "Information Disclosure via Exception Handling/Logger in TYPO3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55891",
"datePublished": "2025-01-14T19:11:58.861Z",
"dateReserved": "2024-12-12T15:03:39.205Z",
"dateUpdated": "2025-01-14T19:11:58.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5323
Vulnerability from cvelistv5
Published
2013-08-20 18:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-004/ | x_refsource_MISC | |
| http://typo3.org/extensions/repository/view/static_info_tables | x_refsource_CONFIRM | |
| http://osvdb.org/90414 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/58056 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/52283 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82212 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/static_info_tables"
},
{
"name": "90414",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90414"
},
{
"name": "58056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58056"
},
{
"name": "52283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52283"
},
{
"name": "staticinfotables-unspecified-xss(82212)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/static_info_tables"
},
{
"name": "90414",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90414"
},
{
"name": "58056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58056"
},
{
"name": "52283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52283"
},
{
"name": "staticinfotables-unspecified-xss(82212)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82212"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-004/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-004/"
},
{
"name": "http://typo3.org/extensions/repository/view/static_info_tables",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/static_info_tables"
},
{
"name": "90414",
"refsource": "OSVDB",
"url": "http://osvdb.org/90414"
},
{
"name": "58056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58056"
},
{
"name": "52283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52283"
},
{
"name": "staticinfotables-unspecified-xss(82212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82212"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5323",
"datePublished": "2013-08-20T18:00:00",
"dateReserved": "2013-08-20T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0327
Vulnerability from cvelistv5
Published
2006-01-21 00:00
Modified
2024-08-07 16:34
Severity ?
EPSS score ?
Summary
TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/422390/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/361 | third-party-advisory, x_refsource_SREASON | |
| http://www.osvdb.org/22666 | vdb-entry, x_refsource_OSVDB | |
| http://bugs.typo3.org/view.php?id=2248 | x_refsource_MISC | |
| http://www.irmplc.com/advisory015.htm | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24244 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/22665 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/18546 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0269 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/422360/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/22667 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:13.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060119 Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422390/100/0/threaded"
},
{
"name": "361",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/361"
},
{
"name": "22666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22666"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.typo3.org/view.php?id=2248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/advisory015.htm"
},
{
"name": "typo3-multiple-path-disclosure(24244)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24244"
},
{
"name": "22665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22665"
},
{
"name": "18546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18546"
},
{
"name": "ADV-2006-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0269"
},
{
"name": "20060119 IRM 015: File system path disclosure on TYPO3 Web Content Manager",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422360/100/0/threaded"
},
{
"name": "22667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060119 Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422390/100/0/threaded"
},
{
"name": "361",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/361"
},
{
"name": "22666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22666"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.typo3.org/view.php?id=2248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/advisory015.htm"
},
{
"name": "typo3-multiple-path-disclosure(24244)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24244"
},
{
"name": "22665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22665"
},
{
"name": "18546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18546"
},
{
"name": "ADV-2006-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0269"
},
{
"name": "20060119 IRM 015: File system path disclosure on TYPO3 Web Content Manager",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422360/100/0/threaded"
},
{
"name": "22667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060119 Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422390/100/0/threaded"
},
{
"name": "361",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/361"
},
{
"name": "22666",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22666"
},
{
"name": "http://bugs.typo3.org/view.php?id=2248",
"refsource": "MISC",
"url": "http://bugs.typo3.org/view.php?id=2248"
},
{
"name": "http://www.irmplc.com/advisory015.htm",
"refsource": "MISC",
"url": "http://www.irmplc.com/advisory015.htm"
},
{
"name": "typo3-multiple-path-disclosure(24244)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24244"
},
{
"name": "22665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22665"
},
{
"name": "18546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18546"
},
{
"name": "ADV-2006-0269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0269"
},
{
"name": "20060119 IRM 015: File system path disclosure on TYPO3 Web Content Manager",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422360/100/0/threaded"
},
{
"name": "22667",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0327",
"datePublished": "2006-01-21T00:00:00",
"dateReserved": "2006-01-20T00:00:00",
"dateUpdated": "2024-08-07T16:34:13.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4250
Vulnerability from cvelistv5
Published
2014-05-20 14:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-23T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/",
"refsource": "CONFIRM",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4250",
"datePublished": "2014-05-20T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3530
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77794 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2012/dsa-2537 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/08/22/8 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/84772 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/50287 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "typo3-html5-xss(77794)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77794"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "84772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/84772"
},
{
"name": "50287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "typo3-html5-xss(77794)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77794"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "84772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/84772"
},
{
"name": "50287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "typo3-html5-xss(77794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77794"
},
{
"name": "DSA-2537",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "84772",
"refsource": "OSVDB",
"url": "http://osvdb.org/84772"
},
{
"name": "50287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3530",
"datePublished": "2012-09-05T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4951
Vulnerability from cvelistv5
Published
2010-07-22 18:00
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-22T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4951",
"datePublished": "2010-07-22T18:00:00Z",
"dateReserved": "2010-07-22T00:00:00Z",
"dateUpdated": "2024-09-17T01:06:44.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1025
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56977 | vdb-entry, x_refsource_XF | |
| http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38805 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tgmnewsletter-unspecified-xss(56977)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56977"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38805"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "tgmnewsletter-unspecified-xss(56977)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56977"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38805"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tgmnewsletter-unspecified-xss(56977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56977"
},
{
"name": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38805"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1025",
"datePublished": "2010-03-19T18:35:00",
"dateReserved": "2010-03-19T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4885
Vulnerability from cvelistv5
Published
2011-10-07 10:00
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/42937 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/xing/1.0.2/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41269 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42937",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42937"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/xing/1.0.2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"name": "41269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42937",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42937"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/xing/1.0.2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"name": "41269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42937"
},
{
"name": "http://typo3.org/extensions/repository/view/xing/1.0.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/xing/1.0.2/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"name": "41269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4885",
"datePublished": "2011-10-07T10:00:00Z",
"dateReserved": "2011-10-07T00:00:00Z",
"dateUpdated": "2024-09-16T22:30:29.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5890
Vulnerability from cvelistv5
Published
2012-11-17 21:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80145 | vdb-entry, x_refsource_XF | |
| http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720 | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002/ | x_refsource_MISC | |
| http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-frontenduser-multiple-info-disclosure(80145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-frontenduser-multiple-info-disclosure(80145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-frontenduser-multiple-info-disclosure(80145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80145"
},
{
"name": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720",
"refsource": "CONFIRM",
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002/"
},
{
"name": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5890",
"datePublished": "2012-11-17T21:00:00",
"dateReserved": "2012-11-17T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3659
Vulnerability from cvelistv5
Published
2017-10-20 18:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3659/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/02/12/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2010/09/28/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/42029 | vdb-entry, x_refsource_BID | |
| https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:51.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3659/"
},
{
"name": "[oss-security] 20140212 Re: Old CVE ids, public, but still",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/8"
},
{
"name": "[oss-security] 20100928 CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/28/8"
},
{
"name": "42029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42029"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3659/"
},
{
"name": "[oss-security] 20140212 Re: Old CVE ids, public, but still",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/8"
},
{
"name": "[oss-security] 20100928 CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/28/8"
},
{
"name": "42029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42029"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3659/",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3659/"
},
{
"name": "[oss-security] 20140212 Re: Old CVE ids, public, but still",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/8"
},
{
"name": "[oss-security] 20100928 CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/28/8"
},
{
"name": "42029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42029"
},
{
"name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/",
"refsource": "CONFIRM",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3659",
"datePublished": "2017-10-20T18:00:00",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:51.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6692
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/29822 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43207 | vdb-entry, x_refsource_XF | |
| http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/ | x_refsource_CONFIRM | |
| http://osvdb.org/46389 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29822"
},
{
"name": "pdtrainingcourses-unspecified-sql-injection(43207)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "46389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46389"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29822"
},
{
"name": "pdtrainingcourses-unspecified-sql-injection(43207)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "46389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46389"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29822"
},
{
"name": "pdtrainingcourses-unspecified-sql-injection(43207)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43207"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "46389",
"refsource": "OSVDB",
"url": "http://osvdb.org/46389"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6692",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3636
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37122 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=oss-security&m=125633199111438&w=2 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53929 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=oss-security&m=125632856206736&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/3009 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36801 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:28.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "typo3-installtool-xss(53929)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53929"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "typo3-installtool-xss(53929)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53929"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"name": "37122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37122"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"name": "typo3-installtool-xss(53929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53929"
},
{
"name": "[oss-security] 20091023 Re: CVE id request: typo3",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"name": "ADV-2009-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"name": "36801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3636",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:28.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32668
Vulnerability from cvelistv5
Published
2021-07-20 14:45
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379 | x_refsource_CONFIRM | |
| https://typo3.org/security/advisory/typo3-core-sa-2021-010 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3.CMS",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.29"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.18"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T14:45:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-010"
}
],
"source": {
"advisory": "GHSA-6mh3-j5r5-2379",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Query Generator \u0026 Query View",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32668",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Query Generator \u0026 Query View"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3.CMS",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.29"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.18"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.3.1"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2021-010",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-010"
}
]
},
"source": {
"advisory": "GHSA-6mh3-j5r5-2379",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32668",
"datePublished": "2021-07-20T14:45:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12748
Vulnerability from cvelistv5
Published
2019-07-09 14:22
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/security/advisory/typo3-core-sa-2019-015/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-12T13:40:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12748",
"datePublished": "2019-07-09T14:22:00",
"dateReserved": "2019-06-06T00:00:00",
"dateUpdated": "2024-08-04T23:32:54.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5079
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-09-16 22:25
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51845 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/irfaq/1.1.4/info/ChangeLog/ | x_refsource_CONFIRM | |
| http://osvdb.org/78750 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/47823 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51845"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/irfaq/1.1.4/info/ChangeLog/"
},
{
"name": "78750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78750"
},
{
"name": "47823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47823"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the \"return url parameter.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51845"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/irfaq/1.1.4/info/ChangeLog/"
},
{
"name": "78750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78750"
},
{
"name": "47823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47823"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the \"return url parameter.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51845"
},
{
"name": "http://typo3.org/extensions/repository/view/irfaq/1.1.4/info/ChangeLog/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/irfaq/1.1.4/info/ChangeLog/"
},
{
"name": "78750",
"refsource": "OSVDB",
"url": "http://osvdb.org/78750"
},
{
"name": "47823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47823"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5079",
"datePublished": "2012-02-14T17:00:00Z",
"dateReserved": "2012-02-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:51.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4889
Vulnerability from cvelistv5
Published
2011-10-07 10:00
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4889",
"datePublished": "2011-10-07T10:00:00Z",
"dateReserved": "2011-10-07T00:00:00Z",
"dateUpdated": "2024-09-17T02:31:43.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5302
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54306 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013 | x_refsource_MISC | |
| http://osvdb.org/95959 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/61609 | vdb-entry, x_refsource_BID | |
| http://typo3.org/extensions/repository/view/ke_search | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86235 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54306"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "95959",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95959"
},
{
"name": "61609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/ke_search"
},
{
"name": "facetedsearch-unspecified-sql-injection(86235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54306"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "95959",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95959"
},
{
"name": "61609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/ke_search"
},
{
"name": "facetedsearch-unspecified-sql-injection(86235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54306"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"name": "95959",
"refsource": "OSVDB",
"url": "http://osvdb.org/95959"
},
{
"name": "61609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61609"
},
{
"name": "http://typo3.org/extensions/repository/view/ke_search",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ke_search"
},
{
"name": "facetedsearch-unspecified-sql-injection(86235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5302",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1012
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 20:37
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38810 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38810"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38810"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38810"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1012",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:37:45.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4634
Vulnerability from cvelistv5
Published
2013-06-20 23:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84659 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/53633 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/93815 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/rzautocomplete | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/60276 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "typo3-jquery-unspecified-sql-injection(84659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84659"
},
{
"name": "53633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53633"
},
{
"name": "93815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/rzautocomplete"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"name": "60276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "typo3-jquery-unspecified-sql-injection(84659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84659"
},
{
"name": "53633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53633"
},
{
"name": "93815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/rzautocomplete"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"name": "60276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "typo3-jquery-unspecified-sql-injection(84659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84659"
},
{
"name": "53633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53633"
},
{
"name": "93815",
"refsource": "OSVDB",
"url": "http://osvdb.org/93815"
},
{
"name": "http://typo3.org/extensions/repository/view/rzautocomplete",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/rzautocomplete"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"name": "60276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4634",
"datePublished": "2013-06-20T23:00:00",
"dateReserved": "2013-06-20T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3531
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2537 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/08/22/8 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78888 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "typo3-installtool-unspecified-xss(78888)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "DSA-2537",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "typo3-installtool-unspecified-xss(78888)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78888"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"name": "DSA-2537",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "typo3-installtool-unspecified-xss(78888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78888"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3531",
"datePublished": "2012-09-05T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3668
Vulnerability from cvelistv5
Published
2019-11-04 22:01
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3668 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T22:01:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3668",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3668"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3668",
"datePublished": "2019-11-04T22:01:24",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9509
Vulnerability from cvelistv5
Published
2015-01-04 21:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:40.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a \"Cache Poisoning\" attack using a URL with arbitrary arguments, which triggers a reload of the page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-04T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a \"Cache Poisoning\" attack using a URL with arbitrary arguments, which triggers a reload of the page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9509",
"datePublished": "2015-01-04T21:00:00Z",
"dateReserved": "2015-01-04T00:00:00Z",
"dateUpdated": "2024-09-17T03:13:04.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6342
Vulnerability from cvelistv5
Published
2009-02-27 17:00
Modified
2024-09-17 03:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33301 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33301",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33301"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-27T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33301",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33301"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33301"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"name": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6342",
"datePublished": "2009-02-27T17:00:00Z",
"dateReserved": "2009-02-27T00:00:00Z",
"dateUpdated": "2024-09-17T03:59:51.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2103
Vulnerability from cvelistv5
Published
2009-06-17 17:00
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35394 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/ | x_refsource_CONFIRM | |
| http://osvdb.org/55123 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/35484 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:21.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/"
},
{
"name": "55123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55123"
},
{
"name": "35484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/"
},
{
"name": "55123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55123"
},
{
"name": "35484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35394"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/"
},
{
"name": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/"
},
{
"name": "55123",
"refsource": "OSVDB",
"url": "http://osvdb.org/55123"
},
{
"name": "35484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2103",
"datePublished": "2009-06-17T17:00:00",
"dateReserved": "2009-06-17T00:00:00",
"dateUpdated": "2024-08-07T05:36:21.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3662
Vulnerability from cvelistv5
Published
2019-11-04 21:11
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-3662 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3662"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T21:11:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3662"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-3662",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3662"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection",
"refsource": "CONFIRM",
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3662",
"datePublished": "2019-11-04T21:11:33",
"dateReserved": "2010-09-28T00:00:00",
"dateUpdated": "2024-08-07T03:18:53.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0334
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 19:24
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0334",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T19:24:30.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4746
Vulnerability from cvelistv5
Published
2013-07-01 23:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/90409 | vdb-entry, x_refsource_OSVDB | |
| http://typo3.org/extensions/repository/view/myquizpoll | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90409"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-01T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "90409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90409"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90409",
"refsource": "OSVDB",
"url": "http://osvdb.org/90409"
},
{
"name": "http://typo3.org/extensions/repository/view/myquizpoll",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4746",
"datePublished": "2013-07-01T23:00:00Z",
"dateReserved": "2013-07-01T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:08.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2131
Vulnerability from cvelistv5
Published
2010-06-02 18:14
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/cal/1.3.2/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38745 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/62668 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/38493 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.3.2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005/"
},
{
"name": "38745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38745"
},
{
"name": "62668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62668"
},
{
"name": "38493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38493"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-02T18:14:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.3.2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005/"
},
{
"name": "38745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38745"
},
{
"name": "62668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62668"
},
{
"name": "38493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38493"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/cal/1.3.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/cal/1.3.2/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005/"
},
{
"name": "38745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38745"
},
{
"name": "62668",
"refsource": "OSVDB",
"url": "http://osvdb.org/62668"
},
{
"name": "38493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38493"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2131",
"datePublished": "2010-06-02T18:14:00Z",
"dateReserved": "2010-06-02T00:00:00Z",
"dateUpdated": "2024-09-16T16:43:17.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0327
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38165 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/kj_imagelightbox2/2.0.2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38165",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/kj_imagelightbox2/2.0.2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38165",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/kj_imagelightbox2/2.0.2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38165"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "http://typo3.org/extensions/repository/view/kj_imagelightbox2/2.0.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/kj_imagelightbox2/2.0.2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0327",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T16:43:58.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4704
Vulnerability from cvelistv5
Published
2010-03-15 21:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4704",
"datePublished": "2010-03-15T21:00:00Z",
"dateReserved": "2010-03-15T00:00:00Z",
"dateUpdated": "2024-09-16T18:03:17.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5795
Vulnerability from cvelistv5
Published
2008-12-31 11:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46467 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/32228 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32638 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "elunapagecomments-unspecified-xss(46467)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46467"
},
{
"name": "32228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32228"
},
{
"name": "32638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32638"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "elunapagecomments-unspecified-xss(46467)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46467"
},
{
"name": "32228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32228"
},
{
"name": "32638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32638"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "elunapagecomments-unspecified-xss(46467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46467"
},
{
"name": "32228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32228"
},
{
"name": "32638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32638"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5795",
"datePublished": "2008-12-31T11:00:00",
"dateReserved": "2008-12-30T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3949
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-008 | x_refsource_MISC | |
| http://typo3.org/extensions/repository/view/gridelements | x_refsource_CONFIRM | |
| http://secunia.com/advisories/58592 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2014/06/03/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/gridelements"
},
{
"name": "58592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58592"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/gridelements"
},
{
"name": "58592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58592"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-008",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-008"
},
{
"name": "http://typo3.org/extensions/repository/view/gridelements",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/gridelements"
},
{
"name": "58592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58592"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3949",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0322
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 00:42
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/ | x_refsource_CONFIRM | |
| http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/info/ChangeLog/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/info/ChangeLog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/info/ChangeLog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/"
},
{
"name": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/info/ChangeLog/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/info/ChangeLog/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0322",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T00:42:17.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4952
Vulnerability from cvelistv5
Published
2010-07-22 18:00
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-22T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4952",
"datePublished": "2010-07-22T18:00:00Z",
"dateReserved": "2010-07-22T00:00:00Z",
"dateUpdated": "2024-09-16T18:44:15.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0346
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-17 00:31
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0346",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:10.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-5102
Vulnerability from cvelistv5
Published
2012-05-21 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.typo3.org/view.php?id=16362 | x_refsource_MISC | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/ | x_refsource_CONFIRM | |
| http://www.osvdb.org/70119 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/45470 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64180 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/35770 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/12/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/11/3 | mailing-list, x_refsource_MLIST | |
| http://securesystems.ca/advisory.php?id=2010-001 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/05/10/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.typo3.org/view.php?id=16362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "70119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70119"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "typo3-unspecified-file-include(64180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securesystems.ca/advisory.php?id=2010-001"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.typo3.org/view.php?id=16362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "70119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70119"
},
{
"name": "45470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "typo3-unspecified-file-include(64180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securesystems.ca/advisory.php?id=2010-001"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.typo3.org/view.php?id=16362",
"refsource": "MISC",
"url": "http://bugs.typo3.org/view.php?id=16362"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"name": "70119",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70119"
},
{
"name": "45470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"name": "typo3-unspecified-file-include(64180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"name": "35770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35770"
},
{
"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "http://securesystems.ca/advisory.php?id=2010-001",
"refsource": "MISC",
"url": "http://securesystems.ca/advisory.php?id=2010-001"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5102",
"datePublished": "2012-05-21T20:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:39.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4396
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4396",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:27:42.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5091
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/25/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/26/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:47.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/"
},
{
"name": "[oss-security] 20160525 CVE-Request: TYPO3 Extbase Missing Access Check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/4"
},
{
"name": "[oss-security] 20160526 Re: CVE-Request: TYPO3 Extbase Missing Access Check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-24T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/"
},
{
"name": "[oss-security] 20160525 CVE-Request: TYPO3 Extbase Missing Access Check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/4"
},
{
"name": "[oss-security] 20160526 Re: CVE-Request: TYPO3 Extbase Missing Access Check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/",
"refsource": "CONFIRM",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/"
},
{
"name": "[oss-security] 20160525 CVE-Request: TYPO3 Extbase Missing Access Check",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/4"
},
{
"name": "[oss-security] 20160526 Re: CVE-Request: TYPO3 Extbase Missing Access Check",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5091",
"datePublished": "2017-01-23T21:00:00",
"dateReserved": "2016-05-26T00:00:00",
"dateUpdated": "2024-08-06T00:53:47.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3716
Vulnerability from cvelistv5
Published
2010-10-25 19:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/43786 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2010/dsa-2121 | vendor-advisory, x_refsource_DEBIAN | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-25T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "43786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"name": "DSA-2121",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3716",
"datePublished": "2010-10-25T19:00:00Z",
"dateReserved": "2010-10-01T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:17.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0340
Vulnerability from cvelistv5
Published
2010-01-15 19:00
Modified
2024-09-16 18:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-15T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0340",
"datePublished": "2010-01-15T19:00:00Z",
"dateReserved": "2010-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T18:59:30.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1073
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51834 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72957 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/78784 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51834"
},
{
"name": "typo3-categorysystem-unspecified-xss(72957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72957"
},
{
"name": "78784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51834"
},
{
"name": "typo3-categorysystem-unspecified-xss(72957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72957"
},
{
"name": "78784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51834"
},
{
"name": "typo3-categorysystem-unspecified-xss(72957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72957"
},
{
"name": "78784",
"refsource": "OSVDB",
"url": "http://osvdb.org/78784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1073",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7073
Vulnerability from cvelistv5
Published
2013-12-23 23:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/487 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html | vendor-advisory, x_refsource_SUSE | |
| http://seclists.org/oss-sec/2013/q4/473 | mailing-list, x_refsource_MLIST | |
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2014/dsa-2834 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "openSUSE-SU-2016:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"name": "openSUSE-SU-2016:2025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "openSUSE-SU-2016:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "openSUSE-SU-2016:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"name": "openSUSE-SU-2016:2025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "openSUSE-SU-2016:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"name": "DSA-2834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"name": "openSUSE-SU-2016:2169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"name": "openSUSE-SU-2016:2025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"name": "[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"name": "openSUSE-SU-2016:2114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"name": "DSA-2834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7073",
"datePublished": "2013-12-23T23:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31048
Vulnerability from cvelistv5
Published
2022-06-14 20:50
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg | x_refsource_CONFIRM | |
| https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0 | x_refsource_MISC | |
| https://typo3.org/security/advisory/typo3-core-sa-2022-003 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T20:50:18",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003"
}
],
"source": {
"advisory": "GHSA-3r95-23jp-mhvg",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Form Framework",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31048",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Form Framework"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
},
{
"name": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-003",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003"
}
]
},
"source": {
"advisory": "GHSA-3r95-23jp-mhvg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31048",
"datePublished": "2022-06-14T20:50:18",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4963
Vulnerability from cvelistv5
Published
2010-07-27 18:39
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2409 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36133 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2409"
},
{
"name": "36133",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-27T18:39:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-2409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2409"
},
{
"name": "36133",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2409"
},
{
"name": "36133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36133"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4963",
"datePublished": "2010-07-27T18:39:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-16T22:46:07.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4719
Vulnerability from cvelistv5
Published
2013-06-27 20:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/53283 | third-party-advisory, x_refsource_SECUNIA | |
| http://typo3.org/extensions/repository/view/lonewsseo | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81574 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53283"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/lonewsseo"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"name": "typo3-ttnews-unspecified-sql-injection(81574)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53283"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/lonewsseo"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"name": "typo3-ttnews-unspecified-sql-injection(81574)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53283"
},
{
"name": "http://typo3.org/extensions/repository/view/lonewsseo",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/lonewsseo"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"name": "typo3-ttnews-unspecified-sql-injection(81574)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4719",
"datePublished": "2013-06-27T20:00:00",
"dateReserved": "2013-06-27T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4955
Vulnerability from cvelistv5
Published
2010-07-22 18:00
Modified
2024-09-16 17:54
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/ | x_refsource_CONFIRM | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-22T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4955",
"datePublished": "2010-07-22T18:00:00Z",
"dateReserved": "2010-07-22T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:20.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4401
Vulnerability from cvelistv5
Published
2009-12-22 23:00
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4401",
"datePublished": "2009-12-22T23:00:00Z",
"dateReserved": "2009-12-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:12:20.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1071
Vulnerability from cvelistv5
Published
2012-02-14 17:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72934 | vdb-entry, x_refsource_XF | |
| http://typo3.org/extensions/repository/view/mv_cooking/0.4.1/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51825 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47437 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/78748 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "typo3-kitchen-unspecified-sql-injection(72934)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/mv_cooking/0.4.1/"
},
{
"name": "51825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51825"
},
{
"name": "47437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47437"
},
{
"name": "78748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "typo3-kitchen-unspecified-sql-injection(72934)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/extensions/repository/view/mv_cooking/0.4.1/"
},
{
"name": "51825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51825"
},
{
"name": "47437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47437"
},
{
"name": "78748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "typo3-kitchen-unspecified-sql-injection(72934)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72934"
},
{
"name": "http://typo3.org/extensions/repository/view/mv_cooking/0.4.1/",
"refsource": "MISC",
"url": "http://typo3.org/extensions/repository/view/mv_cooking/0.4.1/"
},
{
"name": "51825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51825"
},
{
"name": "47437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47437"
},
{
"name": "78748",
"refsource": "OSVDB",
"url": "http://osvdb.org/78748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1071",
"datePublished": "2012-02-14T17:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0816
Vulnerability from cvelistv5
Published
2009-03-05 02:00
Modified
2024-08-07 04:48
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2009/02/10/6 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2009/dsa-1720 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id?1021709 | vdb-entry, x_refsource_SECTRACK | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"name": "DSA-1720",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"name": "1021709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"name": "DSA-1720",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"name": "1021709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"name": "DSA-1720",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"name": "1021709",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021709"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0816",
"datePublished": "2009-03-05T02:00:00",
"dateReserved": "2009-03-04T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-10-28 22:55
Modified
2024-11-21 01:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ingo_renner | apache_solr | * | |
| ingo_renner | apache_solr | 1.0 | |
| ingo_renner | apache_solr | 1.3.0 | |
| ingo_renner | apache_solr | 1.3.1 | |
| ingo_renner | apache_solr | 2.1.0 | |
| ingo_renner | apache_solr | 2.2.0 | |
| ingo_renner | apache_solr | 2.2.1 | |
| ingo_renner | apache_solr | 2.2.2 | |
| ingo_renner | apache_solr | 2.8.0 | |
| ingo_renner | apache_solr | 2.8.1 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9314F3A-5E7D-4FBE-A46C-35A6F3F3A7BA",
"versionEndIncluding": "2.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "211526D1-C48E-43C4-8E60-9A3DDABC53D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D844805F-73B6-461C-94DF-F2950AB4E270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2C38DE-FF31-4CAC-8AE2-A596BFBC0621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83ECCAB7-3848-4289-8CC8-CCDCBAB47169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2B5498-4AA2-4B3B-A526-6732035B3053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9529891-B227-4616-B528-668C69359C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2C074A-D514-422C-ACE5-465303A93080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6526EE-4256-48F8-BE6A-F34797BD0BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06520820-6E50-46EC-880A-786E59F131FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en la extensi\u00f3n Apache Soir para TYPO3 (soir) en versiones anteriores a la 2.8.3 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6289",
"lastModified": "2024-11-21T01:58:57.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-28T22:55:04.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54978"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/solr"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/solr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62674"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluechip | bc_post2facebook | * | |
| bluechip | bc_post2facebook | 0.2.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluechip:bc_post2facebook:*:*:*:*:*:*:*:*",
"matchCriteriaId": "547BEB98-57EA-432C-ACA7-31FD4CFB055B",
"versionEndIncluding": "0.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluechip:bc_post2facebook:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8761E24C-D5CA-4C66-99AB-93D9F14DDFCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilida de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n Post data records to facebook (bc_post2facebook) antes de v0.2.2 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1087",
"lastModified": "2024-11-21T01:36:23.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:03.617",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78789"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| michael_fritz | worldcup | 0.1.9 | |
| michael_fritz | worldcup | 1.2.8 | |
| michael_fritz | worldcup | 1.2.9 | |
| michael_fritz | worldcup | 1.3.0 | |
| michael_fritz | worldcup | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D968C544-AC69-4E8A-BA08-5AF8553C1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58402F40-22FD-4C3D-B6EA-3244E6277E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C7435E-9191-484A-9708-5B46AFED3794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDDE629-2E79-43F8-A7AF-EA2EA14B4E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3780A749-C38C-4E50-9542-8DC5B081B8D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TARGET-E WorldCup Bets (worldcup) v2.0.0 y anteriores (extensi\u00f3n para TYPO3), permite a atacantes remotos inyectar de forma arbitraria secuencias de comandos web o HTML a trav\u00e9s vectores no especificados.\r\n"
}
],
"id": "CVE-2008-6698",
"lastModified": "2024-11-21T00:57:14.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-10T22:00:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46395"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29826"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43214"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 00:11
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | mannschaftsliste | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:mannschaftsliste:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F48A408D-D214-4B08-ADE3-3818B166D1AB",
"versionEndIncluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de Inyecci\u00f3n SQL en la extensi\u00f3n Mannschaftsliste (kiddog_playerlist) v1.0.3 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4659",
"lastModified": "2024-11-21T00:52:13.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T00:11:51.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31844"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 00:15
Modified
2024-11-21 04:56
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Summary
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "452C1937-33D2-40DA-829C-3FA2C6D677F9",
"versionEndExcluding": "9.5.17",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30B68697-3A51-4817-8E9B-768470259B3F",
"versionEndExcluding": "10.4.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones mayores o iguales a 9.0.0 y menores a 9.5.17 y versiones mayores o iguales a 10.0.0 y versiones menores a 10.4.2, al llamar la funci\u00f3n unserialize() sobre un contenido malicioso enviado por el usuario puede conllevar a una modificaci\u00f3n de determinados atributos de objeto y resultar en la eliminaci\u00f3n de un directorio arbitrario en el sistema de archivos, si es escribible para el servidor web. Tambi\u00e9n puede activar el env\u00edo de mensajes por medio de correo electr\u00f3nico utilizando la identidad del sitio web (retransmisi\u00f3n de correo). Es requerida otra vulnerabilidad de deserializaci\u00f3n no segura para explotar realmente los aspectos mencionados. Esto ha sido corregido en las versiones 9.5.17 y 10.4.2."
}
],
"id": "CVE-2020-11066",
"lastModified": "2024-11-21T04:56:42.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T00:15:11.310",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-915"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-22 23:28
Modified
2024-11-21 00:27
Severity ?
Summary
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2688D4A-AD32-4D78-ADE2-C69EAB910752",
"versionEndIncluding": "4.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "608D2A64-4748-4656-A74C-80E222CA98C2",
"versionEndIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BD5415F7-97FC-4B74-A862-9FE04D5D41B0",
"versionEndIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information."
},
{
"lang": "es",
"value": "La funci\u00f3n start en class.t3lib_formmail.php en TYPO3 anterior a 4.0.5, 4.1beta, y 4.1RC1 permite a atacantes remotos inyectar cabeceras email de su elecci\u00f3n a trav\u00e9s de vectores desconocidos. NOTA: Algunos de estos detalles se obtuvieron de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-1081",
"lastModified": "2024-11-21T00:27:27.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33471"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24207"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20070221-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22668"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0697"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20070221-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32630"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 22:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3666 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3666 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.1.14, versiones 4.2.x anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a 4.4.1, contiene una aleatoriedad no segura en la funci\u00f3n uniqid."
}
],
"id": "CVE-2010-3666",
"lastModified": "2024-11-21T01:19:20.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T22:15:10.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3666"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2024-11-21 02:53
Severity ?
Summary
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/4 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/26/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/26/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | typo3 | 7.0.0 | |
| typo3 | typo3 | 7.0.2 | |
| typo3 | typo3 | 7.1.0 | |
| typo3 | typo3 | 7.2.0 | |
| typo3 | typo3 | 7.3.0 | |
| typo3 | typo3 | 7.3.1 | |
| typo3 | typo3 | 7.4.0 | |
| typo3 | typo3 | 7.5.0 | |
| typo3 | typo3 | 7.6.0 | |
| typo3 | typo3 | 7.6.1 | |
| typo3 | typo3 | 7.6.2 | |
| typo3 | typo3 | 7.6.3 | |
| typo3 | typo3 | 7.6.4 | |
| typo3 | typo3 | 7.6.5 | |
| typo3 | typo3 | 7.6.6 | |
| typo3 | typo3 | 7.6.7 | |
| typo3 | typo3 | 7.6.8 | |
| typo3 | typo3 | 8.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F9573C-DEFC-4428-A9F4-5D3BB41E27A3",
"versionEndIncluding": "6.2.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC254112-3695-422E-BD5B-B5E65F61B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58A72CC1-1BCE-415C-9816-AD34C14E36FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237EEDFE-DFB0-4D6E-BAA6-7A374A384CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26264C04-D8E1-4780-97C3-13F287ECF11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B89766D-2E3C-4CE9-92ED-8E5A8FF71D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3392C868-FFD8-4B00-ADD2-02CCCAEC5EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F859F4-E3EE-4C2D-A618-6E49769A1610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7F660D-7C1E-43AA-B185-40309788F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C022973-D06B-4CEF-87BF-3C016AAD4770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36A63F3A-DC95-49FF-B6AC-FD98F8499905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E276D9-4C36-4630-BC44-5D49398E4452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF317B6-656C-4C2C-81F8-4864EE3F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D691A7EF-EE47-44EC-A073-04C3C0A432E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83E140F9-73E8-4EF7-BFDA-F56584D7FCFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E576B25-E43B-4C21-B1E5-EF937714ABC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCAB79AD-5991-4FCD-99C4-E742845BF086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19E5EBD4-51A0-4948-BF52-442766C32B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B12C85B0-522C-4526-99EE-8EEFD1830281",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action."
},
{
"lang": "es",
"value": "Extbase en TYPO3 4.3.0 en versiones anteriores a 6.2.24, 7.x en versiones anteriores a 7.6.8 y 8.1.1 permite a atacantes remotos obtener informaci\u00f3n sensible o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s una acci\u00f3n Extbase manipulada."
}
],
"id": "CVE-2016-5091",
"lastModified": "2024-11-21T02:53:36.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:01.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 08:15
Modified
2024-11-21 06:48
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "028CCE8F-FC6B-47B1-A5A3-8E7F5CFEE9C7",
"versionEndExcluding": "8.7.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D362D0-52EC-4A95-B01D-EF310ADD8C4F",
"versionEndExcluding": "9.5.38",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FC0F47-4C30-4162-8A7E-3C427D1C3596",
"versionEndExcluding": "10.4.33",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED21674D-027A-4DDC-AAD5-B7D58B309171",
"versionEndExcluding": "11.5.20",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9BE74F-BB15-48C5-AF1E-7B4197AE8F5B",
"versionEndExcluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web basado en PHP de c\u00f3digo abierto. En versiones anteriores a 8.7.49, 9.5.38, 10.4.33, 11.5.20 y 12.1.1, TYPO3 es vulnerable a una autenticaci\u00f3n incorrecta. Se puede omitir la restricci\u00f3n del inicio de sesi\u00f3n en la interfaz a usuarios espec\u00edficos, organizados en diferentes carpetas de almacenamiento (particiones). Un atacante potencial podr\u00eda utilizar esta ambig\u00fcedad en los nombres de usuario para obtener acceso a una cuenta diferente; sin embargo, el adversario debe conocer las credenciales. Este problema se solucion\u00f3 en las versiones 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
}
],
"id": "CVE-2022-23501",
"lastModified": "2024-11-21T06:48:41.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T08:15:10.490",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-09 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jw_calendar | jw_calendar | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jw_calendar:jw_calendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC81734F-8146-4744-9E97-E20C67110D19",
"versionEndIncluding": "1.3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n JW Calendario (jw_calendar) v1.3.20 y anteriores para TYPO3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-4953",
"lastModified": "2024-11-21T01:22:09.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-09T10:55:37.677",
"references": [
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61057"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joachim_ruhs | locator | * | |
| joachim_ruhs | locator | 1.0.6 | |
| joachim_ruhs | locator | 1.0.7 | |
| joachim_ruhs | locator | 1.1.0 | |
| joachim_ruhs | locator | 1.1.8 | |
| joachim_ruhs | locator | 1.2.6 | |
| joachim_ruhs | locator | 1.2.8 | |
| joachim_ruhs | locator | 2.9.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0E50B7-BFC5-4D67-BA22-DF468BE7DB14",
"versionEndIncluding": "2.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5ECFDF7-213D-4944-A0E6-8272652ADA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "913B844F-8AFC-4391-B79B-E196586B310C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A0290-0EEE-4813-93CA-BC60FC3C43D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "60134DFF-645C-4B84-8BD9-298BDEFF7319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0532E4-864F-4C49-8502-EA50ABB3B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B1127280-D4F7-4D98-996E-5E2273A6383D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D002E085-94EB-4F4C-A1D9-458D094FF411",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to \"Insecure Unserialize.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n Store Locator (locator) anterior a v 3.1.5 para TYPO3 tiene un impacto desconocido y vectores de ataque remotos, relacionado con \"Insecure Unserialize\"."
}
],
"id": "CVE-2013-5303",
"lastModified": "2024-11-21T01:57:16.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-16T17:55:09.480",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95967"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54350"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61606"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86233"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 21:15
Modified
2024-11-21 07:03
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "83732441-A020-4401-A274-067B95354BB6",
"versionEndExcluding": "9.5.35",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "272C6A8B-94DB-4A74-BB3A-24CD0486DFA7",
"versionEndExcluding": "10.4.29",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772D645D-5158-416C-BF2C-74E5E43EF1DC",
"versionEndExcluding": "11.5.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto. En versiones anteriores a 9.5.34 ELTS, 10.4.29 y 11.5.11, los contenidos enviados por los usuarios son usados sin ser codificados correctamente en los correos electr\u00f3nicos HTML enviados a los usuarios. Los componentes realmente afectados eran los clientes de correo usados para visualizar esos mensajes. TYPO3 versiones 9.5.34 ELTS, 10.4.29 y 11.5.11 contienen una correcci\u00f3n del problema"
}
],
"id": "CVE-2022-31049",
"lastModified": "2024-11-21T07:03:47.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T21:15:16.183",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thomas_loeffler | twittersearch | * | |
| thomas_loeffler | twittersearch | 0.0.1 | |
| thomas_loeffler | twittersearch | 0.0.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomas_loeffler:twittersearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "042272A0-063C-48B6-82A2-A67CC28B0C1B",
"versionEndIncluding": "0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_loeffler:twittersearch:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D82170-C03A-485C-9A67-856E07FABEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_loeffler:twittersearch:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB24E1D9-D2CF-4569-8318-DA4E0E1544B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la exti\u00f3n Twitter Search (twittersearch)anterior v0.1.1 para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4705",
"lastModified": "2024-11-21T01:10:15.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-15T21:30:00.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 00:15
Modified
2024-11-21 01:30
Severity ?
Summary
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10811F0A-7CE1-4190-81C6-4AE3CF9797E6",
"versionEndIncluding": "4.5.5",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
},
{
"lang": "es",
"value": "Se detect\u00f3 que Typo3 Core versiones 4.5.0 hasta 4.5.5 utiliza sentencias preparadas que, si los valores de los par\u00e1metros no se reemplazan apropiadamente, podr\u00edan generar una vulnerabilidad de Inyecci\u00f3n SQL. Este problema solo puede ser explotado si dos o m\u00e1s par\u00e1metros est\u00e1n vinculados a la consulta y al menos dos provienen desde la entrada del usuario."
}
],
"id": "CVE-2011-3583",
"lastModified": "2024-11-21T01:30:47.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T00:15:11.093",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-13 10:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| mirko_werner | mw_random_objects | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mirko_werner:mw_random_objects:*:*:*:*:*:*:*:*",
"matchCriteriaId": "183027A3-692F-427E-ADCC-0CD2FF315DD5",
"versionEndIncluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de SQL en la extensi\u00f3n Simple Random Objects (mw_random_objects) de TYPO3 en versiones anteriores a la 1.0.3, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6460",
"lastModified": "2024-11-21T00:56:35.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-13T10:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48277"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31254"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45261"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| sebastian_baumann | sb_folderdownload | * | |
| sebastian_baumann | sb_folderdownload | 0.1.1 | |
| sebastian_baumann | sb_folderdownload | 0.2.0 | |
| sebastian_baumann | sb_folderdownload | 0.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sebastian_baumann:sb_folderdownload:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDAD0E6-8DD3-4508-AD8B-B3589AF3F6AE",
"versionEndIncluding": "0.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sebastian_baumann:sb_folderdownload:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3053FBCE-211C-4E9B-A80F-381ECA987B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sebastian_baumann:sb_folderdownload:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8F6F29-0C0D-476B-8DE2-2AFA8842B9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sebastian_baumann:sb_folderdownload:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A648A8E6-EA8D-48A4-8736-268EDD0E9BDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n de TYPO3 \"SB Folderdownload\" (sb_folderdownload) v0.2.2 y anteriores permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2010-0325",
"lastModified": "2024-11-21T01:11:59.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:33
Severity ?
Summary
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netcreators | irfaq | * | |
| netcreators | irfaq | 1.0.1 | |
| netcreators | irfaq | 1.0.2 | |
| netcreators | irfaq | 1.1.0 | |
| netcreators | irfaq | 1.1.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netcreators:irfaq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BEE512-8A6E-497A-A1B7-93117AD342EA",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netcreators:irfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "600637DF-345E-43E5-8FE2-67E963A4261C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netcreators:irfaq:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB8DFE0-3255-4E63-BA1A-E827FD43BF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netcreators:irfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE0FAE-E687-4A63-9E8F-3DADB34F47A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netcreators:irfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE834341-54B2-46A0-B0DF-7532E4551698",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the \"return url parameter.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en la extensi\u00f3n Modern FAQ (irfaq) v1.1.2 y otras versiones anteriores a v1.1.4 para TYPO3, permite a atacantes remotos redirigir a usuarios a p\u00e1ginas web de su elecci\u00f3n y llevar a cabo ataques de phishing a trav\u00e9s de una URL, probablemente en el \"return url parameter.\""
}
],
"id": "CVE-2011-5079",
"lastModified": "2024-11-21T01:33:35.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:01.557",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78750"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47823"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/irfaq/1.1.4/info/ChangeLog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/irfaq/1.1.4/info/ChangeLog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51845"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rastislav_birka | cs2_unitconv | 1.0.4 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rastislav_birka:cs2_unitconv:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD85DF1D-400C-44BD-89EE-3B725E7DCFDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados(XSS) en la extensi\u00f3n de TYPO3 de convertidor de unidades (cs2_unitconv) v1.0.4 permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0328",
"lastModified": "2024-11-21T01:11:59.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-15T19:30:00.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38166"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-20 03:39
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| markus_blaschke | tq_seo | * | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:markus_blaschke:tq_seo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF715BBA-1ED7-484F-BFA0-25F19A03D97A",
"versionEndIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF (Cross-site request forgery) en la extensi\u00f3n TEQneers SEO Enhancements (tq_seo) anterior a v5.0.1 para TYPO3 permite a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas mediante vectores desconocidos."
}
],
"id": "CVE-2013-4871",
"lastModified": "2024-11-21T01:56:36.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-20T03:39:01.863",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93816"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53634"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/tq_seo"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/60274"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/tq_seo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 02:15
Modified
2024-11-21 05:48
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch | Third Party Advisory | |
| security-advisories@github.com | https://packagist.org/packages/typo3/cms-core | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2021-006 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packagist.org/packages/typo3/cms-core | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2021-006 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E257D831-1E13-4091-B658-176CBD37B426",
"versionEndExcluding": "6.2.57",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "518930A7-E255-4A56-B76B-1C978A236856",
"versionEndExcluding": "7.6.51",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10B90F0-DA5C-4A80-BD4F-124B6C82CE8B",
"versionEndExcluding": "8.7.40",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB3125B-114D-4991-BD60-9535D97DD348",
"versionEndExcluding": "9.5.25",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C031A87F-5A82-48F8-AB02-FED0CDFE08A2",
"versionEndExcluding": "10.4.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F696292E-3CC6-416B-9F99-6C1287B1D78D",
"versionEndExcluding": "11.1.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En TYPO3 versiones anteriores 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 los identificadores de sesi\u00f3n de usuario se almacenaban en texto claro - sin procesar algoritmos de hash criptogr\u00e1ficos adicionales. Esta vulnerabilidad no puede ser explotada directamente y ocurre en combinaci\u00f3n con un ataque encadenado - como por ejemplo la inyecci\u00f3n SQL en cualquier otro componente del sistema. Esto se ha corregido en las versiones 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1"
}
],
"id": "CVE-2021-21339",
"lastModified": "2024-11-21T05:48:03.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T02:15:12.453",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tim_lochmueller | mydashboard | * | |
| tim_lochmueller | mydashboard | 0.0.5 | |
| tim_lochmueller | mydashboard | 0.0.6 | |
| tim_lochmueller | mydashboard | 0.0.7 | |
| tim_lochmueller | mydashboard | 0.0.8 | |
| tim_lochmueller | mydashboard | 0.0.9 | |
| tim_lochmueller | mydashboard | 0.0.10 | |
| tim_lochmueller | mydashboard | 0.1.0 | |
| tim_lochmueller | mydashboard | 0.1.1 | |
| tim_lochmueller | mydashboard | 0.1.2 | |
| tim_lochmueller | mydashboard | 0.1.3 | |
| tim_lochmueller | mydashboard | 0.1.4 | |
| tim_lochmueller | mydashboard | 0.1.5 | |
| tim_lochmueller | mydashboard | 0.1.6 | |
| tim_lochmueller | mydashboard | 0.1.7 | |
| tim_lochmueller | mydashboard | 0.1.8 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6152D697-AD4A-43C0-95E4-8182F1390473",
"versionEndIncluding": "0.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5C15E626-9621-4442-B083-F98CA0703B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB9FCF9-7403-478F-8F68-F2A31C0BD3D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C60B6E7A-9592-4E56-9CCB-7037A81DE629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49E2EEDE-3205-435B-A6B1-8B2143C3B0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C57EF453-118F-4889-B3FF-6FB9884FE217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "72A1C43E-CB13-4C1B-BD2E-F8FDE0D5B76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25915C02-7E6A-4B72-A113-099D7BF7B1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1FDF9B-BB2D-4CF4-992D-91B33AEA649E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C909693F-0802-47E8-BC44-E39F623CDD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7D5BE2-5FC0-4461-9D1C-6A39A5F22F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF2E4DC-516F-47E6-86B1-34D91E244E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD8F187-9B4A-49E4-8FB4-03CB2888B238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E39A3BC9-03A8-4F05-9C1D-2B9B2D992931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E66B5D0A-0476-486D-99EA-83D326DE9B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller:mydashboard:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A566A6AB-3959-4736-8294-0E80427C1999",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n myDashboard (mydashboard) v0.1.13 y anteriores para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1011",
"lastModified": "2024-11-21T01:13:25.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-19T19:00:00.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38795"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 14:43
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thomas_waggershauser | air_lexicon | 0.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomas_waggershauser:air_lexicon:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "392E8275-ECCD-4486-833E-61BC2F541844",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n AIRware Lexicon (air_lexicon) v0.0.1 de TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores desconocidos."
}
],
"id": "CVE-2009-4965",
"lastModified": "2024-11-21T01:10:52.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-28T14:43:41.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36130"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claus_due:sysutils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28521C33-1177-4591-AD16-D527982EDC8F",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claus_due:sysutils:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81A4722B-BAA9-40AA-8637-BEB9DFE0CC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claus_due:sysutils:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD5B26E-7E61-4C95-9043-4514E2AED7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claus_due:sysutils:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3E0EE9-F6F5-44D1-990A-647707924477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claus_due:sysutils:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C88BC58-FD47-45E1-91FC-F5587606895F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper \"protection\" of the \"backup output directory.\""
},
{
"lang": "es",
"value": "La extensi\u00f3n System Utilities (sysutils) v1.0.3 y anteriores para TYPO3, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados relacionados con la \"protecci\u00f3n\" impropia del \"directorio de salida de copia de seguridad\""
}
],
"id": "CVE-2012-1078",
"lastModified": "2024-11-21T01:36:21.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T17:55:03.117",
"references": [
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/sysutils/1.0.4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/78791"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51844"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/sysutils/1.0.4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/78791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72964"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 22:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3665 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3665 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a 4.1.14, versiones 4.2.x anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3n 4.4.1, permite un ataque de tipo XSS en el Extension Manager."
}
],
"id": "CVE-2010-3665",
"lastModified": "2024-11-21T01:19:20.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T22:15:10.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3665"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jochen_rieger | car | 0.1.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jochen_rieger:car:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C06070A8-D7F5-4AD3-BF12-3632436D2179",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Car (car) v0.1.1 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a trav\u00e9s de vectores inespec\u00edficos."
}
],
"id": "CVE-2009-4390",
"lastModified": "2024-11-21T01:09:31.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-22T23:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 10:55
Modified
2024-11-21 01:21
Severity ?
Summary
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| marco_hezel | hm_tinymarket | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:marco_hezel:hm_tinymarket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03643EE2-BE0C-4742-BEE4-3809F408F984",
"versionEndIncluding": "0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Tiny Market (hm_tinymarket) v0.5.4 y anteriores para TYPO3, permite a atacantes remotos ejecutar secuencias SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-4888",
"lastModified": "2024-11-21T01:21:59.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-07T10:55:09.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| markus_barchfeld | pm_tour | * | |
| markus_barchfeld | pm_tour | 0.0.7 | |
| markus_barchfeld | pm_tour | 0.0.8 | |
| markus_barchfeld | pm_tour | 0.0.10 | |
| markus_barchfeld | pm_tour | 0.0.11 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:markus_barchfeld:pm_tour:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF12972C-96CA-4E5E-B68A-625DB52085DF",
"versionEndIncluding": "0.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:markus_barchfeld:pm_tour:0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "65FB3CFD-439F-47D6-A460-A36104FB5C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:markus_barchfeld:pm_tour:0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5692D5D5-AF0C-48AF-80A0-6B5EBCB1E312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:markus_barchfeld:pm_tour:0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "495883BF-D05D-467B-B005-CA97025BCDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:markus_barchfeld:pm_tour:0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4B894D85-1814-44E3-91A2-D553ABBEB6CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Tour Extension (pm_tour) anterior a la v0.0.13 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4702",
"lastModified": "2024-11-21T01:10:15.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-15T21:30:00.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-16 22:41
Modified
2024-11-21 00:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.0.8 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F271C6-B5A7-4B06-A3DF-4C7F74090CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en fe_adminlib.inc de TYPO3 4.0.x antes de 4.0.9, 4.1.x antes de 4.1.7 y 4.2.x antes de 4.2.1, del modo que se utiliza en extensiones como (1) direct_mail_subscription, (2) feuser_admin y (3) kb_md5fepw, permite a atacantes remotos inyectar scripts web o HTMl de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2008-2718",
"lastModified": "2024-11-21T00:47:32.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-16T22:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30619"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30660"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3945"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42986"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | tjs_reslib | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:tjs_reslib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEAF2A54-0F7E-4FE9-A935-8934D10C2907",
"versionEndIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Resource Library (tjs_reslib) v0.1.0 y anteriores (extensi\u00f3n de TYPO3), permite a usuarios remotos inyectar de forma arbitraria secuencias de comandos web o HTML a trav\u00e9s vectores no especificados.\r\n"
}
],
"id": "CVE-2008-6699",
"lastModified": "2024-11-21T00:57:14.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-10T22:00:00.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46393"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29832"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43211"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-20 18:14
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| stanislas_rolland | static_info_tables | * | |
| stanislas_rolland | static_info_tables | 1.0.0 | |
| stanislas_rolland | static_info_tables | 1.1.0 | |
| stanislas_rolland | static_info_tables | 1.1.1 | |
| stanislas_rolland | static_info_tables | 1.2.0 | |
| stanislas_rolland | static_info_tables | 1.3.0 | |
| stanislas_rolland | static_info_tables | 1.4.0 | |
| stanislas_rolland | static_info_tables | 1.5.0 | |
| stanislas_rolland | static_info_tables | 1.6.0 | |
| stanislas_rolland | static_info_tables | 1.7.0 | |
| stanislas_rolland | static_info_tables | 1.8.0 | |
| stanislas_rolland | static_info_tables | 2.0.0 | |
| stanislas_rolland | static_info_tables | 2.0.1 | |
| stanislas_rolland | static_info_tables | 2.0.2 | |
| stanislas_rolland | static_info_tables | 2.0.3 | |
| stanislas_rolland | static_info_tables | 2.0.4 | |
| stanislas_rolland | static_info_tables | 2.0.5 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A40C37E-8627-4477-980F-7276BBE4E48D",
"versionEndIncluding": "2.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "274606A8-662F-47AC-BE67-E6EDC77FC305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE34E209-ACA2-43AD-A271-DCDF32E04732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19585106-0895-44F9-B54E-9DF72C8AB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "186B5DA6-64C9-4E9B-81E2-F96B150FDE17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDCDBB6-D6DB-4BF0-9B7B-302056FDE308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85A428D2-C3B2-4A73-9933-F356FE42D8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E9D413-0D9F-4E7A-86C8-96D83663899B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BAB8C3-D3B2-4522-854B-1F8DCB8FA6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "846DF553-160A-413B-B0B7-B96077DFA255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE847B59-CCDB-484A-9143-7F6F689C54C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7490679-5D90-4DAE-8641-D430D2AD75ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF1F260-BB6F-4123-ABCB-C82C8099ACCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "094A972B-9F5E-4633-8FB1-5AC88BEFDD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4046872E-5FA8-4D87-9A0D-F78C762B85B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01CDD1BE-174E-433E-8BCF-A9EEAEE4BEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:static_info_tables:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7A459A-A56A-49B5-9DCE-85D208A63E83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en la extensi\u00f3n Static Info Tables (static_info_tables) anterior a 2.3.1 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-5323",
"lastModified": "2024-11-21T01:57:18.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-20T18:14:14.317",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90414"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52283"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/static_info_tables"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-004/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/58056"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/static_info_tables"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-05 18:15
Modified
2024-11-21 06:25
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54DC43E2-9C78-41CE-8072-398F5938E27D",
"versionEndExcluding": "11.5.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS[\u0027TYPO3_CONF_VARS\u0027][\u0027SYS\u0027][\u0027trustedHostsPattern\u0027] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP y publicado bajo la licencia GNU GPL. Se ha detectado que el CMS TYPO3 es susceptible a la suplantaci\u00f3n de host debido a una comprobaci\u00f3n inapropiada del encabezado HTTP Host. TYPO3 usa el encabezado HTTP Host, por ejemplo, para generar URLs absolutas durante el proceso de renderizaci\u00f3n del frontend. Dado que el propio encabezado de host es proporcionado por el cliente, puede ser falsificado a cualquier valor, incluso en un entorno de hosts virtuales basados en nombres. Esta vulnerabilidad es la misma que se describe en TYPO3-CORE-SA-2014-001 (CVE-2014-3941). Una regresi\u00f3n, introducida durante el desarrollo de TYPO3 v11, conllev\u00f3 a esta situaci\u00f3n. El ajuste ya presente $GLOBALS[\"TYPO3_CONF_VARS\"][\"SYS\"][\"trustedHostsPattern\"] (usado como una estrategia de mitigaci\u00f3n eficaz en las versiones anteriores de TYPO3) ya no es evaluado, y reintrodujo la vulnerabilidad"
}
],
"id": "CVE-2021-41114",
"lastModified": "2024-11-21T06:25:29.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-05T18:15:08.293",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-015"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-644"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-01 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.5.19 | |
| typo3 | typo3 | 4.5.20 | |
| typo3 | typo3 | 4.6 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.6.8 | |
| typo3 | typo3 | 4.6.9 | |
| typo3 | typo3 | 4.6.10 | |
| typo3 | typo3 | 4.6.11 | |
| typo3 | typo3 | 4.6.12 | |
| typo3 | typo3 | 4.6.13 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 | |
| typo3 | typo3 | 4.7.4 | |
| typo3 | typo3 | 4.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo BackEnd History en TYPO3 4.5.x anterior a 4.5.21, 4.6.x anterior a 4.6.14, y 4.7.x anterior a 4.7.6, permite a usuarios del backend autenticados remotamente inyectar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-6144",
"lastModified": "2024-11-21T01:45:54.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-01T21:55:01.630",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/87115"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79964"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| stephan_vits | mf_subscription | 0.2.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stephan_vits:mf_subscription:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C5BDA9-1A8A-4709-8902-2D91074819E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n \u0027Suscription\u0027 (mf_subscription) v0.2.2 de TYPO3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-4339",
"lastModified": "2024-11-21T01:09:24.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-17T17:30:00.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54782"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 08:15
Modified
2024-11-21 06:48
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D362D0-52EC-4A95-B01D-EF310ADD8C4F",
"versionEndExcluding": "9.5.38",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FC0F47-4C30-4162-8A7E-3C427D1C3596",
"versionEndExcluding": "10.4.33",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED21674D-027A-4DDC-AAD5-B7D58B309171",
"versionEndExcluding": "11.5.20",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web basado en PHP de c\u00f3digo abierto. En versiones anteriores a 9.5.38, 10.4.33, 11.5.20 y 12.1.1, la solicitud de recursos no v\u00e1lidos o inexistentes a trav\u00e9s de HTTP activa el controlador de errores de p\u00e1gina, que nuevamente podr\u00eda recuperar contenido que se mostrar\u00e1 como un mensaje de error de otro p\u00e1gina. Esto conduce a un escenario en el que la aplicaci\u00f3n se llama a s\u00ed misma de forma recursiva, amplificando el impacto del ataque inicial hasta que se exceden los l\u00edmites del servidor web. Esta vulnerabilidad es muy similar, pero no id\u00e9ntica, a la descrita en CVE-2021-21359. Este problema se solucion\u00f3 en las versiones 9.5.38 ELTS, 10.4.33, 11.5.20 o 12.1.1."
}
],
"id": "CVE-2022-23500",
"lastModified": "2024-11-21T06:48:41.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T08:15:09.427",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 23:15
Modified
2024-11-21 09:00
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27B5B1C-F807-411B-BCA1-112C85BDC3E5",
"versionEndExcluding": "8.7.57",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F52D81-C2B7-4AFE-A99E-7E40E0751082",
"versionEndExcluding": "9.5.46",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF72A1A-60DD-4588-8E90-B5D6D84854A9",
"versionEndExcluding": "10.4.43",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE0085D-3BA8-4076-BAB0-04BBB118A78D",
"versionEndExcluding": "11.5.35",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D518ED7-F1C8-4836-B3D8-4D228A48F314",
"versionEndExcluding": "12.4.11",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E20E3F5E-8C2B-4AC1-A3E3-B428710A5480",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenido web basado en PHP de c\u00f3digo abierto publicado bajo GNU GPL. Los hashes de contrase\u00f1as se reflejaban en los formularios de edici\u00f3n de la interfaz de usuario del backend de TYPO3. Esto permiti\u00f3 a los atacantes descifrar la contrase\u00f1a en texto plano utilizando t\u00e9cnicas de fuerza bruta. Para explotar esta vulnerabilidad se requiere una cuenta de usuario backend v\u00e1lida. Se recomienda a los usuarios actualizar a las versiones 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 de TYPO3 que solucionan el problema descrito. No se conocen workarounds para este problema."
}
],
"id": "CVE-2024-25118",
"lastModified": "2024-11-21T09:00:17.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T23:15:08.417",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-003"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-30 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.2.15 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.3.7 | |
| typo3 | typo3 | 4.3.8 | |
| typo3 | typo3 | 4.4.0 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60F86FA-B7D3-4BE5-82F2-05F2A5F5663D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php."
},
{
"lang": "es",
"value": "La funcionalidad fileDenyPattern en la API de protecci\u00f3n de inclusi\u00f3n de archivos en TYPO3 v4.2.x antes de v4.2.16, v4.3.x antes de v4.3.9, y 4.4.x antes v4.4.5, no filtra correctamente los tipos de archivos, lo que permite a atacantes remotos evitar restricciones de acceso y acceder a archivos arbitrarios de PHP, como se ha demostrado utilizando secuencias de rutas transversales con bytes nulos 00% y CVE-2010-3714 para leer la clave de cifrado TYPO3 de localconf.php."
}
],
"id": "CVE-2010-5099",
"lastModified": "2024-11-21T01:22:30.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-30T20:55:02.847",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-17 17:30
Modified
2024-11-21 01:04
Severity ?
Summary
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| steve_grundell | frontend_mp3_player | 0.2.0 | |
| steve_grundell | frontend_mp3_player | 0.2.1 | |
| steve_grundell | frontend_mp3_player | 0.2.2 | |
| typo3 | typo3 | 3.5 | |
| typo3 | typo3 | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:steve_grundell:frontend_mp3_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A70D73BB-7A7B-44C2-82F8-50D4C41443BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_grundell:frontend_mp3_player:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAD0485-A833-4D18-929B-FF4C5B45C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_grundell:frontend_mp3_player:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF7258B-D6BD-4737-AD08-8E39CEF050D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C553D36B-B446-4D63-B37F-FA32D1E5A524",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Frontend MP3 Player (fe_mp3player) v0.2.3 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-2103",
"lastModified": "2024-11-21T01:04:08.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-17T17:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55123"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35484"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35394"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-01 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.5.19 | |
| typo3 | typo3 | 4.5.20 | |
| typo3 | typo3 | 4.6 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.6.8 | |
| typo3 | typo3 | 4.6.9 | |
| typo3 | typo3 | 4.6.10 | |
| typo3 | typo3 | 4.6.11 | |
| typo3 | typo3 | 4.6.12 | |
| typo3 | typo3 | 4.6.13 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 | |
| typo3 | typo3 | 4.7.4 | |
| typo3 | typo3 | 4.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en la funci\u00f3n menu API en TYPO3 4.5.x anterior a 4.5.21, 4.6.x anterior a 4.6.14, y 4.7.x anterior a 4.7.6, permite a usuarios del backend autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-6148",
"lastModified": "2024-11-21T01:45:55.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-01T21:55:01.730",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/87114"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79968"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2024-11-21 02:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 6.2 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.1 | |
| typo3 | typo3 | 6.2.2 | |
| typo3 | typo3 | 6.2.3 | |
| typo3 | typo3 | 6.2.4 | |
| typo3 | typo3 | 6.2.5 | |
| typo3 | typo3 | 6.2.6 | |
| typo3 | typo3 | 6.2.7 | |
| typo3 | typo3 | 6.2.8 | |
| typo3 | typo3 | 6.2.9 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.11 | |
| typo3 | typo3 | 6.2.12 | |
| typo3 | typo3 | 6.2.13 | |
| typo3 | typo3 | 6.2.14 | |
| typo3 | typo3 | 6.2.15 | |
| typo3 | typo3 | 7.0.0 | |
| typo3 | typo3 | 7.0.2 | |
| typo3 | typo3 | 7.1.0 | |
| typo3 | typo3 | 7.2.0 | |
| typo3 | typo3 | 7.3.0 | |
| typo3 | typo3 | 7.3.1 | |
| typo3 | typo3 | 7.4.0 | |
| typo3 | typo3 | 7.5.0 | |
| typo3 | typo3 | 7.6.0 | |
| typo3 | typo3 | 7.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "29602159-5C1E-4C5A-9E4C-F3183D3EA8A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52CC6148-48F9-4532-96D3-8C6D82B8B815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E501EDED-B7DC-4D00-9DAF-862BC8C14C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F67C62FD-A683-43F3-BF0E-D368617B194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8CCC09EC-CB2C-466A-BD71-4DD2C34288B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82F45E35-4731-4527-861F-3999ABED94B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "FC154041-5B1B-484C-8EF8-9EBC73A9FF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36E925BE-8D4F-49FE-90EF-68C1DE776107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DA0AF154-CC16-4536-B120-A9040CE92394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "313D0192-8849-4DA1-820E-28E2FC4E37C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "265DCFF8-2EC5-49EA-8D06-1956F3109F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D8FB68B-E4E8-4501-94F6-2922781D8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEAA4-B0D8-4B5B-8958-173245F55134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E806A38-C603-4916-93E2-FE43062B09C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB5B78-0AD1-4259-8537-058D888B30B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7E6FD-99D0-4F48-B5DF-0EFD4C05079D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21217A49-637C-4F60-B8F8-8699E71D6BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC254112-3695-422E-BD5B-B5E65F61B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58A72CC1-1BCE-415C-9816-AD34C14E36FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237EEDFE-DFB0-4D6E-BAA6-7A374A384CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26264C04-D8E1-4780-97C3-13F287ECF11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B89766D-2E3C-4CE9-92ED-8E5A8FF71D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3392C868-FFD8-4B00-ADD2-02CCCAEC5EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F859F4-E3EE-4C2D-A618-6E49769A1610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7F660D-7C1E-43AA-B185-40309788F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C022973-D06B-4CEF-87BF-3C016AAD4770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36A63F3A-DC95-49FF-B6AC-FD98F8499905",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funci\u00f3n typoLink en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un campo link."
}
],
"id": "CVE-2015-8759",
"lastModified": "2024-11-21T02:39:07.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T19:59:25.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-31 11:30
Modified
2024-11-21 00:54
Severity ?
Summary
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | advcalendar_extension | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:advcalendar_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "790B223A-62F6-4989-8817-19C9885A2A02",
"versionEndIncluding": "0.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n advCalendar v0.3.1 y anteriores en TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2008-5797",
"lastModified": "2024-11-21T00:54:55.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-31T11:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32230"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46469"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | bb_simplejobs | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:bb_simplejobs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAB14BB-327F-4B40-AD63-AE5EED0F9040",
"versionEndIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 \"BB Simple Jobs\" (bb_simplejobs) v0.1.0 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0341",
"lastModified": "2024-11-21T01:12:01.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:01.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joachim_ruhs | locator | * | |
| joachim_ruhs | locator | 1.0.6 | |
| joachim_ruhs | locator | 1.0.7 | |
| joachim_ruhs | locator | 1.1.0 | |
| joachim_ruhs | locator | 1.1.8 | |
| joachim_ruhs | locator | 1.2.6 | |
| joachim_ruhs | locator | 1.2.8 | |
| joachim_ruhs | locator | 2.9.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0E50B7-BFC5-4D67-BA22-DF468BE7DB14",
"versionEndIncluding": "2.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5ECFDF7-213D-4944-A0E6-8272652ADA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "913B844F-8AFC-4391-B79B-E196586B310C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A0290-0EEE-4813-93CA-BC60FC3C43D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "60134DFF-645C-4B84-8BD9-298BDEFF7319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0532E4-864F-4C49-8502-EA50ABB3B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B1127280-D4F7-4D98-996E-5E2273A6383D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D002E085-94EB-4F4C-A1D9-458D094FF411",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en la extensi\u00f3n Store Locator (locator) anterior a v3.1.5 para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos."
}
],
"id": "CVE-2013-5305",
"lastModified": "2024-11-21T01:57:16.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-16T17:55:09.577",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95961"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54350"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61606"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86231"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tobias_sommer | zid_linklist | 1.0.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tobias_sommer:zid_linklist:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4EA75E-618D-4222-A353-066AB6D54CC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la extensi\u00f3n ZID Linkliste (zid_linklist) v1.0.0 para TYPO3 permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4344",
"lastModified": "2024-11-21T01:09:24.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-17T17:30:00.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54789"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mischa_heimann | yatse | * | |
| mischa_heimann | yatse | 0.1.0 | |
| mischa_heimann | yatse | 0.1.1 | |
| mischa_heimann | yatse | 0.2.0 | |
| mischa_heimann | yatse | 0.3.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F14F48-E60F-4272-BABA-6C1713A9D570",
"versionEndIncluding": "0.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FEEFF0-3DAE-4341-BC57-D7892B4B299A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07AEA64D-90F3-4FA3-AAFF-7576881CBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BC5038-053C-468E-92B0-DB9076CA2C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37818F8A-11D7-4ADA-91BF-72E166E19316",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Yet another TYPO3 search engine (YATSE) anterior a v0.3.2 y anteriores para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1005",
"lastModified": "2024-11-21T01:13:24.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-19T19:00:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38808"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 20:15
Modified
2024-11-21 08:29
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:html_sanitizer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFA3BD7-BF85-4D4F-B426-C5A97411A84A",
"versionEndExcluding": "1.5.3",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:html_sanitizer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99D32398-FC27-42F1-ABC1-146567AA7769",
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "AD741CFE-BBE7-41AB-912B-6BB5A1CFD867",
"versionEndExcluding": "8.7.55",
"versionStartIncluding": "8.7.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "47F42BD3-0D7E-41D1-80D8-FB1B9CF30481",
"versionEndExcluding": "9.5.44",
"versionStartIncluding": "9.5.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "9ACC1D13-0C81-4ECF-B733-AAD45BF271D8",
"versionEndExcluding": "10.4.41",
"versionStartIncluding": "10.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB261F6-8F92-4313-8CA6-D77E18E2D125",
"versionEndExcluding": "11.5.33",
"versionStartIncluding": "11.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B21F62-A105-487E-B52A-0E7501A4ADEA",
"versionEndExcluding": "12.4.8",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenido web basado en PHP de c\u00f3digo abierto publicado bajo GNU GPL. En las versiones afectadas, las instrucciones de procesamiento DOM no se manejan correctamente. Esto permite evitar el mecanismo de Cross-Site Scripting de typo3/html-sanitizer. Esta vulnerabilidad se ha solucionado en las versiones 1.5.3 y 2.1.4. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-47125",
"lastModified": "2024-11-21T08:29:49.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T20:15:07.837",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-007"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.6 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.6.8 | |
| typo3 | typo3 | 4.6.9 | |
| typo3 | typo3 | 4.6.10 | |
| typo3 | typo3 | 4.6.11 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo de configuraci\u00f3n en el backend de TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4 permite a usuarios remotos autenticados obtener la clave de cifrado a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-3529",
"lastModified": "2024-11-21T01:41:04.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T23:55:02.100",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/84775"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50287"
},
{
"source": "secalert@redhat.com",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/84775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-13 10:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| dieter_mayer | fe_address_edit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dieter_mayer:fe_address_edit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "382D62D8-480C-45EC-BD5B-E4D303284329",
"versionEndIncluding": "0.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the FE address edit for tt_address \u0026 direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de SQL en la extensi\u00f3n FE address edit para tt_address \u0026 direct mail (dmaddredit) para TYPO3 antes de la versi\u00f3n 0.4.0 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6458",
"lastModified": "2024-11-21T00:56:35.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-13T10:30:00.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48274"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31259"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45257"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en TYPO3 versiones anteriores a la versi\u00f3n 4.3.12, versiones 4.4.x anteriores a la versi\u00f3n 4.4.9 y versiones 4.5.x anteriores a 4.5.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de la funci\u00f3n RemoveXSS."
}
],
"id": "CVE-2011-4903",
"lastModified": "2024-11-21T01:33:16.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:11.330",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4903"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:aeurltool:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E11BEC8-DC05-4BB8-BB20-F709AB0D66E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilida de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n UrlTool (aeurltool) v0.1.0 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1086",
"lastModified": "2024-11-21T01:36:23.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:03.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78801"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51855"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 23:15
Modified
2024-11-21 09:00
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27B5B1C-F807-411B-BCA1-112C85BDC3E5",
"versionEndExcluding": "8.7.57",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F52D81-C2B7-4AFE-A99E-7E40E0751082",
"versionEndExcluding": "9.5.46",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF72A1A-60DD-4588-8E90-B5D6D84854A9",
"versionEndExcluding": "10.4.43",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE0085D-3BA8-4076-BAB0-04BBB118A78D",
"versionEndExcluding": "11.5.35",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D518ED7-F1C8-4836-B3D8-4D228A48F314",
"versionEndExcluding": "12.4.11",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E20E3F5E-8C2B-4AC1-A3E3-B428710A5480",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users\u0027 permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenido web basado en PHP de c\u00f3digo abierto publicado bajo GNU GPL. El esquema de URI `t3://` espec\u00edfico de TYPO3 podr\u00eda usarse para acceder a recursos fuera del alcance del permiso de los usuarios. Esto abarcaba archivos, carpetas, p\u00e1ginas y registros (aunque s\u00f3lo si se proporcionaba una configuraci\u00f3n v\u00e1lida de manejo de enlaces). Para explotar esta vulnerabilidad se requiere una cuenta de usuario backend v\u00e1lida. Se recomienda a los usuarios actualizar a las versiones 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 de TYPO3 que solucionan el problema descrito. No se conocen workarounds para este problema."
}
],
"id": "CVE-2024-25120",
"lastModified": "2024-11-21T09:00:17.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T23:15:08.867",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-005"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2024-11-21 01:07
Severity ?
Summary
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9297C028-4875-4370-8A47-E5BB4DC04A20",
"versionEndIncluding": "4.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8B51D2-B985-405E-8D87-1572D5096F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AB9DE7-3AB0-4B5B-9825-486111386852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D954FE3D-B766-4D39-B0CA-31A24EDB362C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE3831-400B-4974-9C69-6787CF03433A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "66333A00-5D7D-4467-9495-79D715EBAB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "71E7C6DF-C63B-4B16-9107-3C15490951D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEAD468-F39F-4B92-9ABD-F43C636B1145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6154F853-6DAF-4A34-8019-CB5BA87CCA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67CF0EA5-E984-40BE-BA90-1C85568A0525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "395C04FB-3390-4E97-B2F1-BEF9C42F15E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "349BDDAD-35AE-44B6-9623-1ABAAFA16D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C553D36B-B446-4D63-B37F-FA32D1E5A524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "33152254-3B0B-4413-90F3-72A8B1ADDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*",
"matchCriteriaId": "78413B61-AAB7-485D-BD24-C8A6D7631281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B002D-18FD-4C6A-97C0-AA9C83ABD382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3885B69F-B9C0-488F-8775-E8E801418E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EAF89-59F9-4D06-A7AE-175816BB7E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3390E31-A149-4D83-94D2-63AF63D02A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF63F45-3E42-4DD6-ABD3-BA67D04C8A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "231CD899-2DC5-42CD-A4F9-4D00C2C11159",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename."
},
{
"lang": "es",
"value": "El subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2, cuando la extensi\u00f3n DAM o la subida por ftp est\u00e1 activada, permite a usuarios autenticados remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s metacaracteres de shell en un nombre de fichero."
}
],
"id": "CVE-2009-3631",
"lastModified": "2024-11-21T01:07:50.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-02T15:30:00.670",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53923"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:ws_ecard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612CBF68-93DD-48FE-A865-B5FE936E2A99",
"versionEndIncluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n Webesse E-Card (ws_ecard) v1.0.2 y anteriores para TYPO3 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no conocidos."
}
],
"id": "CVE-2009-4704",
"lastModified": "2024-11-21T01:10:15.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-15T21:30:00.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| serge_gebhardt | dir_listing | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:serge_gebhardt:dir_listing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98DBFF1F-F8B1-4827-8766-BBDC8C2D4637",
"versionEndIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la extensi\u00f3n Directory Listing (dir_listing) v1.1.0 y anteriores para TYPO3, permite a atacantes remotos tener un impacto no especificado mediante vectores desconocidos."
}
],
"id": "CVE-2009-4952",
"lastModified": "2024-11-21T01:10:51.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-22T18:30:02.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wapplersystems | ws_stats | * | |
| wapplersystems | ws_stats | 0.0.13 | |
| wapplersystems | ws_stats | 0.0.15 | |
| wapplersystems | ws_stats | 0.1.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wapplersystems:ws_stats:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD2766B-5A41-41DC-A357-260128A212C8",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wapplersystems:ws_stats:0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2629C0C-681B-45EF-B37C-CE5F38EB6FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wapplersystems:ws_stats:0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BA0C34B9-BFAD-4008-BFE8-0EE41F2D753C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wapplersystems:ws_stats:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38F362A3-9104-4817-9C47-5CD1059253BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Visitor Tracking (ws_stats) en versiones anteriores a la 0.1.2 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4956",
"lastModified": "2024-11-21T01:10:51.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-22T18:30:03.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ws_stats/0.1.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ws_stats/0.1.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-05 02:30
Modified
2024-11-21 01:00
Severity ?
Summary
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 3.3.x | |
| typo3 | typo3 | 3.5.x | |
| typo3 | typo3 | 3.6.x | |
| typo3 | typo3 | 3.7.x | |
| typo3 | typo3 | 3.8.x | |
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.1.7 | |
| typo3 | typo3 | 4.1.8 | |
| typo3 | typo3 | 4.1.9 | |
| typo3 | typo3 | 4.2 | |
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "349BDDAD-35AE-44B6-9623-1ABAAFA16D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "33152254-3B0B-4413-90F3-72A8B1ADDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*",
"matchCriteriaId": "78413B61-AAB7-485D-BD24-C8A6D7631281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EAF89-59F9-4D06-A7AE-175816BB7E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF63F45-3E42-4DD6-ABD3-BA67D04C8A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F271C6-B5A7-4B06-A3DF-4C7F74090CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "231CD899-2DC5-42CD-A4F9-4D00C2C11159",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request."
},
{
"lang": "es",
"value": "El mecanismo jumpUrl en la biblioteca class.tslib_fe.php en TYPO3 versi\u00f3n 3.3.x hasta 3.8.x, versi\u00f3n 4.0 anterior a 4.0.12, versi\u00f3n 4.1 anterior a 4.1.10, versi\u00f3n 4.2 anterior a 4.2.6 y versi\u00f3n 4.3alpha1, filtra un hash secreto (juHash) en un mensaje de error, que permite a los atacantes remotos leer archivos arbitrarios mediante la inclusi\u00f3n del hash en una petici\u00f3n."
}
],
"id": "CVE-2009-0815",
"lastModified": "2024-11-21T01:00:58.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-05T02:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021710"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | vm19_userlinks | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:vm19_userlinks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56486742-9785-4710-98C4-8BB53DE897B7",
"versionEndIncluding": "0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 de Enlaces de Usuario (vm19_userlinks) v0.1.1 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0339",
"lastModified": "2024-11-21T01:12:01.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 23:55
Modified
2024-11-21 02:00
Severity ?
Summary
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters."
},
{
"lang": "es",
"value": "El componente Content Editing Wizards para TYPO3 v4.5.0 hasta v4.5.31, v4.7.0 hasta v4.7.16, v6.0.0 hasta v6.0.11, y v6.1.0 hasta v6.1.6 no comprueba los permisos, lo que permite a los editores remotos autenticados leer columnas de tablas de TYPO3 arbitrarias a trav\u00e9s de par\u00e1metros no especificados."
}
],
"id": "CVE-2013-7073",
"lastModified": "2024-11-21T02:00:17.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T23:55:04.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 23:55
Modified
2024-11-21 02:00
Severity ?
Summary
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors."
},
{
"lang": "es",
"value": "El (antiguo) componente Form Content Element en TYPO3 4.5.0 a 4.5.31, 4.7.0 a 4.7.16, 6.0.0 a 6.0.11, y 6.1.0 a 6.1.6 permite a editores autenticados remotamente generar firmas HMAC arbitrarias y sortear restricciones de acceso intencionadas a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-7081",
"lastModified": "2024-11-21T02:00:18.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T23:55:04.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-05 18:15
Modified
2024-11-21 06:25
Severity ?
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw | Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2020-006 | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2020-006 | Not Applicable, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16CF44C2-38C2-4BA2-B062-C9569D761DAA",
"versionEndExcluding": "11.5.0",
"versionStartIncluding": "11.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP y publicado bajo la licencia GNU GPL. Se ha detectado que la nueva funci\u00f3n de TYPO3 versi\u00f3n v11 que permite a usuarios crear y compartir enlaces profundos en la interfaz de usuario del backend es vulnerable a un ataque de tipo cross-site-request-forgery. El impacto es el mismo que se describe en TYPO3-CORE-SA-2020-006 (CVE-2020-11069). Sin embargo, no se limita al mismo contexto del sitio y no requiere que el atacante est\u00e9 autenticado. En el peor de los casos, el atacante podr\u00eda crear una nueva cuenta de usuario administrador para comprometer el sistema. Para llevar a cabo un ataque con \u00e9xito, un atacante debe enga\u00f1ar a su v\u00edctima para que acceda a un sistema comprometido. La v\u00edctima debe tener una sesi\u00f3n activa en el backend de TYPO3 en ese momento. La siguiente configuraci\u00f3n de la cookie Same-Site en $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] son requeridas para que un ataque tenga \u00e9xito: SameSite=strict: malicioso evil.example.org invocando la aplicaci\u00f3n TYPO3 en good.example.org y SameSite=lax o none: malicioso evil.com invocando la aplicaci\u00f3n TYPO3 en example.org. Actualice su instancia a la versi\u00f3n 11.5.0 de TYPO3 que soluciona el problema descrito"
}
],
"id": "CVE-2021-41113",
"lastModified": "2024-11-21T06:25:29.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-10-05T18:15:08.200",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-006"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fr.simon_rundell | ste_prayer2 | * | |
| fr.simon_rundell | ste_prayer2 | 0.0.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:ste_prayer2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A132EEAE-48E8-46A6-9D53-B7B98215E738",
"versionEndIncluding": "0.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fr.simon_rundell:ste_prayer2:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8021678-5C27-435B-AF46-3170791C818C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Random Prayer v2 (ste_prayer2) v0.0.3 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4395",
"lastModified": "2024-11-21T01:09:32.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-22T23:30:00.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 00:11
Modified
2024-11-21 00:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | page_improvements | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:page_improvements:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABFA6FF-77E4-4784-BBFA-C5B0FD62E582",
"versionEndIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Page Improvements (sm_pageimprovements) v1.1.0 y anteriores para TYPO3; permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4661",
"lastModified": "2024-11-21T00:52:13.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-22T00:11:51.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/sm_pageimprovements/0.3.0/info/ChangeLog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/sm_pageimprovements/0.3.0/info/ChangeLog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sk-typo3 | sk_simplegallery | * | |
| sk-typo3 | sk_simplegallery | 0.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sk-typo3:sk_simplegallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B05A0651-3FE0-4229-BE19-BE1EF4B22A1C",
"versionEndIncluding": "0.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sk-typo3:sk_simplegallery:0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F2FFAE14-0710-40FE-9F8F-7663278EB794",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Simple Gallery (sk_simplegallery) v0.0.9 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1019",
"lastModified": "2024-11-21T01:13:26.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38796"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-27 17:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-20081222-4 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/32981 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-20081222-4 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/32981 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | tu-clausthal_staff | * | |
| typo3 | tu-clausthal_staff | 0.0.1 | |
| typo3 | tu-clausthal_staff | 0.1.0 | |
| typo3 | tu-clausthal_staff | 0.1.1 | |
| typo3 | tu-clausthal_staff | 0.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:tu-clausthal_staff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6783231-3D83-4BE8-8D68-42097D9BA3F0",
"versionEndIncluding": "0.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:tu-clausthal_staff:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F50F57ED-1222-44A6-A779-BE28F2017379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:tu-clausthal_staff:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B875BF-EBFF-4C6D-8AF6-01C76CE16A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:tu-clausthal_staff:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DAAF40F-8D32-47D3-8DEA-9B4775E7BF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:tu-clausthal_staff:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0B3F88-C5B3-4191-93F7-1A1E61E6AA9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en TU-Clausthal Personal (tuc_staff) v0.3.0 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6344",
"lastModified": "2024-11-21T00:56:18.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-27T17:30:09.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/32981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/32981"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| michal_hadr | mchtrips | 2.0.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michal_hadr:mchtrips:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "917C7783-1639-45A2-ABEB-1A629B28293B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Trips (mchtrips) v2.0.0 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores inespec\u00edficos."
}
],
"id": "CVE-2009-4166",
"lastModified": "2024-11-21T01:09:04.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-02T17:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 02:15
Modified
2024-11-21 05:48
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p | Third Party Advisory | |
| security-advisories@github.com | https://packagist.org/packages/typo3/cms-core | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2021-005 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packagist.org/packages/typo3/cms-core | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2021-005 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB3125B-114D-4991-BD60-9535D97DD348",
"versionEndExcluding": "9.5.25",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C031A87F-5A82-48F8-AB02-FED0CDFE08A2",
"versionEndExcluding": "10.4.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F696292E-3CC6-416B-9F99-6C1287B1D78D",
"versionEndExcluding": "11.1.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En TYPO3 versiones anteriores a la 9.5.25, 10.4.14, 11.1.1 la solicitud de recursos inv\u00e1lidos o inexistentes a trav\u00e9s de HTTP desencadena el manejador de errores de la p\u00e1gina que de nuevo podr\u00eda recuperar el contenido que se muestra como mensaje de error de otra p\u00e1gina. Esto lleva a un escenario en el que la aplicaci\u00f3n se llama a s\u00ed misma de forma recursiva, amplificando el impacto del ataque inicial hasta que se superan los l\u00edmites del servidor web. Esto se ha corregido en las versiones 9.5.25, 10.4.14 y 11.1.1"
}
],
"id": "CVE-2021-21359",
"lastModified": "2024-11-21T05:48:11.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T02:15:12.893",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-005"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-405"
},
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | mimi_tipfriends | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:mimi_tipfriends:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1B21DB-9C80-420A-8CB5-3F6FA4864218",
"versionEndIncluding": "0.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados(XSS) en la extensi\u00f3n de TYPO3 \"Tip many friends\"(mimi_tipfriends) v0.0.2 y anteriores permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0346",
"lastModified": "2024-11-21T01:12:02.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-15T19:30:01.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:ttpedit:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47CDE8-053A-4F42-AF33-B5D821AF3376",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 \"TT_Products editor\" (ttpedit) v0.0.2 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0338",
"lastModified": "2024-11-21T01:12:01.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 21:15
Modified
2024-11-21 07:03
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "A15251A1-BC05-4C05-AED2-0E2CF75BB054",
"versionEndExcluding": "7.6.57",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "CD542E1B-F3BA-4816-B97D-D877EFADA02D",
"versionEndExcluding": "8.7.47",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "83732441-A020-4401-A274-067B95354BB6",
"versionEndExcluding": "9.5.35",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "272C6A8B-94DB-4A74-BB3A-24CD0486DFA7",
"versionEndExcluding": "10.4.29",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772D645D-5158-416C-BF2C-74E5E43EF1DC",
"versionEndExcluding": "11.5.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto. En versiones anteriores a 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29 y 11.5.11, la funcionalidad de exportaci\u00f3n no limitaba el conjunto de resultados a las columnas permitidas de una tabla de base de datos concreta. De este modo, los usuarios autenticados pueden exportar detalles internos de las tablas de la base de datos a las que ya presentan acceso. TYPO3 versiones 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 corrigen el problema descrito anteriormente. Para abordar este problema, el acceso a la mencionada funcionalidad de exportaci\u00f3n est\u00e1 completamente denegado para los usuarios habituales del backend"
}
],
"id": "CVE-2022-31046",
"lastModified": "2024-11-21T07:03:46.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T21:15:15.987",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| thomas_waggershauser | air_filemanager | * | |
| thomas_waggershauser | air_filemanager | 0.0.4 | |
| thomas_waggershauser | air_filemanager | 0.0.5 | |
| thomas_waggershauser | air_filemanager | 0.0.6 | |
| thomas_waggershauser | air_filemanager | 0.1.1 | |
| thomas_waggershauser | air_filemanager | 0.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomas_waggershauser:air_filemanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36021FC7-FA27-485C-9997-0CF4CC9E8E03",
"versionEndIncluding": "0.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_waggershauser:air_filemanager:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "33C6F9C3-6C82-4F27-A7E6-0094A9FF0B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_waggershauser:air_filemanager:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C106C6C-4AAA-47CC-9BA3-31C8CCC1C476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_waggershauser:air_filemanager:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45AB7A0C-183A-4690-90FF-F22D56833259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_waggershauser:air_filemanager:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F09D15-7D9B-4A53-BA65-F765FB870288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_waggershauser:air_filemanager:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05F8A94D-8D0C-40EA-B202-121BA24C2929",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Frontend Filemanager (air_filemanager) v0.6.1 y anteriroes (extensi\u00f3n para TYPO3) permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos.\r\n"
}
],
"id": "CVE-2008-6685",
"lastModified": "2024-11-21T00:57:11.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29837"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 00:11
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | simplesurvey | * | |
| typo3 | simplesurvey | 1.0.0 | |
| typo3 | simplesurvey | 1.0.1 | |
| typo3 | simplesurvey | 1.0.2 | |
| typo3 | simplesurvey | 1.0.3 | |
| typo3 | simplesurvey | 1.0.4 | |
| typo3 | simplesurvey | 1.0.5 | |
| typo3 | simplesurvey | 1.1.0 | |
| typo3 | simplesurvey | 1.1.1 | |
| typo3 | simplesurvey | 1.2.1 | |
| typo3 | simplesurvey | 1.2.2 | |
| typo3 | simplesurvey | 1.2.3 | |
| typo3 | simplesurvey | 1.2.4 | |
| typo3 | simplesurvey | 1.2.5 | |
| typo3 | simplesurvey | 1.3.0 | |
| typo3 | simplesurvey | 1.3.1 | |
| typo3 | simplesurvey | 1.4.0 | |
| typo3 | simplesurvey | 1.5.0 | |
| typo3 | simplesurvey | 1.5.1 | |
| typo3 | simplesurvey | 1.5.2 | |
| typo3 | simplesurvey | 1.5.3 | |
| typo3 | simplesurvey | 1.5.4 | |
| typo3 | simplesurvey | 1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F242896-9360-4B38-87B5-C6A03FF73B3D",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE067F4-7FCE-44AF-8E38-0A9F4B094F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65DEE3B-33D3-442D-B9E8-36585F00357E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB4840E-BBED-4EAB-AA04-F3193F815735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "484497FB-51D0-47B0-9405-242018F52227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8A74E26A-94CA-4C4F-A792-64A5730811BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "98C7822E-E935-4B51-8A41-8C99A09AA035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1145E3-04DC-4D7F-A9DE-C4ADE6587D77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C8D35-7CAB-4A06-A467-1542FA794698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2186BEA-84A8-4845-BE7B-5B689AA4F619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C851842A-E114-447A-89FE-F35442358A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB2DEB-A82F-4A02-97BA-5E4B1F65B3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF96F1B-16AE-4DB5-A228-B54935D69C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB5372C-1710-4668-8B49-4CB71C61EF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F8083E-752F-43A3-9F71-F367C5A068C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02DE3588-4A36-494C-8AC7-D6A850AA7326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69740413-1D55-4A41-A8DB-C41F244BC586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF167AC-30F2-4E8E-97F6-9ACCF084879C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1C4862-BCB6-4A98-AFDD-929044FB469D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "117AF0F4-073D-42DD-8A2A-5BB9AA1C740F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08C7EB07-A982-48DC-BDC4-E077EB8E4EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "60D3B378-1549-466B-831A-3DA955E78308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:simplesurvey:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A602B7CA-8A9A-42E3-9F8B-11F9167EA8EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Simple survey (simplesurvey) 1.7.0 y versiones anteriores, extensi\u00f3n para TYPO3, que permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4655",
"lastModified": "2024-11-21T00:52:12.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T00:11:51.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32369"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-16 14:59
Modified
2024-11-21 02:34
Severity ?
Summary
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | typo3 | 6.0 | |
| typo3 | typo3 | 6.0.1 | |
| typo3 | typo3 | 6.0.2 | |
| typo3 | typo3 | 6.0.3 | |
| typo3 | typo3 | 6.0.4 | |
| typo3 | typo3 | 6.0.5 | |
| typo3 | typo3 | 6.0.6 | |
| typo3 | typo3 | 6.0.7 | |
| typo3 | typo3 | 6.0.8 | |
| typo3 | typo3 | 6.0.9 | |
| typo3 | typo3 | 6.0.10 | |
| typo3 | typo3 | 6.0.11 | |
| typo3 | typo3 | 6.0.12 | |
| typo3 | typo3 | 6.0.13 | |
| typo3 | typo3 | 6.0.14 | |
| typo3 | typo3 | 6.1 | |
| typo3 | typo3 | 6.1.1 | |
| typo3 | typo3 | 6.1.2 | |
| typo3 | typo3 | 6.1.3 | |
| typo3 | typo3 | 6.1.4 | |
| typo3 | typo3 | 6.1.5 | |
| typo3 | typo3 | 6.1.6 | |
| typo3 | typo3 | 6.1.7 | |
| typo3 | typo3 | 6.1.8 | |
| typo3 | typo3 | 6.1.9 | |
| typo3 | typo3 | 6.2 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.1 | |
| typo3 | typo3 | 6.2.2 | |
| typo3 | typo3 | 6.2.3 | |
| typo3 | typo3 | 6.2.4 | |
| typo3 | typo3 | 6.2.5 | |
| typo3 | typo3 | 6.2.6 | |
| typo3 | typo3 | 6.2.7 | |
| typo3 | typo3 | 6.2.8 | |
| typo3 | typo3 | 6.2.9 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.11 | |
| typo3 | typo3 | 6.2.12 | |
| typo3 | typo3 | 6.2.13 | |
| typo3 | typo3 | 6.2.14 | |
| typo3 | typo3 | 7.0.0 | |
| typo3 | typo3 | 7.1.0 | |
| typo3 | typo3 | 7.2.0 | |
| typo3 | typo3 | 7.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD05FC6-F742-4491-8F5A-CB399741FF32",
"versionEndIncluding": "4.5.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7ACA06-C0C1-4EEA-A629-C453C97660A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C444E62-897D-4C7A-AEC6-C5728166A11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF13769-3F5A-4766-A8DA-8B939CB1AB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFFF68DC-AFBB-4055-83AF-BAFE9C68FBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F0FB1F-45D1-49A8-8882-393B16E6AA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A51F600B-F3BB-4C8A-8188-3F5E4D59114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "313D0192-8849-4DA1-820E-28E2FC4E37C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "265DCFF8-2EC5-49EA-8D06-1956F3109F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEAA4-B0D8-4B5B-8958-173245F55134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E806A38-C603-4916-93E2-FE43062B09C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB5B78-0AD1-4259-8537-058D888B30B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7E6FD-99D0-4F48-B5DF-0EFD4C05079D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC254112-3695-422E-BD5B-B5E65F61B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237EEDFE-DFB0-4D6E-BAA6-7A374A384CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26264C04-D8E1-4780-97C3-13F287ECF11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B89766D-2E3C-4CE9-92ED-8E5A8FF71D31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad en la funci\u00f3n sanitizeLocalUrl en TYPO3 6.x en versiones anteriores a 6.2.15, 7.x en versiones anteriores a 7.4.0, 4.5.40 y versiones anteriores, permite a usuarios remotos autenticados eludir el filtro XSS y realizar ataques de XSS a trav\u00e9s de un URI de datos codificados en base64, seg\u00fan lo demostrado por el (1) par\u00e1metro returnUrl en show_rechis.php y (2) par\u00e1metro redirect_url en index.php."
}
],
"id": "CVE-2015-5956",
"lastModified": "2024-11-21T02:34:12.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-16T14:59:02.837",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Sep/57"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536464/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1033551"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Sep/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536464/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-17 18:30
Modified
2024-11-21 00:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el modulo file backend en TYPO3 v4.2.2 permitir\u00eda a atacantes remotos inyectar comandos web o HTML a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-5644",
"lastModified": "2024-11-21T00:54:32.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-17T18:30:01.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32689"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32284"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3144"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46585"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-27 20:55
Modified
2024-11-21 01:46
Severity ?
Summary
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typoheads | formhandler | * | |
| typoheads | formhandler | 0.9.3 | |
| typoheads | formhandler | 0.9.4 | |
| typoheads | formhandler | 0.9.5 | |
| typoheads | formhandler | 0.9.6 | |
| typoheads | formhandler | 0.9.7 | |
| typoheads | formhandler | 0.9.8 | |
| typoheads | formhandler | 0.9.9 | |
| typoheads | formhandler | 0.9.10 | |
| typoheads | formhandler | 0.9.11 | |
| typoheads | formhandler | 0.9.12 | |
| typoheads | formhandler | 0.9.13 | |
| typoheads | formhandler | 0.9.14 | |
| typoheads | formhandler | 0.9.15 | |
| typoheads | formhandler | 0.9.16 | |
| typoheads | formhandler | 1.0.0 | |
| typoheads | formhandler | 1.1.0 | |
| typoheads | formhandler | 1.2.0 | |
| typoheads | formhandler | 1.3.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typoheads:formhandler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CCC153-4300-4432-8594-679C4616841B",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "600A1B78-85DA-4E95-9F5E-F18C1F0FC18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0393982-19A0-402C-BA22-93F4B350894E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7625E110-1051-4DE8-9B37-96124D1E7B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "066424CE-B605-45E8-A70F-53FDC8842518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0D68E43D-C6AB-4DA6-BAB5-1A29633F7CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "818E5B56-23AF-4690-BD72-2AD94B6E4221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF81164-A0CF-4BFC-A5EB-0AA96BEA7024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DC782F92-D06C-4CEA-B672-F22FC50A0BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8C082526-5190-4354-A3CA-F1274FCAC57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B52E1F-AC47-44F5-9E28-01152985E0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D369BE4A-1E59-4351-AF7D-671F241C549D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "14316BEE-551B-4B48-80D8-F94CA860CC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "260C0408-C199-4253-BF35-3D1E58C8F505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:0.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "91D70754-7157-4BF6-AAD5-FB4618EDE3F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E97CE6-95CA-4674-8B34-338FD0B602BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "719681F1-843D-4235-B04E-DC0BAEEACE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87DD96D4-EE8F-4F43-85FF-93D564BADF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typoheads:formhandler:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1368E706-BA9A-46E5-B8C7-74428A7F118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Formhandler anterior a 1.4.1 para TYPO3, permite a usuarios autenticados remotamente con determinados permisos la ejecuci\u00f3n de comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-6577",
"lastModified": "2024-11-21T01:46:25.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-27T20:55:01.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/formhandler"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/formhandler"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:33
Severity ?
Summary
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.3.12, versiones 4.4.x anteriores a la versi\u00f3n 4.4.9 y versiones 4.5.x anteriores a la versi\u00f3n 4.5.4, permite a atacantes remotos eliminar archivos arbitrarios en el servidor web."
}
],
"id": "CVE-2011-4902",
"lastModified": "2024-11-21T01:33:16.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:11.267",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4902"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-20 16:15
Modified
2024-11-21 06:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8477AF00-17EA-4F9D-818D-A59897C41D9A",
"versionEndIncluding": "7.6.51",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F7D347-2524-4871-9DBA-48700A13FFFA",
"versionEndIncluding": "8.7.40",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F68F2ED5-323B-4FBF-B9CD-C69ED5C525CC",
"versionEndIncluding": "9.5.27",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC70DEB-32D3-4BD7-B688-8ADDC3BD0A0A",
"versionEndIncluding": "10.4.17",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E02E5F61-C393-4ECD-AC4C-D15276DE72E9",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En versiones 9.0.0 hasta 9.5.27, 10.0.0 hasta 10.4.17, y 11.0.0 hasta 11.3.0, unas credenciales de usuarios pueden ser registradas como texto plano. Esto ocurre cuando se usa expl\u00edcitamente el nivel de registro de depuraci\u00f3n, que no es la configuraci\u00f3n predeterminada. TYPO3 versiones 9.5.28, 10.4.18 y 11.3.1, contienen un parche para esta vulnerabilidad"
}
],
"id": "CVE-2021-32767",
"lastModified": "2024-11-21T06:07:42.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-20T16:15:07.890",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-012"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 08:15
Modified
2024-11-21 06:48
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FC0F47-4C30-4162-8A7E-3C427D1C3596",
"versionEndExcluding": "10.4.33",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED21674D-027A-4DDC-AAD5-B7D58B309171",
"versionEndExcluding": "11.5.20",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9BE74F-BB15-48C5-AF1E-7B4197AE8F5B",
"versionEndExcluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web basado en PHP de c\u00f3digo abierto. En versiones anteriores a 10.4.33, 11.5.20 y 12.1.1, cuando los usuarios restablec\u00edan su contrase\u00f1a utilizando la funci\u00f3n de recuperaci\u00f3n de contrase\u00f1a correspondiente, las sesiones existentes para esa cuenta de usuario en particular no se revocaban. Esto se aplic\u00f3 tanto a las sesiones de usuarios frontend como a las sesiones de usuarios backend. Este problema est\u00e1 solucionado en las versiones 10.4.33, 11.5.20, 12.1.1."
}
],
"id": "CVE-2022-23502",
"lastModified": "2024-11-21T06:48:41.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T08:15:10.590",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-03 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFFF68DC-AFBB-4055-83AF-BAFE9C68FBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F0FB1F-45D1-49A8-8882-393B16E6AA34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B6650206-8DD5-4D05-BBD2-15A12842117B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9712BC-E1C2-46AF-8111-DE5523DFF3DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC1BD2-CB44-4C0F-8B87-6272AEEBDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D7129E4A-834D-4405-853B-89F1BD7965E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7ACA06-C0C1-4EEA-A629-C453C97660A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C444E62-897D-4C7A-AEC6-C5728166A11A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object."
},
{
"lang": "es",
"value": "El componente Color Picker Wizard en TYPO3 4.5.0 anterior a 4.5.34, 4.7.0 anterior a 4.7.19, 6.0.0 anterior a 6.0.14 y 6.1.0 anterior a 6.1.9 permite a editores remotos autenticados ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un objeto PHP serializado."
}
],
"id": "CVE-2014-3942",
"lastModified": "2024-11-21T02:09:11.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-03T14:55:10.990",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-27 20:55
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3ds | push2rss_3ds | * | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3ds:push2rss_3ds:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC137ED-BF22-47CE-A0A2-1AED321E4409",
"versionEndIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el feed RSS de extensi\u00f3n de los registros v1.0.0 y versiones anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4721",
"lastModified": "2024-11-21T01:56:08.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-27T20:55:01.873",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90411"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82218"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-02 20:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snowflake:t3blog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "048146A4-6E59-4BC7-9443-015B6F11B97E",
"versionEndIncluding": "0.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:snowflake:t3blog:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB79DB7-1BBE-44F3-B2B9-FD2C4CBB5471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:snowflake:t3blog:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35B7C3D5-EA62-4947-81B6-9E5379EE0C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:snowflake:t3blog:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A99530DC-9A8A-4CA7-A408-A25FF86D4CA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n T3BLOG v0.6.2 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-0798",
"lastModified": "2024-11-21T01:12:59.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-02T20:30:00.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38388"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joachim_ruhs | locator | * | |
| joachim_ruhs | locator | 1.0.6 | |
| joachim_ruhs | locator | 1.0.7 | |
| joachim_ruhs | locator | 1.1.0 | |
| joachim_ruhs | locator | 1.1.8 | |
| joachim_ruhs | locator | 1.2.6 | |
| joachim_ruhs | locator | 1.2.8 | |
| joachim_ruhs | locator | 2.9.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0E50B7-BFC5-4D67-BA22-DF468BE7DB14",
"versionEndIncluding": "2.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5ECFDF7-213D-4944-A0E6-8272652ADA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "913B844F-8AFC-4391-B79B-E196586B310C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A0290-0EEE-4813-93CA-BC60FC3C43D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "60134DFF-645C-4B84-8BD9-298BDEFF7319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0532E4-864F-4C49-8502-EA50ABB3B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B1127280-D4F7-4D98-996E-5E2273A6383D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D002E085-94EB-4F4C-A1D9-458D094FF411",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Store Locator (locator) anterior a v3.1.5 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos."
}
],
"id": "CVE-2013-5304",
"lastModified": "2024-11-21T01:57:16.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-16T17:55:09.510",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95962"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54350"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61606"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86230"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:xds_staff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E96118D-8E10-4166-A2AA-21FE96CB6384",
"versionEndIncluding": "0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extension XDS Staff List (xds_staff) v0.0.3 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4392",
"lastModified": "2024-11-21T01:09:32.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-22T23:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.2.15 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.3.7 | |
| typo3 | typo3 | 4.3.8 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio enmod/tools/em/class.em_unzip.php en la librer\u00eda unzip library en TYPO3 v4.2.x anteriores a v4.2.16, v4.3.x anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5, permite a atacantes remotos escribir ficheros a trav\u00e9s de par\u00e1metros no especificados."
}
],
"id": "CVE-2010-5102",
"lastModified": "2024-11-21T01:22:30.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-21T20:55:17.507",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.typo3.org/view.php?id=16362"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "secalert@redhat.com",
"url": "http://securesystems.ca/advisory.php?id=2010-001"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/70119"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.typo3.org/view.php?id=16362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securesystems.ca/advisory.php?id=2010-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sebastian_winterhalder | mailform | * | |
| sebastian_winterhalder | mailform | 0.9.10 | |
| sebastian_winterhalder | mailform | 0.9.12 | |
| sebastian_winterhalder | mailform | 0.9.13 | |
| sebastian_winterhalder | mailform | 0.9.14 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sebastian_winterhalder:mailform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEA0E21-5E12-4F2D-8670-A5309911F441",
"versionEndIncluding": "0.9.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sebastian_winterhalder:mailform:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA20DBAA-ECBD-40E5-B026-F249B8AC2E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sebastian_winterhalder:mailform:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59B04ECA-6293-4B24-91DE-1948C03C5060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sebastian_winterhalder:mailform:0.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "41FD1569-B84A-400D-8D98-0EA5156975F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sebastian_winterhalder:mailform:0.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D3437641-5BD5-4D96-860A-1A90D66F65E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Mailform (mailform) anterior a la v0.9.24 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4706",
"lastModified": "2024-11-21T01:10:15.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-15T21:30:00.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:11
Severity ?
Summary
SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| matthias_karr | mk_anydropdownmenu | * | |
| matthias_karr | mk_anydropdownmenu | 0.3.10 | |
| matthias_karr | mk_anydropdownmenu | 0.3.12 | |
| matthias_karr | mk_anydropdownmenu | 0.3.13 | |
| matthias_karr | mk_anydropdownmenu | 0.3.23 | |
| matthias_karr | mk_anydropdownmenu | 0.3.25 | |
| matthias_karr | mk_anydropdownmenu | 0.3.26 | |
| matthias_karr | mk_anydropdownmenu | 0.3.27 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matthias_karr:mk_anydropdownmenu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D59705-4D16-4943-BF8C-B63BE7D1B239",
"versionEndIncluding": "0.3.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_karr:mk_anydropdownmenu:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7E93A41E-4D04-46F0-BB36-656FB3BE32F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_karr:mk_anydropdownmenu:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FFD611-6A69-4249-96B3-383DB187F38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_karr:mk_anydropdownmenu:0.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDCFC40-A201-4A54-BBDF-CE573389AF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_karr:mk_anydropdownmenu:0.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A509FBB1-3E60-4BFE-99FF-D68B1CC08B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_karr:mk_anydropdownmenu:0.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C5A30-07A0-45EF-9BEA-31631795E9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_karr:mk_anydropdownmenu:0.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A01AD067-9125-45E7-A8EA-3638836BFD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_karr:mk_anydropdownmenu:0.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "6227EEA8-9516-493A-A549-45798941DB75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n init de la extensi\u00f3n de TYPO3 \"MK-AnydropdownMenu\" v0.3.28 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0322",
"lastModified": "2024-11-21T01:11:58.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/info/ChangeLog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/info/ChangeLog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | ws_gallery | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:ws_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD486EA-1003-44E4-B02F-1C36C9B56E8C",
"versionEndIncluding": "1.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Webesse Image Gallery (ws_gallery) v1.0.4 y anteriores de TYPO3 permite a usuarios remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores de ataque sin especificar."
}
],
"id": "CVE-2009-4703",
"lastModified": "2024-11-21T01:10:15.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-15T21:30:00.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | job_reports | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:job_reports:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD9098C-547B-4E8D-9E8E-B18A94D9BEE1",
"versionEndIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 de informes de trabajos (job_reports) v0.1.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0342",
"lastModified": "2024-11-21T01:12:01.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:01.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 08:15
Modified
2024-11-21 06:48
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D362D0-52EC-4A95-B01D-EF310ADD8C4F",
"versionEndExcluding": "9.5.38",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FC0F47-4C30-4162-8A7E-3C427D1C3596",
"versionEndExcluding": "10.4.33",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED21674D-027A-4DDC-AAD5-B7D58B309171",
"versionEndExcluding": "11.5.20",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9BE74F-BB15-48C5-AF1E-7B4197AE8F5B",
"versionEndExcluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web basado en PHP de c\u00f3digo abierto. Las versiones anteriores a 9.5.38, 10.4.33, 11.5.20 y 12.1.1 est\u00e1n sujetas a divulgaci\u00f3n de informaci\u00f3n confidencial. Debido a la falta de manejo de expresiones de marcador de posici\u00f3n YAML enviadas por los usuarios en el m\u00f3dulo backend de configuraci\u00f3n del sitio, los atacantes podr\u00edan exponer informaci\u00f3n interna confidencial, como la configuraci\u00f3n del sistema o mensajes de solicitud HTTP de otros visitantes del sitio web. Se necesita una cuenta de usuario de backend v\u00e1lida con privilegios de administrador para aprovechar esta vulnerabilidad. Este problema se solucion\u00f3 en las versiones 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
}
],
"id": "CVE-2022-23504",
"lastModified": "2024-11-21T06:48:42.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T08:15:10.830",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-917"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-917"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | pb_clanlist | 0.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:pb_clanlist:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBD9591-B15D-4E68-B890-433A97BDB0A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 de lista de Usuarios de un Clan (pb_clanlist) v0.0.1 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0343",
"lastModified": "2024-11-21T01:12:01.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:01.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 14:43
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elemente | ast_addresszipsearch | 0.5.4 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elemente:ast_addresszipsearch:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B783D180-A887-4199-B6A3-A744A1BCCDB4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n AST ZipCodeSearch (ast_addresszipsearch) 0.5.4 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4966",
"lastModified": "2024-11-21T01:10:53.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-28T14:43:41.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36135"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 20:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3672 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3672 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA44A2-E2AE-46D7-B1DB-850CFA4EACE5",
"versionEndExcluding": "4.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3n 4.4.1, permite un ataque de tipo XSS en el asistente de vista de \u00e1rea de texto en una extensi\u00f3n extbase."
}
],
"id": "CVE-2010-3672",
"lastModified": "2024-11-21T01:19:21.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T20:15:10.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3672"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-01 23:55
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kurt_gusbeth | myquizpoll | * | |
| kurt_gusbeth | myquizpoll | 0.1.1 | |
| kurt_gusbeth | myquizpoll | 0.1.2 | |
| kurt_gusbeth | myquizpoll | 0.1.3 | |
| kurt_gusbeth | myquizpoll | 0.1.4 | |
| kurt_gusbeth | myquizpoll | 0.1.5 | |
| kurt_gusbeth | myquizpoll | 0.1.6 | |
| kurt_gusbeth | myquizpoll | 0.1.7 | |
| kurt_gusbeth | myquizpoll | 0.2.0 | |
| kurt_gusbeth | myquizpoll | 0.2.1 | |
| kurt_gusbeth | myquizpoll | 0.2.2 | |
| kurt_gusbeth | myquizpoll | 0.3.0 | |
| kurt_gusbeth | myquizpoll | 0.4.0 | |
| kurt_gusbeth | myquizpoll | 1.0.0 | |
| kurt_gusbeth | myquizpoll | 1.0.1 | |
| kurt_gusbeth | myquizpoll | 1.1.0 | |
| kurt_gusbeth | myquizpoll | 1.2.0 | |
| kurt_gusbeth | myquizpoll | 1.3.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B1D067-D389-489E-B21E-FAC04F9AD38F",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C806DFE-28CA-4F1E-ACF9-C99F4798641E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAD8BA8-3780-4593-B05A-681F48B1C061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21191D1D-BA85-4A02-A13E-4E5D287C7D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13A22248-5D40-45B5-8942-53ED1B4CD178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EFB638-678D-47BF-B85F-771DD22F41F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7393DF1B-A4F1-4FAA-B177-AB6A294A3E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "056C6441-72EC-47C8-84AC-92426F07CE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0454AE0A-8282-4BC5-96FB-299FA17237FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF9AD2-61A3-4D5E-B599-A1DBCEF8AABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E598C81-B3D6-436E-9396-2DE9E0369862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A170A44-F000-4ACE-BAF5-68C393757F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03BE6F2F-D451-49DC-BED5-32C7E0C76476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB403D1B-AA59-47FE-9E33-C5C2673E1882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44677CFB-BF60-45CC-95ED-A20AD9A69D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "416326F5-7310-45D8-9FD4-4A09941D6579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22949A73-EA05-444F-840E-229A9EF8FC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FCF487-6825-4936-9507-7D6352BDD69F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n My quiz and poll (myquizpoll) anterior a 2.0.6 para TYPO3, permite a atacantes remotos la ejecuci\u00f3n arbitraria de comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4745",
"lastModified": "2024-11-21T01:56:17.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-01T23:55:01.053",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90410"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-20 23:55
Modified
2024-11-21 01:55
Severity ?
Summary
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| raphael_zschorsch | rzautocomplete | 0.0.2 | |
| raphael_zschorsch | rzautocomplete | 0.0.3 | |
| raphael_zschorsch | rzautocomplete | 0.0.4 | |
| raphael_zschorsch | rzautocomplete | 0.0.5 | |
| raphael_zschorsch | rzautocomplete | 0.0.6 | |
| raphael_zschorsch | rzautocomplete | 0.0.7 | |
| raphael_zschorsch | rzautocomplete | 0.0.8 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:raphael_zschorsch:rzautocomplete:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73E77AF0-A0D8-4923-8F2B-5FD93DFA621D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:raphael_zschorsch:rzautocomplete:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77206BE4-ABA4-42B7-AE4B-FEBCFCC4F585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:raphael_zschorsch:rzautocomplete:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B468464-66E3-4FCE-B291-C85B1833D86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:raphael_zschorsch:rzautocomplete:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3F8EA-63A5-4FE6-A94C-098B4EFA74AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:raphael_zschorsch:rzautocomplete:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0122ECD1-78A3-4043-A71F-B2866030D308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:raphael_zschorsch:rzautocomplete:0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0B1FD6-8BD3-4C16-A0D6-511952707A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:raphael_zschorsch:rzautocomplete:0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4FE3AC-CA8B-4DB7-A77E-18A587E925A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el autocompletado de jQuery para la extensi\u00f3n indexed_search (rzautocomplete) antes de v0.0.9 de TYPO3 que permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4634",
"lastModified": "2024-11-21T01:55:58.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-20T23:55:00.870",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93815"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53633"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/rzautocomplete"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/60276"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/rzautocomplete"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84659"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-23 14:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andreas_schwarzkopf | accessibility_glossary | * | |
| andreas_schwarzkopf | accessibility_glossary | 0.4.0 | |
| andreas_schwarzkopf | accessibility_glossary | 0.4.7 | |
| andreas_schwarzkopf | accessibility_glossary | 0.4.8 | |
| andreas_schwarzkopf | accessibility_glossary | 0.4.9 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andreas_schwarzkopf:accessibility_glossary:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9535FFA3-09D1-4CC7-B7C5-757B6C50E0DE",
"versionEndIncluding": "0.4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_schwarzkopf:accessibility_glossary:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23B75680-44E1-4F54-A69E-C4797CEA4E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_schwarzkopf:accessibility_glossary:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8C3E03-3759-4E61-8D62-F129B54C78AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_schwarzkopf:accessibility_glossary:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98E9B4D3-8F06-46D3-8C00-511F4E5196A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_schwarzkopf:accessibility_glossary:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5265B060-E8BD-4C27-8B9B-BDF0CEB662E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3 SQL en la extensi\u00f3n Accessibility Glossary (a21glossary) v0.4.10 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados. \r\n"
}
],
"evaluatorComment": "A fix for this vulnerability was included in 0.4.11. The latest release can be downloaded at:\r\n\r\nhttp://typo3.org/extensions/repository/view/a21glossary/current/",
"id": "CVE-2009-4803",
"lastModified": "2024-11-21T01:10:30.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-23T14:30:00.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-20 15:15
Modified
2024-11-21 06:07
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F7D347-2524-4871-9DBA-48700A13FFFA",
"versionEndIncluding": "8.7.40",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8EC2D0-D2D7-4512-8B9B-946186B03111",
"versionEndIncluding": "9.5.28",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC70DEB-32D3-4BD7-B688-8ADDC3BD0A0A",
"versionEndIncluding": "10.4.17",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E02E5F61-C393-4ECD-AC4C-D15276DE72E9",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. Unas versiones 9.0.0 hasta 9.5.28, versiones 10.0.0 hasta 10.4.17 y versiones 11.0.0 hasta 11.3.0, presentan una vulnerabilidad de tipo cross-site scripting. Cuando los mensajes de error no son codificados apropiadamente, los componentes _QueryGenerator_ y _QueryView_ son vulnerables a un ataque de tipo cross-site scripting reflejado y persistente. Es necesaria una cuenta de usuario backend v\u00e1lida con privilegios de administrador para explotar esta vulnerabilidad. TYPO3 versiones 9.5.29, 10.4.18 y 11.3.1, contienen un parche para este problema"
}
],
"id": "CVE-2021-32668",
"lastModified": "2024-11-21T06:07:29.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-20T15:15:10.007",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-010"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2 | |
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.2.15 | |
| typo3 | typo3 | 4.3 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.3.7 | |
| typo3 | typo3 | 4.3.8 | |
| typo3 | typo3 | 4.4 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el objeto de contenido FORM de TYPO3 4.2.x before 4.2.16, 4.3.x anteriores a 4.3.9, y 4.4.x anteriores a 4.4.5. Permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de vectores sin especificar."
}
],
"id": "CVE-2010-5098",
"lastModified": "2024-11-21T01:22:30.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-21T20:55:16.617",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/70122"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64179"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-25 20:01
Modified
2024-11-21 01:19
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.4 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relativos a (1) la funci\u00f3n RemoveXSS, y permitir a usuarios remotos autenticados inyectar secuencias de comandos web o HTML mediante vectores relacionados con (2) el panel de control (backend)."
}
],
"id": "CVE-2010-3715",
"lastModified": "2024-11-21T01:19:27.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-10-25T20:01:04.550",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43786"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | toi_category | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:toi_category:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA96639F-318F-45CF-8C01-EC85AE253365",
"versionEndIncluding": "0.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos SQL en la extensi\u00f3n Category-System (toi_category) v0.6.0 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1072",
"lastModified": "2024-11-21T01:36:21.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T17:55:02.820",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78785"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51834"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72958"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-31 11:30
Modified
2024-11-21 00:54
Severity ?
Summary
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | eluna_page_comments_extension | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:eluna_page_comments_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D2D353-0E6C-46F3-9259-C9EFC1419215",
"versionEndIncluding": "1.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n eluna Page Comments (eluna_pagecomments) v1.1.2 y anteriores en TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2008-5796",
"lastModified": "2024-11-21T00:54:55.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-31T11:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32638"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32228"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46468"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thomas_hempel | th_ultracards | * | |
| thomas_hempel | th_ultracards | 0.3.0 | |
| thomas_hempel | th_ultracards | 0.4.0 | |
| thomas_hempel | th_ultracards | 0.4.1 | |
| thomas_hempel | th_ultracards | 0.4.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomas_hempel:th_ultracards:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5A4821-1D62-4444-86F8-5C9AD323B6B0",
"versionEndIncluding": "0.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_hempel:th_ultracards:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81D8184D-C19D-4E01-B730-725A7F2AC95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_hempel:th_ultracards:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E20FA4B7-7BDA-4264-B4EB-C404E0B3D9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_hempel:th_ultracards:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38318AE8-6F25-444D-86C9-67F263B9C757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_hempel:th_ultracards:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDF4EE1-0C3F-4D2B-9623-EDD8AC95E837",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n ultraCards (th_ultracards), en versiones anteriores a la 0.5.1, para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4955",
"lastModified": "2024-11-21T01:10:51.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-22T18:30:03.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 14:43
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| christian_ehmann | event_registr | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christian_ehmann:event_registr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A182934A-ED57-470E-B4B3-16517A55D6C4",
"versionEndIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Event Registration (event_registr) v1.0.0 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados"
}
],
"id": "CVE-2009-4968",
"lastModified": "2024-11-21T01:10:53.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-28T14:43:41.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36136"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | brainstorming | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:brainstorming:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F67998-810C-4C29-B833-E7415E989848",
"versionEndIncluding": "0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Brainstorming v0.1.8 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1006",
"lastModified": "2024-11-21T01:13:24.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-09 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dev-team_typoheads | webkitpdf | * | |
| dev-team_typoheads | webkitpdf | 1.0.2 | |
| dev-team_typoheads | webkitpdf | 1.1.0 | |
| dev-team_typoheads | webkitpdf | 1.1.1 | |
| dev-team_typoheads | webkitpdf | 1.1.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA1AF39-CD17-4AA0-807E-82285EF8323F",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F88B7BF3-08ED-4607-9F92-0F39972BACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2A68CE-FAC5-4B31-96B2-36C3B9FA83FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80F4F789-C815-4C5C-A05A-89485C5FEB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C69EEF51-A6F7-49D2-908E-6CA09BF84704",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n Webkit PDF (webkitpdf) anterior a v1.1.4 para TYPO3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-4962",
"lastModified": "2024-11-21T01:22:10.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-09T10:55:45.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42381"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61058"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | toi_category | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:toi_category:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA96639F-318F-45CF-8C01-EC85AE253365",
"versionEndIncluding": "0.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerablidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Category-System (toi_category) v0.6.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1073",
"lastModified": "2024-11-21T01:36:21.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:02.853",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78784"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51834"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72957"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2024-11-21 01:07
Severity ?
Summary
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9297C028-4875-4370-8A47-E5BB4DC04A20",
"versionEndIncluding": "4.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8B51D2-B985-405E-8D87-1572D5096F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AB9DE7-3AB0-4B5B-9825-486111386852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D954FE3D-B766-4D39-B0CA-31A24EDB362C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE3831-400B-4974-9C69-6787CF03433A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "66333A00-5D7D-4467-9495-79D715EBAB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "71E7C6DF-C63B-4B16-9107-3C15490951D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEAD468-F39F-4B92-9ABD-F43C636B1145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6154F853-6DAF-4A34-8019-CB5BA87CCA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67CF0EA5-E984-40BE-BA90-1C85568A0525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "395C04FB-3390-4E97-B2F1-BEF9C42F15E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "349BDDAD-35AE-44B6-9623-1ABAAFA16D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C553D36B-B446-4D63-B37F-FA32D1E5A524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "33152254-3B0B-4413-90F3-72A8B1ADDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*",
"matchCriteriaId": "78413B61-AAB7-485D-BD24-C8A6D7631281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B002D-18FD-4C6A-97C0-AA9C83ABD382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3885B69F-B9C0-488F-8775-E8E801418E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EAF89-59F9-4D06-A7AE-175816BB7E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3390E31-A149-4D83-94D2-63AF63D02A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF63F45-3E42-4DD6-ABD3-BA67D04C8A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "231CD899-2DC5-42CD-A4F9-4D00C2C11159",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element."
},
{
"lang": "es",
"value": "El subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a atacantes remotos autenticados determinar la clave de encriptaci\u00f3n a trav\u00e9s de una entrada modificada al elemento de formulario tt_content."
}
],
"id": "CVE-2009-3628",
"lastModified": "2024-11-21T01:07:50.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-02T15:30:00.593",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53917"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-20 15:55
Modified
2024-11-21 01:50
Severity ?
Summary
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "495B1280-1C65-45FE-B5C5-ED1BD7AF429F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6CE19A-3985-45AC-9DF5-64572AA9ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA8422F-5A4B-4696-AF31-F1128FCF482F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en el mecanismo de Access tracking en TYPO3 en v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3, permite a atacantes remotos redireccionar a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-1843",
"lastModified": "2024-11-21T01:50:30.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-20T15:55:01.003",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52433"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52638"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/90924"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/90924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58330"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-22 23:30
Modified
2024-11-21 00:59
Severity ?
Summary
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.0.8 | |
| typo3 | typo3 | 4.0.9 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.1.7 | |
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en la librer\u00eda de autenticaci\u00f3n en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a v4.1.7 y v4.2.0 a v4.2.3, permite a atacantes remotos secuestrar sesiones web mediante vectores no especificados, en relaci\u00f3n con (1) el interfaz externo y (2) la autenticaci\u00f3n del interfaz interno."
}
],
"id": "CVE-2009-0256",
"lastModified": "2024-11-21T00:59:27.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-22T23:30:04.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33617"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33679"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-09 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| martin_hesse | mh_branchenbuch | * | |
| martin_hesse | mh_branchenbuch | 0.7.95 | |
| martin_hesse | mh_branchenbuch | 0.8.0 | |
| martin_hesse | mh_branchenbuch | 0.8.1 | |
| martin_hesse | mh_branchenbuch | 0.8.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:martin_hesse:mh_branchenbuch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B72183C-40CB-48E7-A893-41F4D6BAB0A4",
"versionEndIncluding": "0.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:martin_hesse:mh_branchenbuch:0.7.95:*:*:*:*:*:*:*",
"matchCriteriaId": "2D311075-F59E-49B5-8FEF-4F5B020F5CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:martin_hesse:mh_branchenbuch:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57DD62B3-47D5-4304-9070-5BB26FD24AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:martin_hesse:mh_branchenbuch:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75F1B7E1-905E-44F6-A278-B3CDB18362CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:martin_hesse:mh_branchenbuch:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101811E9-554B-4570-A719-276BC004B1E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Branchenbuch (tambi\u00e9n conocido como Yellow Pages o mh_branchenbuch) anterior a v0.9.1 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros desconocidos"
}
],
"id": "CVE-2010-4960",
"lastModified": "2024-11-21T01:22:10.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-09T10:55:44.893",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/67032"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40951"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42365"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/67032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mh_branchenbuch/0.9.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61054"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 22:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3662 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3662 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.1.14, versiones 4.2.x anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3 n4.4.1, permite una inyecci\u00f3n SQL en el back-end."
}
],
"id": "CVE-2010-3662",
"lastModified": "2024-11-21T01:19:20.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T22:15:10.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3662"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-25 20:01
Modified
2024-11-21 01:20
Severity ?
Summary
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.4 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Extension Manager en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 permite a administradores remotos autenticados leer y posiblemente modificar ficheros de su elecci\u00f3n a trav\u00e9s de par\u00e1metros manipulados, es una vulnerabilidad distinta a CVE-2010-3714."
}
],
"id": "CVE-2010-4068",
"lastModified": "2024-11-21T01:20:09.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-25T20:01:04.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43786"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-28 10:30
Modified
2024-11-21 01:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:solr:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF45D7B-17B0-46C2-8AE1-587F7E9DE22A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Apache Solr Search (solr) extension v1.0.0 para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-3821",
"lastModified": "2024-11-21T01:08:15.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-28T10:30:00.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:33
Severity ?
Summary
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.5.4 allows Information Disclosure in the backend."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.5.4, permite una divulgaci\u00f3n de informaci\u00f3n en el back-end."
}
],
"id": "CVE-2011-4900",
"lastModified": "2024-11-21T01:33:15.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:11.113",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4900"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-25 20:01
Modified
2024-11-21 01:19
Severity ?
Summary
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.4 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de jumpUrl (tambi\u00e9n conocido como seguimiento de acceso) en tslib/class.tslib_fe.php en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 no compara de forma adecuada ciertos valores hash durante las decisiones de control de acceso, lo que permite a atacantes remotos leer ficheros de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos.\r\n"
}
],
"id": "CVE-2010-3714",
"lastModified": "2024-11-21T01:19:27.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-25T20:01:04.473",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43786"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:33
Severity ?
Summary
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.3.12, versiones 4.4.x anteriores a la versi\u00f3n 4.4.9 y versiones 4.5.x anteriores a la versi\u00f3n 4.5.4, permite a atacantes remotos extraer informaci\u00f3n arbitraria de la base de datos de TYPO3."
}
],
"id": "CVE-2011-4901",
"lastModified": "2024-11-21T01:33:16.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:11.190",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4901"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 08:15
Modified
2024-11-21 06:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF93898C-EDE9-4B25-A859-6BF216B87D9D",
"versionEndExcluding": "8.7.49",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D362D0-52EC-4A95-B01D-EF310ADD8C4F",
"versionEndExcluding": "9.5.38",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FC0F47-4C30-4162-8A7E-3C427D1C3596",
"versionEndExcluding": "10.4.33",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED21674D-027A-4DDC-AAD5-B7D58B309171",
"versionEndExcluding": "11.5.20",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9BE74F-BB15-48C5-AF1E-7B4197AE8F5B",
"versionEndExcluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web basado en PHP de c\u00f3digo abierto. Las versiones anteriores a 8.7.49, 9.5.38, 10.4.33, 11.5.20 y 12.1.1 son vulnerables a la inyecci\u00f3n de c\u00f3digo. Debido a la falta de separaci\u00f3n de los datos enviados por el usuario de la configuraci\u00f3n interna en el m\u00f3dulo backend de Form Designer, es posible inyectar instrucciones de c\u00f3digo para procesarlas y ejecutarlas a trav\u00e9s de TypoScript como c\u00f3digo PHP. Para aprovechar esta vulnerabilidad se necesita la existencia de instrucciones TypoScript individuales para un elemento de formulario en particular y una cuenta de usuario backend v\u00e1lida con acceso al m\u00f3dulo de formulario. Este problema se solucion\u00f3 en las versiones 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."
}
],
"id": "CVE-2022-23503",
"lastModified": "2024-11-21T06:48:42.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T08:15:10.700",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 00:11
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | jobcontrol | * | |
| typo3 | jobcontrol | 0.0.0 | |
| typo3 | jobcontrol | 1.0.0 | |
| typo3 | jobcontrol | 1.0.1 | |
| typo3 | jobcontrol | 1.1 | |
| typo3 | jobcontrol | 1.1.1 | |
| typo3 | jobcontrol | 1.2 | |
| typo3 | jobcontrol | 1.3 | |
| typo3 | jobcontrol | 1.4 | |
| typo3 | jobcontrol | 1.5 | |
| typo3 | jobcontrol | 1.6 | |
| typo3 | jobcontrol | 1.7 | |
| typo3 | jobcontrol | 1.8 | |
| typo3 | jobcontrol | 1.8.1 | |
| typo3 | jobcontrol | 1.8.2 | |
| typo3 | jobcontrol | 1.8.3 | |
| typo3 | jobcontrol | 1.9 | |
| typo3 | jobcontrol | 1.9.1 | |
| typo3 | jobcontrol | 1.9.2 | |
| typo3 | jobcontrol | 1.9.3 | |
| typo3 | jobcontrol | 1.9.4 | |
| typo3 | jobcontrol | 1.9.5 | |
| typo3 | jobcontrol | 1.10.0 | |
| typo3 | jobcontrol | 1.10.1 | |
| typo3 | jobcontrol | 1.10.2 | |
| typo3 | jobcontrol | 1.10.3 | |
| typo3 | jobcontrol | 1.11.0 | |
| typo3 | jobcontrol | 1.11.1 | |
| typo3 | jobcontrol | 1.11.2 | |
| typo3 | jobcontrol | 1.12.0 | |
| typo3 | jobcontrol | 1.13.0 | |
| typo3 | jobcontrol | 1.14.0 | |
| typo3 | jobcontrol | 1.15.0 | |
| typo3 | jobcontrol | 1.15.1 | |
| typo3 | jobcontrol | 1.15.2 | |
| typo3 | jobcontrol | 1.15.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C03C24A7-8C42-4E9F-AB4E-DF4BED771448",
"versionEndIncluding": "1.15.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAC766E-B1CD-46F4-AEFA-1E68768E8819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5846A3C1-5C1C-4DC0-85EE-2FFBA0DFE1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F70BF5D-CBED-4A26-8200-9EDF8396B383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3B6D1E-15B4-43FE-A236-E4D02520DC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "800F03FB-E265-476D-A291-B5F53C75A5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E937CC1F-9F88-49A9-AD16-62ADAA8D55FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "819E4145-5FFE-49CA-91FC-75755478D0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA66AF6-0F8F-43F5-B0D5-A534338D4D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E12955-CBEC-4AEF-932F-9FE0D6B1A734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "72CF2A47-58B3-4628-9FAE-B2CED784562D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB6E779-77E7-490E-B57E-BD0D5596E54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "78ACF2D8-AC99-43A3-8B8E-AC549E7BA815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA5C33-E505-42DB-9B4C-99800907AD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9B8495-828D-407D-9283-FB0FC7C3D756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70497A42-264D-4C71-BEC5-613EB7D005CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "93B25DE6-B56A-4F43-95EC-469CF0A21728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C167D767-5105-4342-95A9-4B062DA23198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "006252F1-D4D8-46DB-AEFE-E96EBC17405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1853DC-24BE-4F0F-9C16-19BFA3CFDB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD87AA7-1F71-433C-9D48-A4DF4B39C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B040E669-4DF9-4949-9699-8BA5650BEAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61D6DC9A-FA53-43CF-B755-64F515BD3711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8372FE47-D502-4BAF-A703-F2B9D3C8B32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC7B3F2A-4B80-4FA6-BA52-01675BCA00A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "875F2374-088E-411F-BFD4-6CC43F23DA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05336E07-D5DF-44BC-8B67-C7E802A0A27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A97D89-C7B0-425C-90A9-00E59249ABE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85ED59D6-AE2A-494C-B98D-7D132FABB946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46ABBEC8-C2DD-44BA-BB59-FC80A0C89433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237DE41B-CFB1-425F-93F2-513153DC001D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5BA8EE-A221-46E7-A23A-64198F367349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4656CCF-9C97-4DE0-9E4E-2069FA8867E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69CE8E4B-656A-4757-B631-A7B6B4BF56EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFD7E36-EAE8-4937-B89F-A55C6387F743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:jobcontrol:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF276B5D-D830-43C3-B4C9-DD4147032861",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n JobControl (dmmjobcontrol) v1.15.4 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4658",
"lastModified": "2024-11-21T00:52:12.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T00:11:51.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32342"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31840"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-28 10:30
Modified
2024-11-21 01:08
Severity ?
Summary
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37095 | Vendor Advisory | |
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37095 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18A420CC-4277-48B2-9A66-6DDAC9044EF1",
"versionEndIncluding": "1.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95424F48-8382-4CB2-8646-B4728DCE69FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "170E0D7E-9604-4A0C-829E-BCC4ACBC060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "283B2C4F-B621-439F-803E-65BA70628662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED37F65-7DC9-4BDE-B263-A438D17D8DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9A56F4-8AA3-4D34-8AB1-57598BE75046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49B8DB2-64A4-41FE-B58C-B4306272C30B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A02063A7-37EC-4EE4-B125-98D217B7E9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE27643-45FF-4CF0-B371-E44555F19E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48BAC3B6-293E-4069-8F1C-C6D0EEDAC050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7071023B-6A06-4BF9-A09E-7780D0E7492E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63728811-B095-4D78-837F-48090556FA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA50B1AE-62BD-47A9-B5E5-B23FF8BC66A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6C1383-D6BF-4974-BCB2-1508B676F1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0264710-9DED-4CF7-9853-4216CEE4FF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A038C7D8-B875-4657-A178-3741240835B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1526A5-9A7D-4EC7-870E-5E14736E5401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "652CE8EA-395C-4CF9-894F-D65FA8BD9C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86D7BFCD-A90A-4FAA-84E6-82D4DA2F668F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD1EF4C-A164-47FB-9CC3-1FA8C2053C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C23F763-5691-42F1-97E7-6EF90E5C627D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E85939C-2F7D-4651-8A14-D223A099EBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "78C38576-EC47-434D-8C1B-0E9188EA7A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9B80DE17-8604-4F20-BA02-012A636D7D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B7DC02-697C-4130-ABBA-75BE2716D491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D50E566B-D9C0-402B-B83D-69DE2247EF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16B2B61-2D71-46C9-B38E-32403E39A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8825D1E-2694-4BF4-A58F-C625C0D0B453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A2B8DE-4516-4F91-A56E-E621F76C3F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6F8600-1F08-460E-B021-77F8D3209FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "793D2B07-3B1D-4E47-9086-A5D5DEB9B1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D37AE0A4-21BA-47FD-BD83-3A5E9B93969B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDA7AC1-54D1-4F24-A131-221AD172AF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDAE991-4697-4981-ACF0-1A6B512A5B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB2AD0D-44BE-4F38-9290-CA4DD7FC373A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E77F4DE7-F986-44F4-A9C8-AE72D6D9A353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C5203A-0BA9-4091-BE77-0297A16502BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AF0510-4807-4554-A6CE-AB3D2018CED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_randomimage:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "229CC6E7-4B2A-4C28-A820-68DDCC23D727",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en the Random Images (maag_randomimage) extension v1.6.4 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos de shell a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-3819",
"lastModified": "2024-11-21T01:08:15.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-28T10:30:00.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37095"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-13 18:15
Modified
2024-11-21 07:12
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73AB57E5-5B42-40F9-A818-06C46D6B4471",
"versionEndIncluding": "7.6.57",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8D96AD-07F4-4563-BA55-98E2C1024E82",
"versionEndIncluding": "8.7.47",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E63445-2CD1-4E0F-80B2-73977B14E319",
"versionEndIncluding": "9.5.36",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B428B4CD-4699-4E84-9002-29442DCE5250",
"versionEndIncluding": "10.4.31",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE54B85D-5F45-4346-A2E0-8204831AA225",
"versionEndIncluding": "11.5.15",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP y publicado bajo la licencia GNU GPL. Se ha detectado que el \"FileDumpController\" (contexto de backend y frontend) es vulnerable a un ataque de tipo cross-site scripting cuando son mostrados archivos maliciosos usando este componente. Es necesaria una cuenta de usuario de backend v\u00e1lida para explotar esta vulnerabilidad. Actualice a TYPO3 versiones 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 o 11.5.16 que corrigen el problema. No se presentan mitigaciones conocidas para este problema"
}
],
"id": "CVE-2022-36107",
"lastModified": "2024-11-21T07:12:24.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T18:15:15.227",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 10:55
Modified
2024-11-21 01:21
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| peter_proell | tweetbutton | * | |
| peter_proell | tweetbutton | 1.0.0 | |
| peter_proell | tweetbutton | 1.0.2 | |
| peter_proell | tweetbutton | 1.0.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:peter_proell:tweetbutton:*:*:*:*:*:*:*:*",
"matchCriteriaId": "993DDE43-A1A5-468A-85E7-65D76BB15FAB",
"versionEndIncluding": "1.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:peter_proell:tweetbutton:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B24728A-A7F8-4ABF-A176-B2B7526968DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:peter_proell:tweetbutton:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1270123-CC33-4FBA-8DEA-2C2262660D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:peter_proell:tweetbutton:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD8C425-0BCF-4143-BB0C-FAFAF4447B7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"official twitter tweet button for your page\" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en la extensi\u00f3n \"official twitter tweet button for your page\" (tweetbutton) anteriores a v1.0.5 para TYPO3, permite a atacantes remotos ejecutar secuencias de comandos web y HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-4886",
"lastModified": "2024-11-21T01:21:59.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-07T10:55:09.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41268"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/tweetbutton/1.0.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/tweetbutton/1.0.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42941"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-13 23:15
Modified
2024-11-21 04:56
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "452C1937-33D2-40DA-829C-3FA2C6D677F9",
"versionEndExcluding": "9.5.17",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30B68697-3A51-4817-8E9B-768470259B3F",
"versionEndExcluding": "10.4.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ha sido detectado que los atributos placeholder de HTML que contienen datos de otros registros de bases de datos son vulnerables a un ataque de tipo cross-site scripting. Es requerida una cuenta de usuario del back-end v\u00e1lida para explotar esta vulnerabilidad. Esto ha sido corregido en las versiones 9.5.17 y 10.4.2."
}
],
"id": "CVE-2020-11064",
"lastModified": "2024-11-21T04:56:42.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-13T23:15:11.140",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-22 13:26
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n OpenID Identity Authentication para TYPO3 v4.3.0 permite a atacantes remotos saltarse la autenticaci\u00f3n y ganar acceso a una cuenta de usuario de la consola de administraci\u00f3n a trav\u00e9s de vectores de ataque desconocidos en el caso que ambos, atacante y v\u00edctima tengan una proveedor OpenID que deseche las identidades durante la autenticaci\u00f3n."
}
],
"id": "CVE-2010-0286",
"lastModified": "2024-11-21T01:11:54.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-22T13:26:35.313",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/61680"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38206"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0127"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55609"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-23 21:15
Modified
2024-11-21 05:19
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2020-010 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2020-010 | Exploit, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9EAD1C-96B0-41F2-904A-F60CB5F17BB7",
"versionEndExcluding": "6.2.54",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB0745A-1A3E-46EE-A92B-594742518665",
"versionEndExcluding": "7.6.48",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "908CCCBA-1376-404F-9105-E9750B632E59",
"versionEndExcluding": "8.7.38",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37480937-67F4-432B-97F2-77DEFF11E3ED",
"versionEndExcluding": "9.5.23",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56B032F6-C72B-4963-8C0D-13BFDD5F385A",
"versionEndExcluding": "10.4.10",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenido web de c\u00f3digo abierto basado en PHP.\u0026#xa0;En TYPO3 anterior a versiones 9.5.23 y 10.4.10, la extensi\u00f3n del sistema Fluid (typo3/cms-fluid) del core de TYPO3 es vulnerable a cross-site scripting que pasa datos controlados por el usuario como argumento para los asistentes de vistas de Fluid.\u0026#xa0;Actualice a TYPO3 versiones 9.5.23 o 10.4.10 que corrigen el problema descrito"
}
],
"id": "CVE-2020-26227",
"lastModified": "2024-11-21T05:19:35.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T21:15:12.047",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-010"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | kiddog_mysqldumper | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:kiddog_mysqldumper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00258C35-0762-4C28-A03B-0CA2CCE5CF6C",
"versionEndIncluding": "0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n de TYPO3 \"kiddog_mysqldumper\" v0.0.3 y anteriores permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2010-0336",
"lastModified": "2024-11-21T01:12:00.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 23:15
Modified
2024-11-21 09:00
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27B5B1C-F807-411B-BCA1-112C85BDC3E5",
"versionEndExcluding": "8.7.57",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F52D81-C2B7-4AFE-A99E-7E40E0751082",
"versionEndExcluding": "9.5.46",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF72A1A-60DD-4588-8E90-B5D6D84854A9",
"versionEndExcluding": "10.4.43",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE0085D-3BA8-4076-BAB0-04BBB118A78D",
"versionEndExcluding": "11.5.35",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D518ED7-F1C8-4836-B3D8-4D228A48F314",
"versionEndExcluding": "12.4.11",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E20E3F5E-8C2B-4AC1-A3E3-B428710A5480",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS[\u0027SYS\u0027][\u0027encryptionKey\u0027]` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenido web basado en PHP de c\u00f3digo abierto publicado bajo GNU GPL. El valor de texto plano de `$GLOBALS[\u0027SYS\u0027][\u0027encryptionKey\u0027]` se mostr\u00f3 en los formularios de edici\u00f3n de la interfaz de usuario de la herramienta de instalaci\u00f3n TYPO3. Esto permiti\u00f3 a los atacantes utilizar el valor para generar hashes criptogr\u00e1ficos utilizados para verificar la autenticidad de los par\u00e1metros de solicitud HTTP. Para explotar esta vulnerabilidad se requiere una cuenta de usuario backend de nivel de administrador con permisos de fabricante del sistema. Se recomienda a los usuarios actualizar a las versiones 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 de TYPO3 que solucionan el problema descrito. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-25119",
"lastModified": "2024-11-21T09:00:17.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T23:15:08.640",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-004"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-09 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dev-team_typoheads | webkitpdf | * | |
| dev-team_typoheads | webkitpdf | 1.0.2 | |
| dev-team_typoheads | webkitpdf | 1.1.0 | |
| dev-team_typoheads | webkitpdf | 1.1.1 | |
| dev-team_typoheads | webkitpdf | 1.1.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA1AF39-CD17-4AA0-807E-82285EF8323F",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F88B7BF3-08ED-4607-9F92-0F39972BACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2A68CE-FAC5-4B31-96B2-36C3B9FA83FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80F4F789-C815-4C5C-A05A-89485C5FEB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dev-team_typoheads:webkitpdf:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C69EEF51-A6F7-49D2-908E-6CA09BF84704",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Webkit PDFs (webkitpdf) antes de v1.1.4 for TYPO3, permite a atacantes remotos ejecuctar comandos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos"
}
],
"id": "CVE-2010-4961",
"lastModified": "2024-11-21T01:22:10.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-09T10:55:45.003",
"references": [
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42381"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/webkitpdf/1.1.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61059"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 20:15
Modified
2024-11-21 08:29
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25218828-9AFC-458B-A14F-7FE95B422B5D",
"versionEndExcluding": "12.4.8",
"versionStartIncluding": "12.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - \u201cclassic\u201d non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenido web basado en PHP de c\u00f3digo abierto publicado bajo GNU GPL. En las versiones afectadas, la pantalla de inicio de sesi\u00f3n de la herramienta de instalaci\u00f3n independiente revela la ruta completa del directorio de datos transitorios (por ejemplo, /var/www/html/var/transient/). Esto se aplica \u00fanicamente a escenarios basados en compositores: las instalaciones \u201ccl\u00e1sicas\u201d que no son de compositores no se ven afectadas. Este problema se solucion\u00f3 en la versi\u00f3n 12.4.8. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-47126",
"lastModified": "2024-11-21T08:29:49.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T20:15:08.037",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-005"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-17 17:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FDAE77-4587-4092-A88F-8CB50BA7BDEE",
"versionEndExcluding": "8.7.30",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "747F57A7-EB7A-49C6-AF18-DDD45AC57138",
"versionEndExcluding": "9.5.12",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC015DE3-2712-4CBD-A5DE-2DD4F6BA774F",
"versionEndExcluding": "10.2.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en TYPO3 versiones anteriores a la versi\u00f3n 8.7.30, versiones 9.x anteriores a la versi\u00f3n 9.5.12 y versiones 10.x anteriores a la versi\u00f3n 10.2.2. Debido a que el escape del contenido enviado por el usuario es manejado inapropiadamente, la clase QueryGenerator es vulnerable a una inyecci\u00f3n SQL. Su explotaci\u00f3n requiere tener la extensi\u00f3n del sistema ext:lowlevel instalada, y un usuario del backend v\u00e1lido que tenga privilegios de administrador."
}
],
"id": "CVE-2019-19850",
"lastModified": "2024-11-21T04:35:31.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T17:15:18.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-27 21:55
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.4.0 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 | |
| typo3 | typo3 | 4.4.5 | |
| typo3 | typo3 | 4.4.6 | |
| typo3 | typo3 | 4.4.7 | |
| typo3 | typo3 | 4.4.8 | |
| typo3 | typo3 | 4.4.9 | |
| typo3 | typo3 | 4.4.10 | |
| typo3 | typo3 | 4.4.11 | |
| typo3 | typo3 | 4.4.12 | |
| typo3 | typo3 | 4.4.13 | |
| typo3 | typo3 | 4.4.14 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60F86FA-B7D3-4BE5-82F2-05F2A5F5663D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "436C3A0C-CC01-483D-A188-6406CEE13796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB1BFC-B45C-4A2A-8F9B-1E593BCD4EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "027BCB88-BBFF-46DA-A59A-35412EBF3008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4947CFBF-BA7A-460E-B716-D3EA85E19290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA8B097-5588-4F05-A882-1167EEB71178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "98CB88EB-DED5-4875-A986-CB57C2092270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E906CAAC-2337-4C4C-A2CB-B1B430575A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C43E7D85-9570-40E0-83C3-5BB4B59340D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "098B2DC5-EC2A-4955-9CD0-FD26750971E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0B505B1B-A555-459A-964F-59E3B093D420",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el controlador de excepciones en TYPO3 v4.4.x anterior a v4.4.15, v4.5.15 anterior a v4.5.x, v4.6.x anterior a v4.6.8, y v4.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de mensajes de excepci\u00f3n."
}
],
"id": "CVE-2012-2112",
"lastModified": "2024-11-21T01:38:31.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-27T21:55:01.460",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2455"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/17/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/18/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53047"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/17/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simon_rundell | pd_calendar_today | * | |
| simon_rundell | pd_calendar_today | 0.0.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simon_rundell:pd_calendar_today:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83DE9175-ABF0-4047-8FAF-4CA6A19B33FE",
"versionEndIncluding": "0.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simon_rundell:pd_calendar_today:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD45561-D458-46CC-B3C6-E37F04967BE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la extensi\u00f3n \u0027Calendario de la Diocesis de Portsmouth\u0027 (pd_calendar) v0.4.1 y anteriores para TYPO3 permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4336",
"lastModified": "2024-11-21T01:09:23.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-17T17:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fr.simon_rundell | pd_resources | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:pd_resources:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F81638F8-A73C-4CBD-9606-3CB167C52E22",
"versionEndIncluding": "0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Diocese of Portsmouth Resources Database (pd_resources) v0.1.1 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4397",
"lastModified": "2024-11-21T01:09:32.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-22T23:30:00.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 14:43
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3-macher | t3m_affiliate | 0.5.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3-macher:t3m_affiliate:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D141A5B-C720-48DA-BD62-7E36C2F10AE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n t3m_affiliate 0.5.0 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4970",
"lastModified": "2024-11-21T01:10:53.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-28T14:43:41.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36138"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| francisco_cifuentes | vote_for_tt_news | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:francisco_cifuentes:vote_for_tt_news:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4758AE63-3AC1-421D-A78B-783A7AB71218",
"versionEndIncluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados(XSS) en la extensi\u00f3n de TYPO3 de rango de voto para noticias (vote_for_tt_news) v1.0.1 y anteriores para TYPO3 permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0335",
"lastModified": "2024-11-21T01:12:00.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-15T19:30:00.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | vd_gemomap | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:vd_gemomap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1522B-7570-4ACD-B596-F8B6C1A5590B",
"versionEndIncluding": "0.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n para TYPO3 \"VD/Geomap\" (vd_geomap) v0.3.1 y anteriores permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0347",
"lastModified": "2024-11-21T01:12:02.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-15T19:30:01.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-01 18:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3660 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3660 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a 4.1.14, versiones 4.2.x anteriores a 4.2.13, versiones 4.3.x anteriores a 4.3.4 y versiones 4.4.x anteriores a 4.4.1, permite un ataque de tipo XSS en el back-end."
}
],
"id": "CVE-2010-3660",
"lastModified": "2024-11-21T01:19:19.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-01T18:15:11.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3660"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-09 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nadine_schwingler | ke_questionnaire | * | |
| nadine_schwingler | ke_questionnaire | 1.2.1 | |
| nadine_schwingler | ke_questionnaire | 2.0.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nadine_schwingler:ke_questionnaire:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FF62C2-0AB9-4F7E-959D-9972DE40385A",
"versionEndIncluding": "2.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nadine_schwingler:ke_questionnaire:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793011-FBEB-45C3-9ABF-9698248CE5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nadine_schwingler:ke_questionnaire:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99999B28-5692-4BBE-AEE5-590C4B2DD7DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) la extensi\u00f3n Questionnaire (ke_questionnaire) anteriores a v2.2.3 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-4956",
"lastModified": "2024-11-21T01:22:09.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-09T10:55:44.287",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/67030"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40950"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42369"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/67030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61043"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-01 23:55
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usertask_center_messaging_project | usertask_center_messaging | * | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usertask_center_messaging_project:usertask_center_messaging:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C661E7-89EA-4F19-BB4F-C320326CA2CD",
"versionEndIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en UserTask Center, la extensi\u00f3n Messaging (sys_messages) v1.1.0 y anterior para TYPO3 permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4749",
"lastModified": "2024-11-21T01:56:18.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-01T23:55:01.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81584"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-03 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors."
},
{
"lang": "es",
"value": "La funcionalidad de cacheo de consulta en el componente Extbase Framework en TYPO3 6.2.0 anterior a 6.2.3 no valida debidamente permisos de grupo, lo que permite a usuarios remotos autenticados leer consultas arbitrarias a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3946",
"lastModified": "2024-11-21T02:09:11.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-03T14:55:11.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-29 17:15
Modified
2024-11-21 05:04
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "533733E0-9B24-41B2-A9A3-BF03785B6A85",
"versionEndExcluding": "9.5.20",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22121C59-1C9F-4079-AD4F-965F872BAC58",
"versionEndExcluding": "10.4.6",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones posteriores o igual a 9.0.0 y anteriores a 9.5.20, y versiones posteriores o igual a 10.0.0 y anteriores a 10.4.6, se ha detectado que puede ser usado un mecanismo de verificaci\u00f3n interna para generar sumas de comprobaci\u00f3n arbitrarias. Esto permite inyectar datos arbitrarios que tienen un c\u00f3digo de autenticaci\u00f3n de mensaje criptogr\u00e1fico v\u00e1lido (HMAC-SHA1) y puede conllevar a varias cadenas de ataque, incluyendo una escalada potencial de privilegios, una deserializaci\u00f3n no segura y una ejecuci\u00f3n de c\u00f3digo remota. La gravedad general de esta vulnerabilidad es alta seg\u00fan las cadenas de ataque mencionadas y el requisito de tener una sesi\u00f3n de usuario del backend v\u00e1lida (autenticada). Esto ha sido parcheado en las versiones 9.5.20 y 10.4.6"
}
],
"id": "CVE-2020-15098",
"lastModified": "2024-11-21T05:04:48.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-29T17:15:13.387",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-325"
},
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-13 10:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| walnutstreet | cgswigmore | * | |
| walnutstreet | cgswigmore | 0.1.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:walnutstreet:cgswigmore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "489D5FB7-9BC8-4DCF-AD1F-19955AF075CD",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:walnutstreet:cgswigmore:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E8F04D-2391-427A-A5F2-BC8B9EB708A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de SQL en la extensi\u00f3n Swigmore institute (cgswigmore) para TYPO3 antes de la versi\u00f3n 0.1.2 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6457",
"lastModified": "2024-11-21T00:56:35.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-13T10:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48273"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31258"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45256"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:11
Severity ?
Summary
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56D40FD2-4D38-4A27-8F62-DA7C538A3FBA",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F114F8E-08DE-4C8A-A0F7-567A7A822E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9677B8-7E32-4020-845B-FD31B327491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC6F692-1F1E-4FB4-9EFA-57F0D0938256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9820C6-B4E6-4632-A6D4-D7EA093B1800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AEDCA4-5AC0-4970-99B4-9BE02C880AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "303CC902-BBDA-417C-90C5-6CC316ED2E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CDAD5-EE32-47C9-9A94-5FDA002C58BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2065E944-5F55-4ABF-A20E-F5D4CEED0F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6C13C053-62AD-4866-AA6E-B6E3862734FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F84BCD42-ACAC-47B7-BC11-162BDF37E5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAB0DA1-D646-41F9-9E49-EFB3E3D6753A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2A32130E-4799-41D3-8323-8B3B4B8B5453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC13061-9822-4399-A4A1-EBEED9742EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96CEE2A8-AC38-4581-B56C-399781D73A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0415B2-89B6-4D75-AD24-DD6152110D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C905E945-4195-448E-B2B6-8C7F9C3FABCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5897048-EE9A-4DB1-9802-27018E665A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFC2BB8-B4ED-4DC0-A391-7ACB2DD94E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "56CF73D1-AA5E-4A6C-95B8-3AD4FD7EC7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7FEED-4451-43DA-9811-E7F6AA589F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4670C29-5B52-4172-8AED-0AD01229778A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "384FD986-C33D-4A87-A0ED-8EE51AD5BEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6CF5F4-67D7-4495-B610-13959A10B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D7E4A4-5887-40B8-860E-91F102A24D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7055F350-0EE7-4DE7-8FB6-26A0F2D80224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414A1EC-ED36-4113-87EE-496D0CE6C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC9389-53A8-43D8-9D03-9DBBEA26065C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2597C92A-BE72-4246-B2E7-F7B316E6BECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D0154-08BF-42AB-B97C-C0485BD34E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE66F2-621A-4F9A-8D99-C5F96D2BC528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F32EE91-CF3B-495C-9AEB-CF5F7A49E55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D79D18B0-E52B-4A80-BA0D-664BE32A667B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83192D4F-A044-456E-968C-78FD3F8782B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "027479DC-5EA0-4BAE-8F45-DB8CD2E7DBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "29168B6A-3D80-4DC7-A69E-E069B1627A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "490C3558-53F7-401D-94D4-ABC5A2DCB18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6783329E-53C6-4FAC-A76A-CDB15C30EE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3D85EF2D-D597-4BF8-8D42-65DF495F5B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ED148E81-A7BF-4E80-9BA7-1A95D4192521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCFF6F8-1913-4095-BB33-F371EA162CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5C372F-D442-44EA-9B74-A724261F7347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8B22DF-AC72-4A1D-BAC8-41AA612EEEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6293BE50-CEC2-4564-B323-5518CB5F26A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "46449EDA-9CD5-4FFC-ACC3-AE23D4CC3758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C94B49F-3249-4FF7-8D71-EFB59EB0B69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CE2E63-4B3B-4F37-983E-084058BB012D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA972B4-3307-4A9C-9E9A-F4DCA04B3320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE015AC-7FF4-445A-9112-576ECA6131A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA35D7C-6EAA-4E57-B229-771FBAE2616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBAD78D-2EEA-4E84-A31D-A8DB9A4ED6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "129FBFD3-5DF3-4C03-8416-89C9295F7245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5696F1A2-1A78-43F0-B52A-13C4B1A9989F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6F4864-877C-4FBA-99F8-CA138E089B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFE7AC9-06A3-4BCC-96F4-F978DE2A12AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95ADBE-FB92-427A-9C12-6F4DB32AB7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0661B887-07D1-4C97-A810-747D34F1854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8D2162-DEBA-400A-9BF4-CE2D5C8E59AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BD48C215-3464-49B3-AB9B-FAC18A0D6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "90DAF9E4-959D-44C6-85A4-0F9124FDEC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A773CA49-4B9D-44AC-92A6-107514320987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4A774AE5-7A2E-460A-A8E4-FC3AEEFD1F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7D81F3-C67F-4326-BB7F-414D6ADDAFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C87E0-772E-4840-BC53-C7AF9D7B8DC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the \"SQL selection field\" and \"typoscript.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 powermail v1.5.1 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados relacionados con \"typoscript\" y el campo \"de selecci\u00f3n SQL\"."
}
],
"id": "CVE-2010-0329",
"lastModified": "2024-11-21T01:11:59.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38167"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mads_brunn | t3quixplorer | * | |
| mads_brunn | t3quixplorer | 1.0.0 | |
| mads_brunn | t3quixplorer | 1.0.1 | |
| mads_brunn | t3quixplorer | 1.0.2 | |
| mads_brunn | t3quixplorer | 1.2.0 | |
| mads_brunn | t3quixplorer | 1.3.0 | |
| mads_brunn | t3quixplorer | 1.4.0 | |
| mads_brunn | t3quixplorer | 1.5.0 | |
| mads_brunn | t3quixplorer | 1.6.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A39EDD2-DA0D-4208-A969-44E76D7F1494",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BE727C14-8517-4996-8D34-FAF238CB3429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A9826B-068A-4923-B3C7-02EA3C732038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C03C88C-5D51-4720-90C8-EDFF288702AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B77C9D-C67F-4D46-928F-50811DEF43F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0BD9C3-199A-4C23-B9E2-FC30C8461B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D26478C-CF65-43D7-81F9-A2EB14F94689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B9A49E-17E4-4118-8AB4-B42259123E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A423F65-9148-4393-BB29-0BCB72557C83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Typo3 Quixplorer (t3quixplorer) anteriores a v1.7.1 para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1021",
"lastModified": "2024-11-21T01:13:26.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-19T19:00:00.937",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/63036"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38993"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-13 18:15
Modified
2024-11-21 07:12
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B428B4CD-4699-4E84-9002-29442DCE5250",
"versionEndIncluding": "10.4.31",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE54B85D-5F45-4346-A2E0-8204831AA225",
"versionEndIncluding": "11.5.15",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP y publicado bajo la licencia GNU GPL. Se ha detectado que el ayudante de visualizaci\u00f3n \"f:asset.css\" es vulnerable a un ataque de tipo cross-site scripting cuando la entrada del usuario es pasada como variables al CSS. Actualice a TYPO3 versiones 10.4.32 o 11.5.16 que corrigen el problema. No se presentan mitigaciones conocidas para este problema"
}
],
"id": "CVE-2022-36108",
"lastModified": "2024-11-21T07:12:24.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T18:15:15.313",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-21 00:03
Modified
2024-11-21 00:06
Severity ?
Summary
TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3885B69F-B9C0-488F-8775-E8E801418E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA565238-52C8-4850-8FDA-C38C057BF6F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails."
}
],
"id": "CVE-2006-0327",
"lastModified": "2024-11-21T00:06:12.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-21T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.typo3.org/view.php?id=2248"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18546"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/361"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.irmplc.com/advisory015.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22665"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22666"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22667"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/422360/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/422390/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0269"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.typo3.org/view.php?id=2248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.irmplc.com/advisory015.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/422360/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/422390/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24244"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 23:55
Modified
2024-11-21 02:00
Severity ?
Summary
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a \"missing signature.\""
},
{
"lang": "es",
"value": "El componente Content Editing Wizards para TYPO3 v4.5.0 hasta v4.5.31, v4.7.0 hasta v4.7.16, v6.0.0 hasta v6.0.11, y v6.1.0 hasta v6.1.6 permite a usuarios del backend autenticados desserializar objetos PHP, eliminar cualquier fichero, y posiblemente tener otros impactos no especificados a trav\u00e9s de un par\u00e1metro sin especificar, relacionado con una \"falta de firma\"."
}
],
"id": "CVE-2013-7075",
"lastModified": "2024-11-21T02:00:17.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T23:55:04.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-16 17:30
Modified
2024-11-21 00:55
Severity ?
Summary
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | wec_discussion_forum | * | |
| typo3 | wec_discussion_forum | 1.6 | |
| typo3 | wec_discussion_forum | 1.6.0 | |
| typo3 | wec_discussion_forum | 1.6.1 | |
| typo3 | wec_discussion_forum | 1.6.2 | |
| typo3 | wec_discussion_forum | 1.6.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F97572-8AEB-4305-8E8C-20BD06DF194A",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A7F726-590B-4712-9D54-734C1947C83F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B49C4FCF-8B78-40A2-A602-B02B295CB9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30AA59A8-CC5F-445F-8BEC-E2BD9876DB42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "745ACFB9-3386-4BE4-8CB5-4EABC90C3E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "270CBE3E-B87C-4047-B850-8A7F91514222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en WEC Discussion Forum (wec_discussion) extensi\u00f3n 1.7.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6145",
"lastModified": "2024-11-21T00:55:47.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-16T17:30:04.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33254"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3502"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-07 14:17
Modified
2024-11-21 00:57
Severity ?
Summary
Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | wt_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:wt_gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3810266B-2D74-4BFA-A791-319980116B8E",
"versionEndIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la extensi\u00f3n wt_gallery v2.5.0 y anteriores para TYPO3 permite a atacantes remotos leer ficheros de imagen de forma arbitraria y determinar la estructura del directorio a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2008-6630",
"lastModified": "2024-11-21T00:57:02.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-07T14:17:17.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45050"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30217"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080513-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29182"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080513-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42364"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | nd_antispam | 1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:nd_antispam:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3328555E-F633-488E-AB5A-A2C2B4FCFCFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no espec\u00edfica en nepa-design.de Spam Protection (nd_antispam) extensi\u00f3n v1.0.3 para TYPO3 permite a atacantes remotos modificar la configuraci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6690",
"lastModified": "2024-11-21T00:57:12.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46387"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29833"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tw_productfinder | tw_productfinder | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tw_productfinder:tw_productfinder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B85DF3A-B623-46EB-B3B5-728F8D725DE1",
"versionEndIncluding": "0.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n TW Productfinder (tw_productfinder)v0.0.2 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4163",
"lastModified": "2024-11-21T01:09:03.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-02T17:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 00:11
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:m1_intern:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1522E932-799C-4D78-A941-58EA640EAF91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n M1 Intern (m1_intern) v1.0.0 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4660",
"lastModified": "2024-11-21T00:52:13.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T00:11:51.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31845"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45999"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fr.simon_rundell | ste_parish_admin | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:ste_parish_admin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "548CA2FA-2B02-4800-9CE3-CDC8B063281E",
"versionEndIncluding": "0.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la administraci\u00f3n de la extensi\u00f3n v0.1.3 y anteriores de la base de datos de Parish (ste_parish_admin) para TYPO3 permite a atacantes remotos ejecutar comandos arbitrarios SQL a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4401",
"lastModified": "2024-11-21T01:09:33.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-22T23:30:00.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chris_wederka | tgm_newsletter | 0.0.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chris_wederka:tgm_newsletter:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C7ABA3-3282-4BF3-86A0-1023C8BA2CB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n TGM-Newsletter (tgm_newsletter) v0.0.2 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1024",
"lastModified": "2024-11-21T01:13:27.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:01.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38805"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56978"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:terminal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68B97E61-1429-4F44-AE2E-0AFEA79E478A",
"versionEndIncluding": "0.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la extensi\u00f3n Terminal PHP Shell (terminal) v0.3.2 y anteriores para TYPO3, permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-1083",
"lastModified": "2024-11-21T01:36:22.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:03.460",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78797"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51849"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| laurent_foulloy | sav_filter_months | * | |
| laurent_foulloy | sav_filter_months | 1.0.0 | |
| laurent_foulloy | sav_filter_months | 1.0.1 | |
| laurent_foulloy | sav_filter_months | 1.0.2 | |
| laurent_foulloy | sav_filter_months | 1.0.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_months:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B01635-F652-4B9E-B210-1DC4B7DF4839",
"versionEndIncluding": "1.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_months:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E4732E-50DC-447F-B02D-3FC75CF27D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_months:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE78B7F-C6D5-44A0-B714-97040DAB0B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_months:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA31A92-19C4-4381-BD7F-6B93726823D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_months:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACEEFE4-CB8D-4E88-8F84-050DE075E5CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n SAV Filter Months (sav_filter_months) anteriores a v1.0.5 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1017",
"lastModified": "2024-11-21T01:13:26.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://osvdb.org/63035"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38994"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_months/1.0.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://osvdb.org/63035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_months/1.0.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38806"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-03 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC1BD2-CB44-4C0F-8B87-6272AEEBDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D7129E4A-834D-4405-853B-89F1BD7965E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7ACA06-C0C1-4EEA-A629-C453C97660A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C444E62-897D-4C7A-AEC6-C5728166A11A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFFF68DC-AFBB-4055-83AF-BAFE9C68FBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F0FB1F-45D1-49A8-8882-393B16E6AA34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B6650206-8DD5-4D05-BBD2-15A12842117B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9712BC-E1C2-46AF-8111-DE5523DFF3DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en componentes de motor (backend) no especificados en TYPO3 4.5.0 anterior a 4.5.34, 4.7.0 anterior a 4.7.19, 6.0.0 anterior a 6.0.14, 6.1.0 anterior a 6.1.9 y 6.2.0 anterior a 6.2.3 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros desconocidos."
}
],
"id": "CVE-2014-3943",
"lastModified": "2024-11-21T02:09:11.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-03T14:55:11.067",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:11
Severity ?
Summary
SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| julian_fries | jf_easymaps | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:julian_fries:jf_easymaps:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBAD7D40-E2B5-4EFB-B34C-D2C76B6C131C",
"versionEndIncluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el en la extensi\u00f3n de TYPO3 \"Googlemaps para tt_news\" (jf_easymaps) v1.0.2 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0330",
"lastModified": "2024-11-21T01:11:59.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.740",
"references": [
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/jf_easymaps/1.0.3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/jf_easymaps/1.0.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-17 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| benjamin_mack | seo_basics | * | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:benjamin_mack:seo_basics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB3735C-7073-41B9-90E4-45D4C038E6BF",
"versionEndIncluding": "0.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la extensi\u00f3n \"Basic SEO Features\" (seo_basics) antes de v0.8.2 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2012-5888",
"lastModified": "2024-11-21T01:45:26.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-17T21:55:01.877",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forge.typo3.org/issues/35532"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52772"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forge.typo3.org/issues/35532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74483"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-09 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joachim_ruhs | festat | * | |
| joachim_ruhs | festat | 0.1.6 | |
| joachim_ruhs | festat | 0.1.8 | |
| joachim_ruhs | festat | 0.1.9 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joachim_ruhs:festat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "068BDD43-AAE2-4B59-88D2-7104B6F426CB",
"versionEndIncluding": "0.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:festat:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7032EF-1C39-41CC-A4BC-30E8405770C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:festat:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4706A3-CEAE-4248-8F5D-B09ED681FCC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:festat:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "900D573A-E3BC-48B0-8192-77DA928A475F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n FE user statistic (festat) anterior a v0.2.4 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro .$"
}
],
"id": "CVE-2010-4952",
"lastModified": "2024-11-21T01:22:09.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-09T10:55:37.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/festat/0.2.4/"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42366"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/festat/0.2.4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61056"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-01 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.5.19 | |
| typo3 | typo3 | 4.5.20 | |
| typo3 | typo3 | 4.6 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.6.8 | |
| typo3 | typo3 | 4.6.9 | |
| typo3 | typo3 | 4.6.10 | |
| typo3 | typo3 | 4.6.11 | |
| typo3 | typo3 | 4.6.12 | |
| typo3 | typo3 | 4.6.13 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 | |
| typo3 | typo3 | 4.7.4 | |
| typo3 | typo3 | 4.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en el \u00e1rbol \"render API\" (TCA-Tree) en el \"Backend API\" en TYPO3 v4.5.x anterior a v4.5.21, v4.6.x anterior a v4.6.14, y v4.7.x anterior a v4.7.6 permite a usuarios remotos autenticados inyectar secuencias de comandos Web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-6147",
"lastModified": "2024-11-21T01:45:55.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-01T21:55:01.703",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/87113"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79967"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| matthias_kall | mk_wastebasket | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matthias_kall:mk_wastebasket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50059781-69B2-4F0E-BBB6-35758BECB154",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n MK Wastebasket (mk_wastebasket) v2.1.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1010",
"lastModified": "2024-11-21T01:13:25.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38792"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fr.simon_rundell | hs_religiousartgallery | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:hs_religiousartgallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA7353C-53EC-4D8B-949B-E2A158694086",
"versionEndIncluding": "0.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n de Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery)v0.1.2 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4398",
"lastModified": "2024-11-21T01:09:33.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-22T23:30:00.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| an_searchit | an_searchit | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:an_searchit:an_searchit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDDAB88-F331-4B53-AE7C-6FF493C3F63F",
"versionEndIncluding": "2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n [AN] Search it! (an_searchit) v2.4.1 y anteriores para permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria."
}
],
"id": "CVE-2009-4161",
"lastModified": "2024-11-21T01:09:03.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-02T17:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37165"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2 | |
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.2.15 | |
| typo3 | typo3 | 4.3 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.3.7 | |
| typo3 | typo3 | 4.3.8 | |
| typo3 | typo3 | 4.4 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Install Tool en TYPO3 v4.2.x anteriores a v4.2.16, v4.3.x anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-5100",
"lastModified": "2024-11-21T01:22:30.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-21T20:55:16.663",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/70120"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64181"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-20 14:55
Modified
2024-11-21 01:55
Severity ?
Summary
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL."
},
{
"lang": "es",
"value": "File Abstraction Layer (FAL) en TYPO3 6.0.x anterior a 6.0.9 y 6.1.x anterior a 6.1.4 no comprueba debidamente permisos, lo que permite a usuarios remotos autenticados crear o leer archivos arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2013-4320",
"lastModified": "2024-11-21T01:55:20.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-20T14:55:04.207",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| die-netzmacher | browser | * | |
| die-netzmacher | browser | 4.5.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:die-netzmacher:browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE02665-A0FE-49F0-B130-75BC03AD2DF3",
"versionEndIncluding": "4.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:die-netzmacher:browser:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7737BCFC-EC2D-4E09-85FF-4575E499FD36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Browser - TYPO3 sin PHP (browser) anterior a v4.5.5 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos."
}
],
"id": "CVE-2013-5306",
"lastModified": "2024-11-21T01:57:16.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-16T17:55:09.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95963"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/browser"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61656"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/browser"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86228"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-13 18:15
Modified
2024-11-21 07:12
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13B1EBA5-8D98-4595-93CB-03A0C3611DA1",
"versionEndIncluding": "11.5.15",
"versionStartIncluding": "11.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP y publicado bajo la licencia GNU GPL. En versiones afectadas, la petici\u00f3n de recursos no v\u00e1lidos o inexistentes por medio de HTTP desencadena el manejador de errores de la p\u00e1gina que, de nuevo, podr\u00eda recuperar el contenido para mostrarlo como un mensaje de error desde otra p\u00e1gina. Esto conlleva a un escenario en el que la aplicaci\u00f3n es llamado a si mismo de forma recursiva, amplificando el impacto del ataque inicial hasta que son superados los l\u00edmites del servidor web. Es recomendado a usuarios actualizar a TYPO3 versi\u00f3n 11.5.16 para resolver este problema. No se presentan mitigaciones conocidas para este problema"
}
],
"id": "CVE-2022-36104",
"lastModified": "2024-11-21T07:12:23.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T18:15:14.703",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-006"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| robert_gonda | rtg_files | * | |
| robert_gonda | rtg_files | 1.4.7 | |
| robert_gonda | rtg_files | 1.4.9 | |
| robert_gonda | rtg_files | 1.4.10 | |
| robert_gonda | rtg_files | 1.5.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE420BD-6A3F-4DAF-8517-55E047D1B473",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E80D7337-0050-4187-9547-21080ED2B8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "83C7A4D0-1141-49F9-B553-E8A0ABE4F2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C34508E-B4AF-4749-8537-6F7EC4E570BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA338520-498A-4FD2-BFE2-FBFA13388F02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos SQL en la extensi\u00f3n Documents download (rtg_files) antes de v1.5.2 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1075",
"lastModified": "2024-11-21T01:36:21.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T17:55:02.947",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78788"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/47842"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51838"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72961"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-03 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B48FE6C-1788-45DF-BDAE-A952E5DA5B48",
"versionEndIncluding": "6.1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B2BF49-82CC-4B8E-BEB1-C40BA1551B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "71C92B1F-20A4-4354-A85D-F9B96DA09970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "488DBB57-B208-4E2F-93DA-D457CD33D573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F271C6-B5A7-4B06-A3DF-4C7F74090CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6B3184-8868-4604-9E01-3EFBF6608EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9B4051-2361-4EC3-8132-D3F4065AC7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35185832-BE02-4699-8722-F4825D2DDC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C214DEC6-891B-4779-B771-988A81C887B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "33D3B4C9-0845-4105-8F81-F5890B104556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "096ADAEC-A159-466C-BCD1-B12CFF5CF084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8074D252-259A-4D13-8CBF-A43EAB9DFA96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "26FB8879-0291-46B0-9C23-A7AC20700159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA1F149-3D43-4AA1-BC4A-00EF3C895993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9C937A92-045D-4767-8EB2-E8BBB466FA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "216C3E04-C772-4DF8-A0E0-11CFDC4E1DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60F86FA-B7D3-4BE5-82F2-05F2A5F5663D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "436C3A0C-CC01-483D-A188-6406CEE13796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB1BFC-B45C-4A2A-8F9B-1E593BCD4EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "027BCB88-BBFF-46DA-A59A-35412EBF3008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4947CFBF-BA7A-460E-B716-D3EA85E19290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA8B097-5588-4F05-A882-1167EEB71178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "98CB88EB-DED5-4875-A986-CB57C2092270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E906CAAC-2337-4C4C-A2CB-B1B430575A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C43E7D85-9570-40E0-83C3-5BB4B59340D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "098B2DC5-EC2A-4955-9CD0-FD26750971E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0B505B1B-A555-459A-964F-59E3B093D420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B83F54FE-B72E-4415-B29B-3D398E583AED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC1BD2-CB44-4C0F-8B87-6272AEEBDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D7129E4A-834D-4405-853B-89F1BD7965E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E80654F2-42D2-4E47-B069-126327B83C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "495B1280-1C65-45FE-B5C5-ED1BD7AF429F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6CE19A-3985-45AC-9DF5-64572AA9ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA8422F-5A4B-4696-AF31-F1128FCF482F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA625B3-16A2-436F-A63D-0B5200BAA955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "13FE26EF-79DC-4907-A593-414679AAE9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B6650206-8DD5-4D05-BBD2-15A12842117B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9712BC-E1C2-46AF-8111-DE5523DFF3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "17025DCC-2685-4EC4-BD0B-34F768181A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7ACA06-C0C1-4EEA-A629-C453C97660A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C444E62-897D-4C7A-AEC6-C5728166A11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF13769-3F5A-4766-A8DA-8B939CB1AB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFFF68DC-AFBB-4055-83AF-BAFE9C68FBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F0FB1F-45D1-49A8-8882-393B16E6AA34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash."
},
{
"lang": "es",
"value": "El componente de autenticaci\u00f3n en TYPO3 anterior a 6.2, cuando la creaci\u00f3n de salts para el hash de contrase\u00f1as est\u00e1 deshabilitado, no requiere conocimiento de la contrase\u00f1a en texto claro si se conoce el hash de la contrase\u00f1a, lo que permite a atacantes remotos evadir autenticaci\u00f3n y ganar acceso al motor mediante el aprovechamiento de conocimiento de un hash de contrase\u00f1a."
}
],
"id": "CVE-2014-3945",
"lastModified": "2024-11-21T02:09:11.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-03T14:55:11.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-15 02:46
Modified
2024-11-21 00:40
Severity ?
Summary
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | typo3 | 3.0 | |
| typo3 | typo3 | 3.7.0 | |
| typo3 | typo3 | 3.7.1 | |
| typo3 | typo3 | 3.8 | |
| typo3 | typo3 | 3.8.1 | |
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "395C04FB-3390-4E97-B2F1-BEF9C42F15E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B002D-18FD-4C6A-97C0-AA9C83ABD382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3885B69F-B9C0-488F-8775-E8E801418E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3390E31-A149-4D83-94D2-63AF63D02A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA565238-52C8-4850-8FDA-C38C057BF6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F271C6-B5A7-4B06-A3DF-4C7F74090CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n del sistema indexed_search, en TYPO3 3.x, 4.0 hasta 4.0.7, y 4.1 hasta 4.1.3. Permite que usuarios autenticados remotamente ejecuten, a su elecci\u00f3n, comandos SQL usando vectores sin especificar."
}
],
"id": "CVE-2007-6381",
"lastModified": "2024-11-21T00:40:00.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-15T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39506"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27969"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28243"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019146"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1439"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26871"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4205"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39017"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-20 15:15
Modified
2024-11-21 06:07
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0288B5-8CC1-4389-AE76-003797D6797E",
"versionEndIncluding": "9.5.287",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC70DEB-32D3-4BD7-B688-8ADDC3BD0A0A",
"versionEndIncluding": "10.4.17",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E02E5F61-C393-4ECD-AC4C-D15276DE72E9",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web\u003eView_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. Unas versiones 9.0.0 hasta 9.5.28, versiones 10.0.0 hasta 10.4.17, y versiones 11.0.0 hasta 11.3.0, presentan una vulnerabilidad de tipo cross-site scripting. Cuando los ajustes de la funci\u00f3n _Page TSconfig_ no son codificados apropiadamente, el m\u00f3dulo vista previa de la p\u00e1gina correspondiente (_Web)View_) es vulnerable a un ataque de tipo cross-site scripting persistente. Es necesaria una cuenta de usuario backend v\u00e1lida para explotar esta vulnerabilidad. TYPO3 versiones 9.5.29, 10.4.18, 11.3.1, contienen un parche para este problema"
}
],
"id": "CVE-2021-32667",
"lastModified": "2024-11-21T06:07:29.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-20T15:15:09.913",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-009"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mischa_heissmann | no_indexed_search | 0.2.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mischa_heissmann:no_indexed_search:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "708F8B43-10DB-45D0-80C4-3CD632139CF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n \"Busqueda no indexada\" (no_indexed_search) v0.2.0 para TYPO3 a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-4341",
"lastModified": "2024-11-21T01:09:24.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-17T17:30:00.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54783"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-20 19:30
Modified
2024-11-21 01:13
Severity ?
Summary
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo PHP en el autoloader en TYPO3 v4.3.x anterior a 4.3.3, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en el campo input asociado con la variables className."
}
],
"id": "CVE-2010-1153",
"lastModified": "2024-11-21T01:13:45.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-20T19:30:00.397",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127092306209177\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/04/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127092306209177\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/04/12/1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jonas_renggli | vshoutbox | 0.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jonas_renggli:vshoutbox:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAE4126-B680-4544-8D58-8E31CEFFC49B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3nde comandos en sitios cruzados en la extensi\u00f3n vShoutbox v0.0.1 de TYPO3 permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4345",
"lastModified": "2024-11-21T01:09:24.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-17T17:30:00.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54787"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-30 23:30
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mm_forum:mmforum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBD5B7D-4BA7-43DC-87E4-C9A1B8C1FC29",
"versionEndIncluding": "1.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00c3\u00b3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n mm_forum v1.8.2 y anteriores para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-1218",
"lastModified": "2024-11-21T01:13:54.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-30T23:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mm_forum/1.8.3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38825"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mm_forum/1.8.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57037"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joachim_ruhs | locator | * | |
| joachim_ruhs | locator | 1.0.6 | |
| joachim_ruhs | locator | 1.0.7 | |
| joachim_ruhs | locator | 1.1.0 | |
| joachim_ruhs | locator | 1.1.8 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE93D41-08B6-4444-9CE9-0B05C83BA038",
"versionEndIncluding": "1.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5ECFDF7-213D-4944-A0E6-8272652ADA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "913B844F-8AFC-4391-B79B-E196586B310C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A0290-0EEE-4813-93CA-BC60FC3C43D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "60134DFF-645C-4B84-8BD9-298BDEFF7319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Store Locator, en versiones anteriores a la 1.2.8 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4948",
"lastModified": "2024-11-21T01:10:50.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-22T18:30:02.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34573"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-29 17:00
Modified
2024-11-21 01:19
Severity ?
Summary
Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonstrated using the (1) Email and (2) URL fields.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36CA7CCA-3C43-4672-8F93-31D3150B0022",
"versionEndIncluding": "1.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F114F8E-08DE-4C8A-A0F7-567A7A822E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9677B8-7E32-4020-845B-FD31B327491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC6F692-1F1E-4FB4-9EFA-57F0D0938256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9820C6-B4E6-4632-A6D4-D7EA093B1800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AEDCA4-5AC0-4970-99B4-9BE02C880AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "303CC902-BBDA-417C-90C5-6CC316ED2E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CDAD5-EE32-47C9-9A94-5FDA002C58BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2065E944-5F55-4ABF-A20E-F5D4CEED0F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6C13C053-62AD-4866-AA6E-B6E3862734FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F84BCD42-ACAC-47B7-BC11-162BDF37E5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAB0DA1-D646-41F9-9E49-EFB3E3D6753A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2A32130E-4799-41D3-8323-8B3B4B8B5453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC13061-9822-4399-A4A1-EBEED9742EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96CEE2A8-AC38-4581-B56C-399781D73A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0415B2-89B6-4D75-AD24-DD6152110D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C905E945-4195-448E-B2B6-8C7F9C3FABCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5897048-EE9A-4DB1-9802-27018E665A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFC2BB8-B4ED-4DC0-A391-7ACB2DD94E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "56CF73D1-AA5E-4A6C-95B8-3AD4FD7EC7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7FEED-4451-43DA-9811-E7F6AA589F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4670C29-5B52-4172-8AED-0AD01229778A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "384FD986-C33D-4A87-A0ED-8EE51AD5BEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6CF5F4-67D7-4495-B610-13959A10B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D7E4A4-5887-40B8-860E-91F102A24D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7055F350-0EE7-4DE7-8FB6-26A0F2D80224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414A1EC-ED36-4113-87EE-496D0CE6C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC9389-53A8-43D8-9D03-9DBBEA26065C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2597C92A-BE72-4246-B2E7-F7B316E6BECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D0154-08BF-42AB-B97C-C0485BD34E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE66F2-621A-4F9A-8D99-C5F96D2BC528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F32EE91-CF3B-495C-9AEB-CF5F7A49E55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D79D18B0-E52B-4A80-BA0D-664BE32A667B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83192D4F-A044-456E-968C-78FD3F8782B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "027479DC-5EA0-4BAE-8F45-DB8CD2E7DBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "29168B6A-3D80-4DC7-A69E-E069B1627A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "490C3558-53F7-401D-94D4-ABC5A2DCB18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6783329E-53C6-4FAC-A76A-CDB15C30EE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3D85EF2D-D597-4BF8-8D42-65DF495F5B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ED148E81-A7BF-4E80-9BA7-1A95D4192521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCFF6F8-1913-4095-BB33-F371EA162CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5C372F-D442-44EA-9B74-A724261F7347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8B22DF-AC72-4A1D-BAC8-41AA612EEEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6293BE50-CEC2-4564-B323-5518CB5F26A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "46449EDA-9CD5-4FFC-ACC3-AE23D4CC3758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C94B49F-3249-4FF7-8D71-EFB59EB0B69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CE2E63-4B3B-4F37-983E-084058BB012D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA972B4-3307-4A9C-9E9A-F4DCA04B3320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE015AC-7FF4-445A-9112-576ECA6131A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA35D7C-6EAA-4E57-B229-771FBAE2616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBAD78D-2EEA-4E84-A31D-A8DB9A4ED6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "129FBFD3-5DF3-4C03-8416-89C9295F7245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5696F1A2-1A78-43F0-B52A-13C4B1A9989F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6F4864-877C-4FBA-99F8-CA138E089B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFE7AC9-06A3-4BCC-96F4-F978DE2A12AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95ADBE-FB92-427A-9C12-6F4DB32AB7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0661B887-07D1-4C97-A810-747D34F1854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8D2162-DEBA-400A-9BF4-CE2D5C8E59AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BD48C215-3464-49B3-AB9B-FAC18A0D6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "90DAF9E4-959D-44C6-85A4-0F9124FDEC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A773CA49-4B9D-44AC-92A6-107514320987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4A774AE5-7A2E-460A-A8E4-FC3AEEFD1F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7D81F3-C67F-4326-BB7F-414D6ADDAFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C87E0-772E-4840-BC53-C7AF9D7B8DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECCDE1E-F3B4-4CD5-8C47-C29BC6C19686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA8312C-C13F-46E1-B63A-C19DF654AAD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by \"[injecting] arbitrary values into validated fields,\" as demonstrated using the (1) Email and (2) URL fields."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n powermail v1.5.3 y anteriores para TYPO3 permite a atacantes remotos evitar la validaci\u00f3n y tener un impacto no especificado mediante \"[inyecci\u00f3n] valores arbitrarios en los campos de validaci\u00f3n\", como se ha demostrado mediante la utilizaci\u00f3n de los campos (1) Email y (2) URL."
}
],
"id": "CVE-2010-3687",
"lastModified": "2024-11-21T01:19:23.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-29T17:00:05.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41530"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-01 23:55
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kurt_gusbeth | myquizpoll | * | |
| kurt_gusbeth | myquizpoll | 0.1.1 | |
| kurt_gusbeth | myquizpoll | 0.1.2 | |
| kurt_gusbeth | myquizpoll | 0.1.3 | |
| kurt_gusbeth | myquizpoll | 0.1.4 | |
| kurt_gusbeth | myquizpoll | 0.1.5 | |
| kurt_gusbeth | myquizpoll | 0.1.6 | |
| kurt_gusbeth | myquizpoll | 0.1.7 | |
| kurt_gusbeth | myquizpoll | 0.2.0 | |
| kurt_gusbeth | myquizpoll | 0.2.1 | |
| kurt_gusbeth | myquizpoll | 0.2.2 | |
| kurt_gusbeth | myquizpoll | 0.3.0 | |
| kurt_gusbeth | myquizpoll | 0.4.0 | |
| kurt_gusbeth | myquizpoll | 1.0.0 | |
| kurt_gusbeth | myquizpoll | 1.0.1 | |
| kurt_gusbeth | myquizpoll | 1.1.0 | |
| kurt_gusbeth | myquizpoll | 1.2.0 | |
| kurt_gusbeth | myquizpoll | 1.3.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B1D067-D389-489E-B21E-FAC04F9AD38F",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C806DFE-28CA-4F1E-ACF9-C99F4798641E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAD8BA8-3780-4593-B05A-681F48B1C061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21191D1D-BA85-4A02-A13E-4E5D287C7D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13A22248-5D40-45B5-8942-53ED1B4CD178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EFB638-678D-47BF-B85F-771DD22F41F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7393DF1B-A4F1-4FAA-B177-AB6A294A3E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "056C6441-72EC-47C8-84AC-92426F07CE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0454AE0A-8282-4BC5-96FB-299FA17237FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CF9AD2-61A3-4D5E-B599-A1DBCEF8AABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E598C81-B3D6-436E-9396-2DE9E0369862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A170A44-F000-4ACE-BAF5-68C393757F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03BE6F2F-D451-49DC-BED5-32C7E0C76476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB403D1B-AA59-47FE-9E33-C5C2673E1882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44677CFB-BF60-45CC-95ED-A20AD9A69D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "416326F5-7310-45D8-9FD4-4A09941D6579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22949A73-EA05-444F-840E-229A9EF8FC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FCF487-6825-4936-9507-7D6352BDD69F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en la extensi\u00f3n My quiz and poll (myquizpoll) anterior a v2.0.6 para TYPO3 permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4746",
"lastModified": "2024-11-21T01:56:17.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-01T23:55:01.080",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90409"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/myquizpoll"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-27 17:30
Modified
2024-11-21 00:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | tu-clausthal_odin | 0.0.1 | |
| typo3 | tu-clausthal_odin | 0.1.0 | |
| typo3 | tu-clausthal_odin | 0.1.1 | |
| typo3 | tu-clausthal_odin | 0.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:tu-clausthal_odin:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD70215D-9DD3-4E0D-B011-9C1F5533CAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:tu-clausthal_odin:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "786E58DA-13B8-41C8-9A52-A7033499314D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:tu-clausthal_odin:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1552D0-BE89-4D9D-A53E-F973EFA0934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:tu-clausthal_odin:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9322D1-4B47-41BB-8560-D89086873BEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n TU-Clausthal ODIN (tuc_odin) v0.0.1, v0.1.0, v0.1.1 y v0.2.0 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6343",
"lastModified": "2024-11-21T00:56:17.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-27T17:30:09.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_glossar | simple_glossar | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_glossar:simple_glossar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62D660C7-3DE7-4934-AD66-784FC9BA411E",
"versionEndIncluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n simple Glossar (simple_glossar) v1.0.3 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores inespec\u00edficos."
}
],
"id": "CVE-2009-4164",
"lastModified": "2024-11-21T01:09:04.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-02T17:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2024-11-21 01:07
Severity ?
Summary
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.0.8 | |
| typo3 | typo3 | 4.0.9 | |
| typo3 | typo3 | 4.0.10 | |
| typo3 | typo3 | 4.0.11 | |
| typo3 | typo3 | 4.0.12 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.1.7 | |
| typo3 | typo3 | 4.1.8 | |
| typo3 | typo3 | 4.1.9 | |
| typo3 | typo3 | 4.1.10 | |
| typo3 | typo3 | 4.1.11 | |
| typo3 | typo3 | 4.1.12 | |
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.3 | |
| typo3 | typo3 | 4.3 | |
| typo3 | typo3 | 4.3 | |
| typo3 | typo3 | 4.10 | |
| typo3 | typo3 | 4.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8684CAE0-A8FB-493D-BC2B-25FF092EE93E",
"versionEndIncluding": "4.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "71C92B1F-20A4-4354-A85D-F9B96DA09970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "FAF2DAA1-356C-4C77-B673-6F5F5817352E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E28432FD-6A1B-479F-866E-7F6F762C2207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "231CD899-2DC5-42CD-A4F9-4D00C2C11159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DAFC7A20-5CC0-4B64-93C6-609D44FE3874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "720AF20D-C44C-48B2-9627-BA49A330F89D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD4EC2E-A886-4FF3-9A20-54BFBA35C10E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funcionalidad de edici\u00f3n del \"frontend\" (portal de usuario) tradicional del subcomponente \"Frontend Editing\" (edici\u00f3n del portal de usuario) de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s par\u00e1metros sin especificar."
}
],
"id": "CVE-2009-3632",
"lastModified": "2024-11-21T01:07:51.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-02T15:30:00.687",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53924"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:33
Severity ?
Summary
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a 4.4.9 y versiones 4.5.x anteriores a 4.5.4, no aplica el control de acceso apropiado en las llamadas ExtDirect, lo que permite a atacantes remotos recuperar los servicios del endpoint ExtDirect."
}
],
"id": "CVE-2011-4904",
"lastModified": "2024-11-21T01:33:16.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:11.410",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4904"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-04 20:55
Modified
2024-11-21 01:37
Severity ?
Summary
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.4 | |
| typo3 | typo3 | 4.4.0 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 | |
| typo3 | typo3 | 4.4.5 | |
| typo3 | typo3 | 4.4.6 | |
| typo3 | typo3 | 4.4.7 | |
| typo3 | typo3 | 4.4.8 | |
| typo3 | typo3 | 4.4.9 | |
| typo3 | typo3 | 4.4.10 | |
| typo3 | typo3 | 4.4.11 | |
| typo3 | typo3 | 4.4.12 | |
| typo3 | typo3 | 4.4.13 | |
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.6 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60F86FA-B7D3-4BE5-82F2-05F2A5F5663D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "436C3A0C-CC01-483D-A188-6406CEE13796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB1BFC-B45C-4A2A-8F9B-1E593BCD4EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "027BCB88-BBFF-46DA-A59A-35412EBF3008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4947CFBF-BA7A-460E-B716-D3EA85E19290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA8B097-5588-4F05-A882-1167EEB71178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "98CB88EB-DED5-4875-A986-CB57C2092270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E906CAAC-2337-4C4C-A2CB-B1B430575A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C43E7D85-9570-40E0-83C3-5BB4B59340D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "098B2DC5-EC2A-4955-9CD0-FD26750971E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request."
},
{
"lang": "es",
"value": "La secuencia de comandos Command Line Interface (CLI) en TYPO3 v4.4.0 hasta v4.4.13, v4.5.0 hasta v4.5.13, v4.6.0 hasta v4.6.6, v4.7, v6.0, permite a atacantes remotos obtener el nombre de una base de datos a trav\u00e9s de una petici\u00f3n directa"
}
],
"id": "CVE-2012-1607",
"lastModified": "2024-11-21T01:37:17.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-04T20:55:01.297",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/80761"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48622"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48647"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52771"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-20 15:55
Modified
2024-11-21 01:50
Severity ?
Summary
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "495B1280-1C65-45FE-B5C5-ED1BD7AF429F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6CE19A-3985-45AC-9DF5-64572AA9ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA8422F-5A4B-4696-AF31-F1128FCF482F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to \"the Query Object Model and relation values.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Extbase Framework en TYPO3 v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados, en relaci\u00f3n con \"el Query Object Model y los valores de relaci\u00f3n\"."
}
],
"id": "CVE-2013-1842",
"lastModified": "2024-11-21T01:50:29.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-20T15:55:00.980",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/90925"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52433"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52638"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58330"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kennziffer | ke_search | * | |
| kennziffer | ke_search | 0.1.1 | |
| kennziffer | ke_search | 0.2.0 | |
| kennziffer | ke_search | 0.3.0 | |
| kennziffer | ke_search | 1.0.0 | |
| kennziffer | ke_search | 1.0.1 | |
| kennziffer | ke_search | 1.0.2 | |
| kennziffer | ke_search | 1.1.0 | |
| kennziffer | ke_search | 1.1.1 | |
| kennziffer | ke_search | 1.2.0 | |
| kennziffer | ke_search | 1.3.0 | |
| kennziffer | ke_search | 1.3.1 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B334BF24-60EA-4B95-B381-B1FDABE12E88",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF86EB1C-5AD7-4ADE-809C-8330348F4465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECDE035E-197D-4AC4-9C47-6059645B3F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1D9441-2001-43BC-909B-0EDF9F5B16CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8FADE8-583B-41A4-A1E7-EC992F74B654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF38F59A-ED87-40A3-A19D-F7276A98B51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50F17295-DDDE-4AC2-A265-5B9C5385B5F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "233A45E7-4C45-4CCB-AC9B-81A749D2576C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8595BB-229A-45FB-8FFD-D141FBC3F35F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4AFF51-000C-450B-8910-B420E6392BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "788E19BA-263A-4BFA-8BA2-13B210271D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4EB7CC-8EC0-4D3D-B171-3691DE183F4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en la extensi\u00f3n Faceted Search (ke_search) anterior a v1.4.1 para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos"
}
],
"id": "CVE-2013-5307",
"lastModified": "2024-11-21T01:57:16.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-16T17:55:09.643",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95960"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54306"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ke_search"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61609"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ke_search"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86236"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andreas_kiefer | ke_yac | * | |
| andreas_kiefer | ke_yac | 1.0.3 | |
| andreas_kiefer | ke_yac | 1.0.4 | |
| andreas_kiefer | ke_yac | 1.0.5 | |
| andreas_kiefer | ke_yac | 1.1.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECAD2A0-A63A-44E3-91AB-262737E3855D",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1DF901-5BFB-4BEF-8D2A-2361BCF211FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52164132-FAC4-44D5-855C-B6A30E31274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "205467F9-DCB2-4E69-B810-693361BDB658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7AF367-3318-4D09-AA67-A1525182894D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Yet Another Calendar (ke_yac) antes de v1.1.2 para TYPO3, permite a atacantes remotos ejecutar secuencias de comandos SQL a trav\u00e9s de vectores no especificados"
}
],
"id": "CVE-2010-4891",
"lastModified": "2024-11-21T01:22:00.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-07T10:55:09.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42945"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 21:15
Modified
2024-11-21 07:03
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "A15251A1-BC05-4C05-AED2-0E2CF75BB054",
"versionEndExcluding": "7.6.57",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "CD542E1B-F3BA-4816-B97D-D877EFADA02D",
"versionEndExcluding": "8.7.47",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "83732441-A020-4401-A274-067B95354BB6",
"versionEndExcluding": "9.5.35",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "272C6A8B-94DB-4A74-BB3A-24CD0486DFA7",
"versionEndExcluding": "10.4.29",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772D645D-5158-416C-BF2C-74E5E43EF1DC",
"versionEndExcluding": "11.5.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto. En versiones anteriores a 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29 y 11.5.11, las credenciales o claves internas del sistema (por ejemplo, las credenciales de la base de datos) pod\u00edan registrarse como texto plano en los manejadores de excepciones, cuando es registrado el seguimiento completo de la pila de excepciones. TYPO3 versiones 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contienen una correcci\u00f3n del problema"
}
],
"id": "CVE-2022-31047",
"lastModified": "2024-11-21T07:03:46.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T21:15:16.050",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-13 23:15
Modified
2024-11-21 04:56
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40512131-A9DB-406C-BF8D-0E341F70C2F9",
"versionEndExcluding": "9.5.17",
"versionStartIncluding": "9.5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B192088D-250F-4ADA-8312-6B4D8A3ED3D0",
"versionEndExcluding": "10.4.2",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ha sido detectado que las etiquetas de enlace generadas por la funcionalidad typolink son vulnerables a un ataque de tipo cross-site scripting; las propiedades que han sido asignadas como atributos HTML no han sido analizadas correctamente. Esto ha sido corregido en las versiones 9.5.17 y 10.4.2."
}
],
"id": "CVE-2020-11065",
"lastModified": "2024-11-21T04:56:42.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-13T23:15:11.233",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37551 | Vendor Advisory | |
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37551 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mauro_lorenzutti | wfqbe | 1.3.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mauro_lorenzutti:wfqbe:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F724CC77-AB61-41D7-B524-C775AC5B1BE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n DB Integration (wfqbe) extensi\u00f3n v1.3.1 y anteriores para TYPO3 permite a usuarios locales ejecutar comandos a su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4162",
"lastModified": "2024-11-21T01:09:03.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-02T17:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37551"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | typo3 | * | |
| typo3 | typo3 | * | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22CA92CF-92AF-4EFE-A391-0EAFB2F0FD4C",
"versionEndExcluding": "4.5.19",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "023FE42D-3819-4759-8EAF-C94DEAA6BC0B",
"versionEndExcluding": "4.6.12",
"versionStartIncluding": "4.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED1BE21-919F-4F2C-A405-1493E905DB25",
"versionEndExcluding": "4.7.4",
"versionStartIncluding": "4.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a \"missing signature (HMAC).\""
},
{
"lang": "es",
"value": "view_help.php en el sistema de ayuda backend de TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4 permite a usuarios remotos autenticados tomar una variable de objetos arbitrarios y posiblemente ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un par\u00e1metro no especifico, en relaci\u00f3n con una \"missing signature (HMAC).\""
}
],
"id": "CVE-2012-3527",
"lastModified": "2024-11-21T01:41:03.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T23:55:01.880",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/84773"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/50287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/84773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/50287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-22 23:30
Modified
2024-11-21 00:59
Severity ?
Summary
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.0.8 | |
| typo3 | typo3 | 4.0.9 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.1.7 | |
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n del sistema de la Indexed Search Engine (indexed_search) en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a 4.1.7 y v4.2.0 a v4.2.3 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n mediante vectores desconocidos relacionados con la la l\u00ednea de comandos indexer."
}
],
"id": "CVE-2009-0258",
"lastModified": "2024-11-21T00:59:27.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-22T23:30:04.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33617"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33679"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/01/23/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/01/23/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48138"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-09 15:15
Modified
2024-11-21 04:23
Severity ?
Summary
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0971BEDC-79F2-4E41-A6DE-A11498282A9B",
"versionEndIncluding": "8.7.26",
"versionStartIncluding": "8.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9172C36-5F3A-4180-9C8B-C60B882F4499",
"versionEndIncluding": "9.5.7",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS."
},
{
"lang": "es",
"value": "TYPO3 versiones 8.3.0 hasta 8.7.26 y versiones 9.0.0 hasta 9.5.7, permite un problema de tipo XSS."
}
],
"id": "CVE-2019-12748",
"lastModified": "2024-11-21T04:23:29.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-09T15:15:10.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | skt_eurocalc | 0.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:skt_eurocalc:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6F7AC5-83EE-4327-BA61-DC973A73B7D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n Euro Calculator (skt_eurocalc) v0.0.1 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1080",
"lastModified": "2024-11-21T01:36:22.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:03.353",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78794"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51848"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| laurent_foulloy | sav_filter_abc | * | |
| laurent_foulloy | sav_filter_abc | 1.0.0 | |
| laurent_foulloy | sav_filter_abc | 1.0.1 | |
| laurent_foulloy | sav_filter_abc | 1.0.2 | |
| laurent_foulloy | sav_filter_abc | 1.0.3 | |
| laurent_foulloy | sav_filter_abc | 1.0.4 | |
| laurent_foulloy | sav_filter_abc | 1.0.5 | |
| laurent_foulloy | sav_filter_abc | 1.0.6 | |
| laurent_foulloy | sav_filter_abc | 1.0.7 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_abc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07051DA4-F6BA-4D8C-88C0-A0CFB38A241A",
"versionEndIncluding": "1.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_abc:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39AC96F0-DB8B-4B92-A066-8AD1DB4B55CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_abc:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50F7232B-DF20-46B1-878E-3397E676F2F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_abc:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A071324-3CA9-41C3-866B-C88898A73EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_abc:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "623DA404-19C8-4460-BD1C-3F407F22337B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_abc:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75B1B226-3DEE-4FAE-BB18-78AD80EE5444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_abc:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "765488BD-178D-4FE8-A530-CF402A00AACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_abc:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC82D23-DFD3-4A4D-A67E-6B3765F90639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_abc:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B94AD3FB-36DA-47EE-A979-626F5DA3F8D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n SAV Filter Alphabetic (sav_filter_abc) anterior a v1.0.9 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1015",
"lastModified": "2024-11-21T01:13:26.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://osvdb.org/63033"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38995"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_abc/1.0.9/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://osvdb.org/63033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_abc/1.0.9/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38801"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| helmut_hummel | typo3_webservice | * | |
| helmut_hummel | typo3_webservice | 0.3.3 | |
| helmut_hummel | typo3_webservice | 0.3.4 | |
| helmut_hummel | typo3_webservice | 0.3.5 | |
| helmut_hummel | typo3_webservice | 0.3.6 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmut_hummel:typo3_webservice:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09B91D-6637-4A92-9B18-C596EF9B1E22",
"versionEndIncluding": "0.3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmut_hummel:typo3_webservice:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1E55339C-029B-4539-AE4A-AF5C73CA24C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmut_hummel:typo3_webservice:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B7B070-562B-443C-BB17-B1784680FD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmut_hummel:typo3_webservice:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C41678C6-1A01-4D24-B86D-FA1BA33A9417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmut_hummel:typo3_webservice:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9119-091B-4364-A2C7-13FDD1A2B965",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n Webservices for TYPO3 (typo3_webservice) v0.3.8 para TYPO3, permite a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-1079",
"lastModified": "2024-11-21T01:36:22.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T17:55:03.163",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78792"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51843"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72965"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fr.simon_rundell | pd_diocesedatabase | * | |
| fr.simon_rundell | pd_diocesedatabase | 0.7.5 | |
| fr.simon_rundell | pd_diocesedatabase | 0.7.6 | |
| fr.simon_rundell | pd_diocesedatabase | 0.7.8 | |
| fr.simon_rundell | pd_diocesedatabase | 0.7.9 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:pd_diocesedatabase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42DC6FE2-603B-46C0-A8ED-02208DC2A2FD",
"versionEndIncluding": "0.7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fr.simon_rundell:pd_diocesedatabase:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE6A211-E6F1-45A9-932C-5A8178CC8EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fr.simon_rundell:pd_diocesedatabase:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "680D9998-8649-4034-9F6A-F999A92C518C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fr.simon_rundell:pd_diocesedatabase:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4929DA-1DE6-4405-A806-08D32234E013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fr.simon_rundell:pd_diocesedatabase:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9742BBA9-60BA-425B-9834-78ED11D5C057",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Diocese of Portsmouth Database (pd_diocesedatabase) anteriores a v0.7.13 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1013",
"lastModified": "2024-11-21T01:13:25.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://osvdb.org/63034"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38996"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://osvdb.org/63034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38812"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2024-11-21 01:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el subcomponente \"Frontend Login Box\" (tambi\u00e9n conocido como felogin) de TYPO3 v4.2.0 hasta la v4.2.6 permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de par\u00e1metros sin especificar."
}
],
"id": "CVE-2009-3634",
"lastModified": "2024-11-21T01:07:51.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-02T15:30:00.750",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53926"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-17 17:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D7489C-BBC7-4908-83E5-2EF1564AE355",
"versionEndExcluding": "8.7.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "747F57A7-EB7A-49C6-AF18-DDD45AC57138",
"versionEndExcluding": "9.5.12",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC015DE3-2712-4CBD-A5DE-2DD4F6BA774F",
"versionEndExcluding": "10.2.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en TYPO3 versiones anteriores a la versi\u00f3n 8.7.30, versiones 9.x anteriores a la versi\u00f3n 9.5.12 y versiones 10.x anteriores a la versi\u00f3n 10.2.2. Se ha descubierto que las clases QueryGenerator y QueryView son vulnerables a la deserializaci\u00f3n no segura. Un escenario explotable requiere tener instalada la extensi\u00f3n del sistema ext:lowlevel (m\u00f3dulo de backend: comprobaci\u00f3n de base de datos), con un usuario de backend v\u00e1lido que tenga privilegios de administrador. El otro escenario explotable requiere tener instalada la extensi\u00f3n del sistema ext:sys_action, con un usuario de backend v\u00e1lido que tenga privilegios limitados"
}
],
"id": "CVE-2019-19849",
"lastModified": "2024-11-21T04:35:31.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T17:15:17.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dominic_eckart | trainincdb | 0.4.7 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dominic_eckart:trainincdb:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "98AA4628-E256-42C5-B927-1ED1EF17772A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la extensi\u00f3n de TYPO3 \u0027base de datos de empresa de formaci\u00f3n\u0027 (trainincdb) v0.4.7 permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4343",
"lastModified": "2024-11-21T01:09:24.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-17T17:30:00.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54786"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-27 17:30
Modified
2024-11-21 00:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | sb_universal_plugin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:sb_universal_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A42B3ED-815F-4FDF-933A-D4E1AF6D53AF",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n SB Universal Plugin (SBuniplug) v2.0.1 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2008-6341",
"lastModified": "2024-11-21T00:56:17.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-27T17:30:09.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-11 12:02
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that \"there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core."
},
{
"lang": "es",
"value": "** DISPUTADA ** Vulnerabilidad de inyecci\u00f3n SQL en index.php en TYPO3 4.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro showUid. NOTA: El equipo de seguridad de TYPO3 disputa este informe, diciendo que \u0027no existe tal vulnerabilidad... El par\u00e1metro showUid se utiliza generalmente en extensiones de terceros de TYPO3 y no en TYPO3 Core.\u0027"
}
],
"id": "CVE-2009-4855",
"lastModified": "2024-11-21T01:10:37.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-11T12:02:08.940",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9380"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35975"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52308"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-24 21:00
Modified
2024-11-21 01:19
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EC67D0-8B43-4664-88F6-DD4309560D61",
"versionEndIncluding": "1.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F114F8E-08DE-4C8A-A0F7-567A7A822E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9677B8-7E32-4020-845B-FD31B327491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC6F692-1F1E-4FB4-9EFA-57F0D0938256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9820C6-B4E6-4632-A6D4-D7EA093B1800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AEDCA4-5AC0-4970-99B4-9BE02C880AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "303CC902-BBDA-417C-90C5-6CC316ED2E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CDAD5-EE32-47C9-9A94-5FDA002C58BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2065E944-5F55-4ABF-A20E-F5D4CEED0F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6C13C053-62AD-4866-AA6E-B6E3862734FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F84BCD42-ACAC-47B7-BC11-162BDF37E5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAB0DA1-D646-41F9-9E49-EFB3E3D6753A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2A32130E-4799-41D3-8323-8B3B4B8B5453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC13061-9822-4399-A4A1-EBEED9742EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96CEE2A8-AC38-4581-B56C-399781D73A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0415B2-89B6-4D75-AD24-DD6152110D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C905E945-4195-448E-B2B6-8C7F9C3FABCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5897048-EE9A-4DB1-9802-27018E665A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFC2BB8-B4ED-4DC0-A391-7ACB2DD94E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "56CF73D1-AA5E-4A6C-95B8-3AD4FD7EC7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7FEED-4451-43DA-9811-E7F6AA589F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4670C29-5B52-4172-8AED-0AD01229778A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "384FD986-C33D-4A87-A0ED-8EE51AD5BEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6CF5F4-67D7-4495-B610-13959A10B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D7E4A4-5887-40B8-860E-91F102A24D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7055F350-0EE7-4DE7-8FB6-26A0F2D80224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414A1EC-ED36-4113-87EE-496D0CE6C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC9389-53A8-43D8-9D03-9DBBEA26065C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2597C92A-BE72-4246-B2E7-F7B316E6BECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D0154-08BF-42AB-B97C-C0485BD34E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE66F2-621A-4F9A-8D99-C5F96D2BC528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F32EE91-CF3B-495C-9AEB-CF5F7A49E55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D79D18B0-E52B-4A80-BA0D-664BE32A667B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83192D4F-A044-456E-968C-78FD3F8782B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "027479DC-5EA0-4BAE-8F45-DB8CD2E7DBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "29168B6A-3D80-4DC7-A69E-E069B1627A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "490C3558-53F7-401D-94D4-ABC5A2DCB18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6783329E-53C6-4FAC-A76A-CDB15C30EE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3D85EF2D-D597-4BF8-8D42-65DF495F5B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ED148E81-A7BF-4E80-9BA7-1A95D4192521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCFF6F8-1913-4095-BB33-F371EA162CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5C372F-D442-44EA-9B74-A724261F7347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8B22DF-AC72-4A1D-BAC8-41AA612EEEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6293BE50-CEC2-4564-B323-5518CB5F26A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "46449EDA-9CD5-4FFC-ACC3-AE23D4CC3758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C94B49F-3249-4FF7-8D71-EFB59EB0B69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CE2E63-4B3B-4F37-983E-084058BB012D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA972B4-3307-4A9C-9E9A-F4DCA04B3320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE015AC-7FF4-445A-9112-576ECA6131A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA35D7C-6EAA-4E57-B229-771FBAE2616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBAD78D-2EEA-4E84-A31D-A8DB9A4ED6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "129FBFD3-5DF3-4C03-8416-89C9295F7245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5696F1A2-1A78-43F0-B52A-13C4B1A9989F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6F4864-877C-4FBA-99F8-CA138E089B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFE7AC9-06A3-4BCC-96F4-F978DE2A12AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95ADBE-FB92-427A-9C12-6F4DB32AB7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0661B887-07D1-4C97-A810-747D34F1854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8D2162-DEBA-400A-9BF4-CE2D5C8E59AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BD48C215-3464-49B3-AB9B-FAC18A0D6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "90DAF9E4-959D-44C6-85A4-0F9124FDEC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A773CA49-4B9D-44AC-92A6-107514320987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4A774AE5-7A2E-460A-A8E4-FC3AEEFD1F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7D81F3-C67F-4326-BB7F-414D6ADDAFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C87E0-772E-4840-BC53-C7AF9D7B8DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECCDE1E-F3B4-4CD5-8C47-C29BC6C19686",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n powermail v1.5.3 y versiones anteriores para TYPO3 permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de vectores de ataque sin especificar."
}
],
"id": "CVE-2010-3605",
"lastModified": "2024-11-21T01:19:13.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-24T21:00:33.683",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/41530"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-28 00:07
Modified
2024-11-21 00:17
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9C28A4-7F2C-492D-8514-63C598DC8BA6",
"versionEndIncluding": "4.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en class.tx_indexedsearch.php en la extensi\u00f3n Indexed Search 2.9.0 para Typo3 en versiones anteriores a 4.0.2 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro de b\u00fasqueda."
}
],
"id": "CVE-2006-5069",
"lastModified": "2024-11-21T00:17:44.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-09-28T00:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=115918334930694\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22071"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1646"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446885/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20173"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3782"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=115918334930694\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446885/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2024-11-21 02:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 6.2 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.1 | |
| typo3 | typo3 | 6.2.2 | |
| typo3 | typo3 | 6.2.3 | |
| typo3 | typo3 | 6.2.4 | |
| typo3 | typo3 | 6.2.5 | |
| typo3 | typo3 | 6.2.6 | |
| typo3 | typo3 | 6.2.7 | |
| typo3 | typo3 | 6.2.8 | |
| typo3 | typo3 | 6.2.9 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.11 | |
| typo3 | typo3 | 6.2.12 | |
| typo3 | typo3 | 6.2.13 | |
| typo3 | typo3 | 6.2.14 | |
| typo3 | typo3 | 6.2.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "29602159-5C1E-4C5A-9E4C-F3183D3EA8A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52CC6148-48F9-4532-96D3-8C6D82B8B815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E501EDED-B7DC-4D00-9DAF-862BC8C14C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F67C62FD-A683-43F3-BF0E-D368617B194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8CCC09EC-CB2C-466A-BD71-4DD2C34288B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82F45E35-4731-4527-861F-3999ABED94B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "FC154041-5B1B-484C-8EF8-9EBC73A9FF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36E925BE-8D4F-49FE-90EF-68C1DE776107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DA0AF154-CC16-4536-B120-A9040CE92394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "313D0192-8849-4DA1-820E-28E2FC4E37C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "265DCFF8-2EC5-49EA-8D06-1956F3109F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D8FB68B-E4E8-4501-94F6-2922781D8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEAA4-B0D8-4B5B-8958-173245F55134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E806A38-C603-4916-93E2-FE43062B09C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB5B78-0AD1-4259-8537-058D888B30B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7E6FD-99D0-4F48-B5DF-0EFD4C05079D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21217A49-637C-4F60-B8F8-8699E71D6BFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la vista del resultado de b\u00fasqueda en el componente Indexed Search (indexed_search) en TYPO3 6.2.x en versiones anteriores a 6.2.16 permite a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2015-8756",
"lastModified": "2024-11-21T02:39:06.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T19:59:22.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034486"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-23 21:15
Modified
2024-11-21 05:19
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37480937-67F4-432B-97F2-77DEFF11E3ED",
"versionEndExcluding": "9.5.23",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56B032F6-C72B-4963-8C0D-13BFDD5F385A",
"versionEndExcluding": "10.4.10",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenido web de c\u00f3digo abierto basado en PHP.\u0026#xa0;En TYPO3, anterior a versiones 9.5.23 y 10.4.10, los identificadores de sesi\u00f3n de usuario fueron almacenados en texto sin cifrar, sin procesamiento con algoritmos de hash criptogr\u00e1fico adicionales.\u0026#xa0;Esta vulnerabilidad no puede ser explotada directamente y se produce en combinaci\u00f3n con un ataque encadenado, como por ejemplo una inyecci\u00f3n SQL en cualquier otro componente del sistema.\u0026#xa0;Actualice a TYPO3 versiones 9.5.23 o 10.4.10 que corrigen el problema descrito"
}
],
"id": "CVE-2020-26228",
"lastModified": "2024-11-21T05:19:35.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T21:15:12.140",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-011"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-20 18:14
Modified
2024-11-21 01:57
Severity ?
Summary
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jan_bednarik | cooluri | * | |
| jan_bednarik | cooluri | 1.0.11 | |
| jan_bednarik | cooluri | 1.0.12 | |
| jan_bednarik | cooluri | 1.0.13 | |
| jan_bednarik | cooluri | 1.0.14 | |
| jan_bednarik | cooluri | 1.0.15 | |
| jan_bednarik | cooluri | 1.0.16 | |
| jan_bednarik | cooluri | 1.0.17 | |
| jan_bednarik | cooluri | 1.0.18 | |
| jan_bednarik | cooluri | 1.0.19 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4637E52B-035E-4D22-BE7C-41834F026D58",
"versionEndIncluding": "1.0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "40EED73B-0E3B-4BB3-B9B5-92C1043BC312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5FAE80-A193-45B3-9437-8FCF251AA57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A6504D7B-B1CC-4300-835F-F8E06A20185D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10B929B6-4638-4CB4-8F24-9CD33F8B203A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "91D714C1-BE19-44FD-B6EE-A426C7FE7B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D88A0D-125E-4770-9D32-E3F8DA3E8B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CD691345-B5CA-491D-9274-8C1A448CC5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8E93508C-575E-4A1C-998D-133C9B404B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9A608B7C-BBAE-4EF5-ADEE-3D941348C84B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n CoolURI 1.0.30 para TYPO3, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-5322",
"lastModified": "2024-11-21T01:57:18.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-20T18:14:14.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90415"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52282"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/cooluri"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-003/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/58055"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/cooluri"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-25 18:55
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| christophe_balisky | meta_feedit | * | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christophe_balisky:meta_feedit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D99AB5A-B34F-432C-8E31-4B332F20CE52",
"versionEndIncluding": "0.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n meta_feedit v0.1.10 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4683",
"lastModified": "2024-11-21T01:56:03.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-25T18:55:01.363",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93806"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-29 17:15
Modified
2024-11-21 05:04
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "533733E0-9B24-41B2-A9A3-BF03785B6A85",
"versionEndExcluding": "9.5.20",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22121C59-1C9F-4079-AD4F-965F872BAC58",
"versionEndExcluding": "10.4.6",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones posteriores o igual a 9.0.0 y anteriores a 9.5.20, y versiones posteriores o igual a 10.0.0 y anteriores a 10.4.6, en un caso en el que un atacante logra generar un c\u00f3digo de autenticaci\u00f3n de mensaje criptogr\u00e1fico v\u00e1lido (HMAC-SHA1), ya sea mediante el uso de una vulnerabilidad existente diferente o en caso de que la encryptionKey interna estuviera expuesta, es posible recuperar archivos arbitrarios de una instalaci\u00f3n TYPO3. Esto incluye la posibilidad de recuperar el archivo typo3conf/LocalConfiguration.php, que nuevamente contiene la encryptionKey, as\u00ed como las credenciales del sistema de administraci\u00f3n de la base de datos que se est\u00e1 usando. En caso de que un servidor de base de datos sea accesible directamente por medio de Internet o en una red de alojamiento compartido, esto permite la capacidad de recuperar, manipular o eliminar completamente el contenido de la base de datos. Esto incluye crear una cuenta de usuario de administraci\u00f3n, que pueda ser utilizada para activar una ejecuci\u00f3n de c\u00f3digo remota mediante la inyecci\u00f3n de extensiones personalizadas. Esto ha sido parcheado en las versiones 9.5.20 y 10.4.6"
}
],
"id": "CVE-2020-15099",
"lastModified": "2024-11-21T05:04:48.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-29T17:15:13.497",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-007"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-21 00:55
Modified
2024-11-21 02:00
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en Content Editing Wizards en TYPO3 4.5.x anteriores a 4.5.32, 4.7.x anteriores a 4.7.17, 6.0.x anteriores a 6.0.12, 6.1.x anteriores a 6.1.7, y las versiones de desarrollo 6.2, permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados."
}
],
"id": "CVE-2013-7074",
"lastModified": "2024-11-21T02:00:17.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-21T00:55:04.533",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/100881"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64245"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89620"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:32
Severity ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en TYPO3 versiones anteriores a la versi\u00f3n 4.3.12, versiones 4.4.x anteriores a 4.4.9 y versiones 4.5.x anteriores a 4.5.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del reciclador de extensi\u00f3n del sistema."
}
],
"id": "CVE-2011-4631",
"lastModified": "2024-11-21T01:32:42.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:10.970",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-13 10:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kurt_gusbeth | myquizpoll | * | |
| kurt_gusbeth | myquizpoll | 0.1.1 | |
| kurt_gusbeth | myquizpoll | 0.1.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E86D2D26-B76C-41DD-84D4-0A079B9671F5",
"versionEndIncluding": "0.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C806DFE-28CA-4F1E-ACF9-C99F4798641E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_gusbeth:myquizpoll:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAD8BA8-3780-4593-B05A-681F48B1C061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de SQL en la extensi\u00f3n My quiz and poll (myquizpoll) para TYPO3 antes de la versi\u00f3n 0.1.4 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6462",
"lastModified": "2024-11-21T00:56:35.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-13T10:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48278"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31257"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45262"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| francois_suter | devlog | * | |
| francois_suter | devlog | 2.0.0 | |
| francois_suter | devlog | 2.1.0 | |
| francois_suter | devlog | 2.2.0 | |
| francois_suter | devlog | 2.3.0 | |
| francois_suter | devlog | 2.3.1 | |
| francois_suter | devlog | 2.3.2 | |
| francois_suter | devlog | 2.3.3 | |
| francois_suter | devlog | 2.4.0 | |
| francois_suter | devlog | 2.5.0 | |
| francois_suter | devlog | 2.6.0 | |
| francois_suter | devlog | 2.7.0 | |
| francois_suter | devlog | 2.8.0 | |
| francois_suter | devlog | 2.9.0 | |
| rene_fritz | devlog | 1.1.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:francois_suter:devlog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E8D4F3-BCF0-4313-AF93-20E76E6BBA04",
"versionEndIncluding": "2.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E72DDE83-0ED6-4A56-BF9A-28A872349FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA62F96-CC41-4A05-855F-359821EC90C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11791D7C-F737-4EFC-9002-B1286E286D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "127CBC3F-C22B-4763-A7E3-591FA3817C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88656B43-B567-4950-8F59-0BE3B4E3837C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F53630A-3358-476F-AB79-8B28361CF2EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D95E74F0-2B72-486C-A857-54F31ED807CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB71575D-881B-4F5D-AF95-04C70F8A2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0C11BC-28AD-4C7E-B6B2-CA1F5A6D608F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7F1904-262F-4D1C-9559-4E26DBACE04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "193F798D-8C54-4539-BC63-11FB753D8556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D756CF70-F5F5-4D00-B9FD-E77BBF2A5E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francois_suter:devlog:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E227EF68-D078-4F77-AAEA-7ADDDEFBBFFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rene_fritz:devlog:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80A3D33A-A63F-45E6-BE01-EDEAEC7084C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la extensi\u00f3n de TYPO3 de registro de Desarrollo (devlog) v2.9.1 y anteriores permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0326",
"lastModified": "2024-11-21T01:11:59.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-15T19:30:00.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38164"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/devlog/2.9.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/devlog/2.9.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| laurent_foulloy | sav_filter_selectors | * | |
| laurent_foulloy | sav_filter_selectors | 1.0.1 | |
| laurent_foulloy | sav_filter_selectors | 1.0.2 | |
| laurent_foulloy | sav_filter_selectors | 1.0.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_selectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4568A7-2EA1-4977-96A5-959912F84EE0",
"versionEndIncluding": "1.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_selectors:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52C5B12E-53A0-448F-81EF-EB9322FB453A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_selectors:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC678DE7-D0C4-47A2-A1DF-0B49E1514465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:laurent_foulloy:sav_filter_selectors:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "823E851A-1DE8-4164-B0B4-1E0B0CDB794A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n SAV Filter Selectors (sav_filter_selectors)anterior a v1.0.5 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1016",
"lastModified": "2024-11-21T01:13:26.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sav_filter_selectors/1.0.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38804"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mischa_heissmann | no_indexed_search | 0.2.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mischa_heissmann:no_indexed_search:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "708F8B43-10DB-45D0-80C4-3CD632139CF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados en la extensi\u00f3n \"Busqueda no indexada\" (no_indexed_search) v0.2.0 para TYPO3 permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4340",
"lastModified": "2024-11-21T01:09:24.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-17T17:30:00.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54784"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-21 21:28
Modified
2024-11-21 00:23
Severity ?
Summary
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B002D-18FD-4C6A-97C0-AA9C83ABD382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3390E31-A149-4D83-94D2-63AF63D02A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector."
},
{
"lang": "es",
"value": "rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php en Typo3 4.0.0 hasta 4.0.3, 3.7 y 3.8 con la extensi\u00f3n rtehtmlarea, y 4.1 beta, permite a atacantes remotos autenticados ejecutar comandos de su elecci\u00f3n mediante metacaracteres del int\u00e9rprete de comandos (shell) a trav\u00e9s del par\u00e1metro userUid en rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php,\r\ny posiblemente otro vector."
}
],
"evaluatorSolution": "his vulnerability is addressed in the following product release:\r\nTypo3, Typo3, 4.0.4",
"id": "CVE-2006-6690",
"lastModified": "2024-11-21T00:23:24.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-21T21:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23446"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23466"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2056"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1017428"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0\u0026cHash=e4a40a11a9"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.sec-consult.com/272.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/454944/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/21680"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/5094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1017428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0\u0026cHash=e4a40a11a9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.sec-consult.com/272.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454944/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/21680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| maximo_cuadros | gb_fenewssubmit | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:maximo_cuadros:gb_fenewssubmit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFECE01C-F592-49AF-BD65-1D36C65A26AC",
"versionEndIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n [Gobernalia] Front End News Submitter (gb_fenewssubmit) v0.1.0 y anteriores para TYPO3 permite a usuarios remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2009-4708",
"lastModified": "2024-11-21T01:10:16.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-15T21:30:00.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-04 20:55
Modified
2024-11-21 01:37
Severity ?
Summary
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to \"a missing signature (HMAC) for a request argument.\""
},
{
"lang": "es",
"value": "El Extbase Framework en TYPO3 4.6.x a trav\u00e9s de 4.6.6, 4.7 y 6.0 variable de datos no confiables, permite a atacantes remotos tomar una variable de objetos arbitrarios y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con \"falta de una firma (HMAC) para un argumento solicitud."
}
],
"id": "CVE-2012-1605",
"lastModified": "2024-11-21T01:37:17.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-04T20:55:01.153",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/80759"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/80759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52771"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:32
Severity ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en TYPO3 versiones anteriores a la versi\u00f3n 4.3.12, versiones 4.4.x anteriores a 4.4.9 y versiones 4.5.x anteriores a 4.5.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del mensaje flash tcemain."
}
],
"id": "CVE-2011-4632",
"lastModified": "2024-11-21T01:32:42.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:11.033",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4632"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-03 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors."
},
{
"lang": "es",
"value": "El componente de autenticaci\u00f3n en TYPO3 6.2.0 anterior a 6.2.3 no invalida debidamente sesiones de usuario fuera de tiempo, lo que permite a atacantes remotos evadir autenticaci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3944",
"lastModified": "2024-11-21T02:09:11.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-03T14:55:11.130",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toni_milovan | fe_rtenews | 1.4.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:toni_milovan:fe_rtenews:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB7FF2-6C2A-481D-8659-012564D6DE0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados en la interfaz de env\u00edo de noticias de TYPO3 con la extensi\u00f3n RTE (fe_rtenews) v1.4.1 y anteriores permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4346",
"lastModified": "2024-11-21T01:09:25.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-17T17:30:00.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dietmar_schffer | travelmate | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dietmar_schffer:travelmate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A04D6A6A-BBBA-45B9-A3DC-3A7CA6AF3D2F",
"versionEndIncluding": "0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Meet Travelmates (travelmate) v0.1.1 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1027",
"lastModified": "2024-11-21T01:13:27.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:01.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38802"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56980"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.6 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.6.8 | |
| typo3 | typo3 | 4.6.9 | |
| typo3 | typo3 | 4.6.10 | |
| typo3 | typo3 | 4.6.11 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en la funci\u00f3n t3lib_div::quoteJSvalue en TYPO3 v4.5.x anterior a v4.5.19, 4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4 permite a atacantes remotos llevar a cabo ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados a trav\u00e9s de ciertos eventos de JavaScript HTML5."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html\r\n\r\n\u0027CWE-184: Incomplete Blacklist\u0027",
"id": "CVE-2012-3530",
"lastModified": "2024-11-21T01:41:04.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:02.177",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/84772"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/84772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77794"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| websedit | sk_calendar | * | |
| websedit | sk_calendar | 0.1.0 | |
| websedit | sk_calendar | 0.1.1 | |
| websedit | sk_calendar | 0.2.0 | |
| websedit | sk_calendar | 0.2.1 | |
| websedit | sk_calendar | 0.2.2 | |
| websedit | sk_calendar | 0.3.0 | |
| websedit | sk_calendar | 0.3.1 | |
| websedit | sk_calendar | 0.3.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:websedit:sk_calendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4244B13-7A43-4DD5-88D1-AE204C2B0F81",
"versionEndIncluding": "0.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websedit:sk_calendar:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD552A0C-258D-4730-9CD3-5D9BCC3A74A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websedit:sk_calendar:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F510FB-6D9A-44E7-82DA-D56C38E9BF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websedit:sk_calendar:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCB0140-20A3-4447-A36F-E5B5E70A4146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websedit:sk_calendar:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4BD0139-DC3B-44C9-9174-1CCDC7345C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websedit:sk_calendar:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A70609E2-074C-463F-A4E1-BC41A09EB007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websedit:sk_calendar:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B573E87-E0C9-48B6-8D4A-2078EBE38E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websedit:sk_calendar:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58427C9A-7705-43AC-B739-4755C33D4C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:websedit:sk_calendar:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "427A4E14-8CC9-4E44-A6F5-F1E5B92B4E18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Versatile Calendar Extension [VCE] (sk_calendar) en versiones anteriores a la 0.3.4 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4954",
"lastModified": "2024-11-21T01:10:51.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-22T18:30:02.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sk_calendar/0.3.4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/sk_calendar/0.3.4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-27 17:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| weber-ebusiness | wes_facilities | 2.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:weber-ebusiness:wes_facilities:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A07AD3E4-05C8-4DA7-BD79-D5FB5444AD70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n WEBERkommunal Facilities (wes_facilities) v2.0 de TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2008-6338",
"lastModified": "2024-11-21T00:56:17.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-27T17:30:09.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33302"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/wes_facilities/2.0.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/wes_facilities/2.0.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32982"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-28 10:30
Modified
2024-11-21 01:08
Severity ?
Summary
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| flagbit | fb_filebase | 0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flagbit:fb_filebase:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9777DA57-CE8E-42D0-865C-46D0C32C2DE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en the Flagbit Filebase (fb_filebase) extension v0.1.0 para TYPO3 permite a atacantes remotos ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-3820",
"lastModified": "2024-11-21T01:08:15.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-28T10:30:00.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-09 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nadine_schwingler | ke_questionnaire | * | |
| nadine_schwingler | ke_questionnaire | 1.2.1 | |
| nadine_schwingler | ke_questionnaire | 2.0.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nadine_schwingler:ke_questionnaire:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FF62C2-0AB9-4F7E-959D-9972DE40385A",
"versionEndIncluding": "2.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nadine_schwingler:ke_questionnaire:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793011-FBEB-45C3-9ABF-9698248CE5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nadine_schwingler:ke_questionnaire:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99999B28-5692-4BBE-AEE5-590C4B2DD7DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Questionnaire (ke_questionnaire) anterior a v2.2.3 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del vectores desconocidos.\r\n"
}
],
"id": "CVE-2010-4957",
"lastModified": "2024-11-21T01:22:09.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-09T10:55:44.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/67031"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40950"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42369"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/67031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/ke_questionnaire/2.2.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61042"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | beuserswitch | 0.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:beuserswitch:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "967F2C4C-B393-4BDC-9213-B6E98920EF7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n BE User Switch (beuserswitch) v0.0.1 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1084",
"lastModified": "2024-11-21T01:36:22.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:03.507",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78798"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51852"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72974"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jan_bednarik | cooluri | * | |
| jan_bednarik | cooluri | 1.0.11 | |
| jan_bednarik | cooluri | 1.0.12 | |
| jan_bednarik | cooluri | 1.0.13 | |
| jan_bednarik | cooluri | 1.0.14 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE18ED81-C400-4002-A8A5-513C18602559",
"versionEndIncluding": "1.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "40EED73B-0E3B-4BB3-B9B5-92C1043BC312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5FAE80-A193-45B3-9437-8FCF251AA57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A6504D7B-B1CC-4300-835F-F8E06A20185D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "10B929B6-4638-4CB4-8F24-9CD33F8B203A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n CoolURI (cooluri) en versiones anteriores a la 1.0.16 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente que CVE-2008-6686."
}
],
"id": "CVE-2009-4711",
"lastModified": "2024-11-21T01:10:16.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-15T21:30:01.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36082"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35872"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:32
Severity ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en TYPO3 versiones anteriores a 4.3.12, versiones 4.4.x anteriores a 4.4.9 y versiones 4.5.x anteriores a 4.5.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del panel de administraci\u00f3n."
}
],
"id": "CVE-2011-4629",
"lastModified": "2024-11-21T01:32:41.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:10.847",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4629"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2024-11-21 01:07
Severity ?
Summary
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9297C028-4875-4370-8A47-E5BB4DC04A20",
"versionEndIncluding": "4.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8B51D2-B985-405E-8D87-1572D5096F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AB9DE7-3AB0-4B5B-9825-486111386852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D954FE3D-B766-4D39-B0CA-31A24EDB362C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE3831-400B-4974-9C69-6787CF03433A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "66333A00-5D7D-4467-9495-79D715EBAB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "71E7C6DF-C63B-4B16-9107-3C15490951D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEAD468-F39F-4B92-9ABD-F43C636B1145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6154F853-6DAF-4A34-8019-CB5BA87CCA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67CF0EA5-E984-40BE-BA90-1C85568A0525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "395C04FB-3390-4E97-B2F1-BEF9C42F15E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "349BDDAD-35AE-44B6-9623-1ABAAFA16D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C553D36B-B446-4D63-B37F-FA32D1E5A524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "33152254-3B0B-4413-90F3-72A8B1ADDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*",
"matchCriteriaId": "78413B61-AAB7-485D-BD24-C8A6D7631281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B002D-18FD-4C6A-97C0-AA9C83ABD382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3885B69F-B9C0-488F-8775-E8E801418E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EAF89-59F9-4D06-A7AE-175816BB7E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3390E31-A149-4D83-94D2-63AF63D02A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF63F45-3E42-4DD6-ABD3-BA67D04C8A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "231CD899-2DC5-42CD-A4F9-4D00C2C11159",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password\u0027s md5 hash as a credential."
},
{
"lang": "es",
"value": "El subcomponente \"Install Tool\" (herramienta de instalaci\u00f3n) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a usuarios remotos obtener acceso usando \u00fanicamente el hash md5 como credencial."
}
],
"id": "CVE-2009-3635",
"lastModified": "2024-11-21T01:07:51.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-02T15:30:00.767",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53928"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-25 18:55
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| michael_staatz | sofortueberweisung2commerce | 2.0.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michael_staatz:sofortueberweisung2commerce:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F333D185-45A0-44E3-8C44-05B010134951",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n \"sofortueberweisung2commerce\" v2.0.1 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4681",
"lastModified": "2024-11-21T01:56:03.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-25T18:55:01.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53280"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81585"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2024-11-21 02:39
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.1 | |
| typo3 | typo3 | 6.2.2 | |
| typo3 | typo3 | 6.2.3 | |
| typo3 | typo3 | 6.2.4 | |
| typo3 | typo3 | 6.2.5 | |
| typo3 | typo3 | 6.2.6 | |
| typo3 | typo3 | 6.2.7 | |
| typo3 | typo3 | 6.2.8 | |
| typo3 | typo3 | 6.2.9 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.11 | |
| typo3 | typo3 | 6.2.12 | |
| typo3 | typo3 | 6.2.13 | |
| typo3 | typo3 | 6.2.14 | |
| typo3 | typo3 | 6.2.15 | |
| typo3 | typo3 | 7.0.0 | |
| typo3 | typo3 | 7.0.1 | |
| typo3 | typo3 | 7.0.2 | |
| typo3 | typo3 | 7.1.0 | |
| typo3 | typo3 | 7.2.0 | |
| typo3 | typo3 | 7.3.0 | |
| typo3 | typo3 | 7.3.1 | |
| typo3 | typo3 | 7.4.0 | |
| typo3 | typo3 | 7.5.0 | |
| typo3 | typo3 | 7.6.0 | |
| typo3 | typo3 | 7.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "29602159-5C1E-4C5A-9E4C-F3183D3EA8A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52CC6148-48F9-4532-96D3-8C6D82B8B815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E501EDED-B7DC-4D00-9DAF-862BC8C14C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F67C62FD-A683-43F3-BF0E-D368617B194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8CCC09EC-CB2C-466A-BD71-4DD2C34288B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82F45E35-4731-4527-861F-3999ABED94B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "FC154041-5B1B-484C-8EF8-9EBC73A9FF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36E925BE-8D4F-49FE-90EF-68C1DE776107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DA0AF154-CC16-4536-B120-A9040CE92394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "313D0192-8849-4DA1-820E-28E2FC4E37C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "265DCFF8-2EC5-49EA-8D06-1956F3109F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D8FB68B-E4E8-4501-94F6-2922781D8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEAA4-B0D8-4B5B-8958-173245F55134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E806A38-C603-4916-93E2-FE43062B09C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB5B78-0AD1-4259-8537-058D888B30B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7E6FD-99D0-4F48-B5DF-0EFD4C05079D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21217A49-637C-4F60-B8F8-8699E71D6BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC254112-3695-422E-BD5B-B5E65F61B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC7DF87-E8E8-4333-8549-5607328399BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58A72CC1-1BCE-415C-9816-AD34C14E36FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237EEDFE-DFB0-4D6E-BAA6-7A374A384CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26264C04-D8E1-4780-97C3-13F287ECF11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B89766D-2E3C-4CE9-92ED-8E5A8FF71D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3392C868-FFD8-4B00-ADD2-02CCCAEC5EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F859F4-E3EE-4C2D-A618-6E49769A1610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7F660D-7C1E-43AA-B185-40309788F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C022973-D06B-4CEF-87BF-3C016AAD4770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36A63F3A-DC95-49FF-B6AC-FD98F8499905",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en componentes anticipados no especificados en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2015-8758",
"lastModified": "2024-11-21T02:39:07.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T19:59:24.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79240"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034484"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 10:55
Modified
2024-11-21 01:21
Severity ?
Summary
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| raphael_zschorsch | commentsbe | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:raphael_zschorsch:commentsbe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B6F4CDC-91C0-43D6-B5A8-9097378BB504",
"versionEndIncluding": "0.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Commenting system Backend Module (commentsbe) v0.0.2 y anteriores para TYPO3, permite a atacantes remotos ejecutar secuencias SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-4887",
"lastModified": "2024-11-21T01:21:59.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-07T10:55:09.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:32
Severity ?
Summary
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.3.12, versiones 4.4.x anteriores a 4.4.9 y versiones 4.5.x anteriores a 4.5.4, permite a atacantes remotos omitir los mecanismos de autenticaci\u00f3n en el back-end por medio de una petici\u00f3n especialmente dise\u00f1ada."
}
],
"id": "CVE-2011-4628",
"lastModified": "2024-11-21T01:32:41.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:10.753",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4628"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Authentication_Delay_Bypass"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Authentication_Delay_Bypass"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 21:15
Modified
2024-11-21 07:03
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "83732441-A020-4401-A274-067B95354BB6",
"versionEndExcluding": "9.5.35",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "272C6A8B-94DB-4A74-BB3A-24CD0486DFA7",
"versionEndExcluding": "10.4.29",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772D645D-5158-416C-BF2C-74E5E43EF1DC",
"versionEndExcluding": "11.5.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto. En versiones anteriores a 9.5.34 ELTS, 10.4.29 y 11.5.11, las sesiones de la herramienta de administraci\u00f3n iniciadas por medio de la interfaz de usuario del backend de TYPO3 no son revocadas aunque la cuenta de usuario correspondiente es degradado a permisos inferiores o es deshabilitado por completo. De esta manera, las sesiones en la herramienta de administraci\u00f3n te\u00f3ricamente podr\u00edan haberse prolongado sin ning\u00fan l\u00edmite. TYPO3 versiones 9.5.34 ELTS, 10.4.29 y 11.5.11 contienen una correcci\u00f3n del problema"
}
],
"id": "CVE-2022-31050",
"lastModified": "2024-11-21T07:03:47.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T21:15:16.247",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2024-11-21 01:07
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.0.8 | |
| typo3 | typo3 | 4.0.9 | |
| typo3 | typo3 | 4.0.10 | |
| typo3 | typo3 | 4.0.11 | |
| typo3 | typo3 | 4.0.12 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.1.7 | |
| typo3 | typo3 | 4.1.8 | |
| typo3 | typo3 | 4.1.9 | |
| typo3 | typo3 | 4.1.10 | |
| typo3 | typo3 | 4.1.11 | |
| typo3 | typo3 | 4.1.12 | |
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.3 | |
| typo3 | typo3 | 4.3 | |
| typo3 | typo3 | 4.3 | |
| typo3 | typo3 | 4.10 | |
| typo3 | typo3 | 4.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8684CAE0-A8FB-493D-BC2B-25FF092EE93E",
"versionEndIncluding": "4.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "71C92B1F-20A4-4354-A85D-F9B96DA09970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "FAF2DAA1-356C-4C77-B673-6F5F5817352E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E28432FD-6A1B-479F-866E-7F6F762C2207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "231CD899-2DC5-42CD-A4F9-4D00C2C11159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DAFC7A20-5CC0-4B64-93C6-609D44FE3874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "720AF20D-C44C-48B2-9627-BA49A330F89D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD4EC2E-A886-4FF3-9A20-54BFBA35C10E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permiten a usuarios remotos autenticados inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de vectores de ataque sin especificar."
}
],
"id": "CVE-2009-3629",
"lastModified": "2024-11-21T01:07:50.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-02T15:30:00.627",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53918"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roderick_braun | ya_googlesearch | * | |
| roderick_braun | ya_googlesearch | 0.3.4 | |
| roderick_braun | ya_googlesearch | 0.3.5 | |
| roderick_braun | ya_googlesearch | 0.3.6 | |
| roderick_braun | ya_googlesearch | 0.3.7 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roderick_braun:ya_googlesearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "690C91D4-4069-4DB7-A20E-F98EE2CF0E86",
"versionEndIncluding": "0.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roderick_braun:ya_googlesearch:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BA4BA08D-B654-40C3-93F2-867BBE113469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roderick_braun:ya_googlesearch:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E94BE5CA-EF87-4CFB-A775-A323DF3C0383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roderick_braun:ya_googlesearch:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98EAC989-802E-46C3-BCA1-6D3644D237EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roderick_braun:ya_googlesearch:0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0F5728-00F1-4DA7-A9F2-3593ABC0E0BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n Yet another Google search (ya_googlesearch) v0.3.10 para TYPO3, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1081",
"lastModified": "2024-11-21T01:36:22.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:03.383",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78795"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ya_googlesearch/0.3.10/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ya_googlesearch/0.3.10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51851"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| robert_gonda | rtg_files | * | |
| robert_gonda | rtg_files | 1.4.7 | |
| robert_gonda | rtg_files | 1.4.9 | |
| robert_gonda | rtg_files | 1.4.10 | |
| robert_gonda | rtg_files | 1.5.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE420BD-6A3F-4DAF-8517-55E047D1B473",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E80D7337-0050-4187-9547-21080ED2B8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "83C7A4D0-1141-49F9-B553-E8A0ABE4F2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C34508E-B4AF-4749-8537-6F7EC4E570BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_gonda:rtg_files:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA338520-498A-4FD2-BFE2-FBFA13388F02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Documents download (rtg_files) antes de v1.5.2 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1076",
"lastModified": "2024-11-21T01:36:21.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:02.993",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78787"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/47842"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51838"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/rtg_files/1.5.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72960"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simple_glossar | simple_glossar | 1.0.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_glossar:simple_glossar:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D35003-4DD5-41DF-8DF0-8BD76C2F6BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en extensi\u00f3n Glossar (simple_glossar)simple v1.0.3 y anteriores para TYPO3 permite a atacantes ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4165",
"lastModified": "2024-11-21T01:09:04.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-02T17:30:00.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mathon_nicolas | tmsw_cleandb | * | |
| mathon_nicolas | tmsw_cleandb | 2.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mathon_nicolas:tmsw_cleandb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3AA67F-9EEB-43D1-8F4F-7A54F576B0FE",
"versionEndIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mathon_nicolas:tmsw_cleandb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77390E18-9062-4F8B-95E6-13534E9AC9B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n CleanDB - DBAL (tmsw_cleandb) v2.1.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1026",
"lastModified": "2024-11-21T01:13:27.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:01.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38800"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56979"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sk-typo3 | sk_simplegallery | * | |
| sk-typo3 | sk_simplegallery | 0.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sk-typo3:sk_simplegallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B05A0651-3FE0-4229-BE19-BE1EF4B22A1C",
"versionEndIncluding": "0.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sk-typo3:sk_simplegallery:0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F2FFAE14-0710-40FE-9F8F-7663278EB794",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Simple Gallery (sk_simplegallery) v0.0.9 y anteriores para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1020",
"lastModified": "2024-11-21T01:13:26.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-19T19:00:00.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38796"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-13 10:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| fr.simon_rundell | ste_prayer2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:ste_prayer2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A357460C-4C91-4931-A475-51050A1B23A4",
"versionEndIncluding": "0.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de SQL en la extensi\u00f3n Random Prayer 2 (ste_prayer2) para TYPO3 antes de la versi\u00f3n 0.0.3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6461",
"lastModified": "2024-11-21T00:56:35.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-13T10:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48280"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31264"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-22 23:30
Modified
2024-11-21 00:59
Severity ?
Summary
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD45EC2-1866-4CFC-B841-8B0B879B5565",
"versionEndExcluding": "4.0.10",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB66C8C2-1FAE-4C54-9284-A940CBEDBC00",
"versionEndExcluding": "4.1.8",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFEC718-5811-4B4D-96CF-A37488974D4A",
"versionEndExcluding": "4.2.4",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."
},
{
"lang": "es",
"value": "La herramienta de instalaci\u00f3n de extensiones del sistema en TYPO3 v4.0.9 a v4.0.0, v4.1.0 a v4.1.7, v4.2.0 y v4.2.3 crea la clave de encriptaci\u00f3n con una insuficiente aleatoriedad en la semilla, lo que facilita craquear la clave a los atacantes."
}
],
"id": "CVE-2009-0255",
"lastModified": "2024-11-21T00:59:27.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-01-22T23:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33617"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33679"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/33376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2024-11-21 01:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9297C028-4875-4370-8A47-E5BB4DC04A20",
"versionEndIncluding": "4.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8B51D2-B985-405E-8D87-1572D5096F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AB9DE7-3AB0-4B5B-9825-486111386852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D954FE3D-B766-4D39-B0CA-31A24EDB362C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE3831-400B-4974-9C69-6787CF03433A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "66333A00-5D7D-4467-9495-79D715EBAB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "71E7C6DF-C63B-4B16-9107-3C15490951D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEAD468-F39F-4B92-9ABD-F43C636B1145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6154F853-6DAF-4A34-8019-CB5BA87CCA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67CF0EA5-E984-40BE-BA90-1C85568A0525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "395C04FB-3390-4E97-B2F1-BEF9C42F15E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "349BDDAD-35AE-44B6-9623-1ABAAFA16D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C553D36B-B446-4D63-B37F-FA32D1E5A524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "33152254-3B0B-4413-90F3-72A8B1ADDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*",
"matchCriteriaId": "78413B61-AAB7-485D-BD24-C8A6D7631281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B002D-18FD-4C6A-97C0-AA9C83ABD382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3885B69F-B9C0-488F-8775-E8E801418E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EAF89-59F9-4D06-A7AE-175816BB7E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3390E31-A149-4D83-94D2-63AF63D02A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF63F45-3E42-4DD6-ABD3-BA67D04C8A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "231CD899-2DC5-42CD-A4F9-4D00C2C11159",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el subcomponente \"Install Tool\" (herramienta de instalaci\u00f3n) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de par\u00e1metros sin especificar."
}
],
"id": "CVE-2009-3636",
"lastModified": "2024-11-21T01:07:51.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-02T15:30:00.797",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53929"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-25 18:55
Modified
2024-11-21 01:56
Severity ?
Summary
Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| urs_maag | maag_form_captcha | 1.0.0 | |
| urs_maag | maag_form_captcha | 1.0.1 | |
| urs_maag | maag_form_captcha | 1.0.2 | |
| urs_maag | maag_form_captcha | 1.1.0 | |
| urs_maag | maag_form_captcha | 1.1.1 | |
| urs_maag | maag_form_captcha | 1.1.2 | |
| urs_maag | maag_form_captcha | 1.1.3 | |
| urs_maag | maag_form_captcha | 1.1.4 | |
| urs_maag | maag_form_captcha | 1.2.0 | |
| urs_maag | maag_form_captcha | 1.2.1 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0811A1-1E3B-4302-B163-08B973027D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "989E684D-3404-40A5-8E4E-8EA45FA30338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC64548-2FBD-46AE-BC9A-3043B4478DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42F0BF75-0CC8-42D1-BC4E-4B7656851804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99EAAFEA-A13D-4AE7-97E6-B4B99DEB9EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62A6433C-1F5F-4F37-B87B-B985B21A6842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E75E397-389F-42B3-8374-619ED4CAFF10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6961E1-5996-425B-AFBB-6AC23F81E779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D6F755-020F-42BB-9598-EB59595B4F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:urs_maag:maag_form_captcha:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7A2D17-5EEC-450F-B827-8C8565662DC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n \"Maag Form Captcha\" v2.0.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4680",
"lastModified": "2024-11-21T01:56:02.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-25T18:55:01.283",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93818"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/60298"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chi_hoang | ch_lightem | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chi_hoang:ch_lightem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "321A3AD2-7B00-4A5A-A07F-2B1DCC59FA06",
"versionEndIncluding": "1.0.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la extensi\u00f3n Power Extension Manager (ch_lightem) v1.0.34 y anteriores para TYPO3 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-1007",
"lastModified": "2024-11-21T01:13:25.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38811"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joachim-ruhs | educator | 0.1.5 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joachim-ruhs:educator:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "49C6C201-4FE0-44E2-8403-758B78E6DC7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Educator v0.1.5 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1009",
"lastModified": "2024-11-21T01:13:25.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38789"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mischa_heimann | yatse | * | |
| mischa_heimann | yatse | 0.1.0 | |
| mischa_heimann | yatse | 0.1.1 | |
| mischa_heimann | yatse | 0.2.0 | |
| mischa_heimann | yatse | 0.3.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F14F48-E60F-4272-BABA-6C1713A9D570",
"versionEndIncluding": "0.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FEEFF0-3DAE-4341-BC57-D7892B4B299A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07AEA64D-90F3-4FA3-AAFF-7576881CBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BC5038-053C-468E-92B0-DB9076CA2C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37818F8A-11D7-4ADA-91BF-72E166E19316",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Yet another TYPO3 search engine (YATSE) anterior a v0.3.2 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1004",
"lastModified": "2024-11-21T01:13:24.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38808"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-25 20:01
Modified
2024-11-21 01:19
Severity ?
Summary
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.4 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710."
},
{
"lang": "es",
"value": "La funci\u00f3n t3lib_div::validEmail en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 no restringe de forma adecuada la entrada a las operaciones filter_var FILTER_VALIDATE_EMAIL en PHP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena de direcci\u00f3n e-mail larga, esta vulnerabilidad est\u00e1 relaciona con CVE-3710."
}
],
"id": "CVE-2010-3717",
"lastModified": "2024-11-21T01:19:27.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-25T20:01:04.723",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43786"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-17 17:30
Modified
2024-11-21 01:04
Severity ?
Summary
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| projektseminar_proservice_wwu | virtual_civil_services | * | |
| projektseminar_proservice_wwu | virtual_civil_services | 4.2.14 | |
| projektseminar_proservice_wwu | virtual_civil_services | 4.2.15 | |
| projektseminar_proservice_wwu | virtual_civil_services | 4.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projektseminar_proservice_wwu:virtual_civil_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4836293B-FBE4-40AB-A64B-81D60709E6DC",
"versionEndIncluding": "4.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projektseminar_proservice_wwu:virtual_civil_services:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40379A-95CD-4362-9766-C14670182AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projektseminar_proservice_wwu:virtual_civil_services:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9B69B1CC-0E41-4733-A8CA-51E20562A463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projektseminar_proservice_wwu:virtual_civil_services:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B55F3379-6C4B-4647-923A-ACD57EC05E35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Virtual Civil Services (civserv) v 4.3.2 y versiones previas para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-2106",
"lastModified": "2024-11-21T01:04:08.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-17T17:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55121"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35479"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/civserv/4.3.3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/civserv/4.3.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35395"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-23 14:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68DF4A5F-31A3-4316-B280-45F21DCC5373",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09F43C75-4954-41D4-9D97-D94A3443522B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1C3358-27E9-4FFA-95B6-42B06FA2B4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6D005A-866C-4101-A272-4DEE2E8D0A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14BD2093-D777-4FE1-84E8-8E10CA255A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09097E5A-CE3C-4EDD-A160-EF977C1A6BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3CF4C42-8AAA-4CE3-9A33-64EEB142449C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23CD6277-C2BA-4D33-B94E-54638E8C3E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF14600-49FD-4CB5-9EF7-FB98891FD6EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95CE74A1-4507-42BD-B977-5F8818C8718B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2990F877-DDC9-4F6D-94EB-C324603C07A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D35CED70-0461-4E6E-9C5C-E7DEB88092E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DFD884-03D3-4701-859D-56BE48746FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB430934-F4D2-4560-A4E5-EE7768E44984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79808BCE-71F2-4C8E-923F-169B4E05EF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B214CA-1C0A-4FCE-8F0A-F64014D95925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5AD4F7-B0B0-4921-9D41-97BECCDBBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDC267C-96E1-4681-A796-B555BCB867DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FFA177-892C-48FC-9E9B-F60C69A26FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40C7BDE5-490B-4E7E-8105-84CCFD000EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF15907-838D-4AAB-A2AF-AF1BE9B5DDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4CD298-D3FD-46D1-8807-BB4C3B623DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "647F92AC-F5C3-4DA4-9405-3B0C2969C202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3AC73B4-7242-4A0B-85FE-597AA3324A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB59474-AE86-4F47-9C1B-F4D128D74027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D19E01-E4C6-40E8-A945-D9D57718CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFFA97E-1403-4E90-B56F-4564E5D3ABB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:calendar_base:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13F038AC-4F5E-4FB7-BD00-F96DDED2ACA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via \"search parameters.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Calendar Base (cal) anterior a v1.1.1 para TYPO3, cuando se usa Internet Explorer 6, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a trav\u00e9s de los \"par\u00e1metros seach -b\u00fasqueda-\"."
}
],
"evaluatorSolution": "Updated version available per: http://typo3.org/extensions/repository/view/cal/current/\r\n\r\n",
"id": "CVE-2009-4804",
"lastModified": "2024-11-21T01:10:30.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-23T14:30:00.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34155"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/cal/1.1.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/cal/1.1.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33996"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-17 17:59
Modified
2024-11-21 03:29
Severity ?
Summary
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "83755CA5-630F-43F4-A584-4D4A4A8850E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields."
},
{
"lang": "es",
"value": "TYPO3 7.6.15 env\u00eda una solicitud http a un index.php?loginProvider URI en casos con un httpsReferers, lo que permite a atacantes remotos obtener informaci\u00f3n de texto plano sensible husmeando la red y leyendo los campos userident y username."
}
],
"id": "CVE-2017-6370",
"lastModified": "2024-11-21T03:29:38.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-17T17:59:00.157",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97071"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2024-11-21 01:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9297C028-4875-4370-8A47-E5BB4DC04A20",
"versionEndIncluding": "4.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8B51D2-B985-405E-8D87-1572D5096F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AB9DE7-3AB0-4B5B-9825-486111386852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D954FE3D-B766-4D39-B0CA-31A24EDB362C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE3831-400B-4974-9C69-6787CF03433A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "66333A00-5D7D-4467-9495-79D715EBAB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "71E7C6DF-C63B-4B16-9107-3C15490951D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEAD468-F39F-4B92-9ABD-F43C636B1145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6154F853-6DAF-4A34-8019-CB5BA87CCA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67CF0EA5-E984-40BE-BA90-1C85568A0525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "395C04FB-3390-4E97-B2F1-BEF9C42F15E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "349BDDAD-35AE-44B6-9623-1ABAAFA16D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C553D36B-B446-4D63-B37F-FA32D1E5A524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "33152254-3B0B-4413-90F3-72A8B1ADDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*",
"matchCriteriaId": "78413B61-AAB7-485D-BD24-C8A6D7631281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B002D-18FD-4C6A-97C0-AA9C83ABD382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3885B69F-B9C0-488F-8775-E8E801418E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EAF89-59F9-4D06-A7AE-175816BB7E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3390E31-A149-4D83-94D2-63AF63D02A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF63F45-3E42-4DD6-ABD3-BA67D04C8A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "231CD899-2DC5-42CD-A4F9-4D00C2C11159",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n de API t3lib_div::quoteJSvalue en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML a trav\u00e9s de vectores de ataque sin especificar relacionados con el algoritmo de sanitizaci\u00f3n."
}
],
"id": "CVE-2009-3633",
"lastModified": "2024-11-21T01:07:51.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-02T15:30:00.717",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125633199111438\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53925"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| sebastian_baumann | sb_downloader | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sebastian_baumann:sb_downloader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABAF0DB-CC63-4D08-BE8F-5A2061C3BE45",
"versionEndIncluding": "0.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Download system (sb_downloader) v0.1.4 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6693",
"lastModified": "2024-11-21T00:57:12.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46390"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30737"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29825"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43208"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 09:29
Modified
2024-11-21 03:12
Severity ?
Summary
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/100620 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1039295 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/ | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100620 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039295 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/ | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 7.6.0 | |
| typo3 | typo3 | 7.6.1 | |
| typo3 | typo3 | 7.6.2 | |
| typo3 | typo3 | 7.6.3 | |
| typo3 | typo3 | 7.6.4 | |
| typo3 | typo3 | 7.6.5 | |
| typo3 | typo3 | 7.6.6 | |
| typo3 | typo3 | 7.6.7 | |
| typo3 | typo3 | 7.6.8 | |
| typo3 | typo3 | 7.6.9 | |
| typo3 | typo3 | 7.6.10 | |
| typo3 | typo3 | 7.6.11 | |
| typo3 | typo3 | 7.6.12 | |
| typo3 | typo3 | 7.6.13 | |
| typo3 | typo3 | 7.6.14 | |
| typo3 | typo3 | 7.6.15 | |
| typo3 | typo3 | 7.6.16 | |
| typo3 | typo3 | 7.6.17 | |
| typo3 | typo3 | 7.6.18 | |
| typo3 | typo3 | 7.6.19 | |
| typo3 | typo3 | 7.6.20 | |
| typo3 | typo3 | 7.6.21 | |
| typo3 | typo3 | 8.0.0 | |
| typo3 | typo3 | 8.0.1 | |
| typo3 | typo3 | 8.1.0 | |
| typo3 | typo3 | 8.1.1 | |
| typo3 | typo3 | 8.1.2 | |
| typo3 | typo3 | 8.2.0 | |
| typo3 | typo3 | 8.2.1 | |
| typo3 | typo3 | 8.3.0 | |
| typo3 | typo3 | 8.3.1 | |
| typo3 | typo3 | 8.4.0 | |
| typo3 | typo3 | 8.4.1 | |
| typo3 | typo3 | 8.5.0 | |
| typo3 | typo3 | 8.5.1 | |
| typo3 | typo3 | 8.6.0 | |
| typo3 | typo3 | 8.6.1 | |
| typo3 | typo3 | 8.7.0 | |
| typo3 | typo3 | 8.7.1 | |
| typo3 | typo3 | 8.7.2 | |
| typo3 | typo3 | 8.7.3 | |
| typo3 | typo3 | 8.7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C022973-D06B-4CEF-87BF-3C016AAD4770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36A63F3A-DC95-49FF-B6AC-FD98F8499905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E276D9-4C36-4630-BC44-5D49398E4452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF317B6-656C-4C2C-81F8-4864EE3F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D691A7EF-EE47-44EC-A073-04C3C0A432E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83E140F9-73E8-4EF7-BFDA-F56584D7FCFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E576B25-E43B-4C21-B1E5-EF937714ABC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCAB79AD-5991-4FCD-99C4-E742845BF086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19E5EBD4-51A0-4948-BF52-442766C32B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4B431C56-1D78-40BC-9E29-CE3F124ECDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32E04FC7-CB8E-4F68-94AC-8604DD8CD2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5773A565-8A1C-419D-81BA-F38AB1890AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "81B1CD9B-C309-442D-A870-89E6B3413878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "14D44308-795D-4BA4-8631-5888D52866A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DC7A89-35EB-4D15-8ABC-C1B4BBFAE51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "83755CA5-630F-43F4-A584-4D4A4A8850E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C5624ED7-228F-4961-A7D4-6631AF72702B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8E21CB97-F010-453F-B823-39F9620EF9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "BD83B4C9-B519-4B55-9506-8EA7F617B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "00509AC8-DCAC-44F1-BC29-6583913A6DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "06031E12-E8F9-4D5E-9B93-5D3D650E839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4376EA-D181-4D6B-911A-93BFF586BD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D05C2314-BE68-448D-A7A9-3A5B5CBC1845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC55556-3347-4AAB-AF6D-CC8440CD1C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5ADD12-44F2-49AA-BE15-9DEE18C9E80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B12C85B0-522C-4526-99EE-8EEFD1830281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7676A2E-513C-4111-AA46-24C3C33DF34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1660098C-AFA8-49D6-B78B-2A5E639352FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E16C4B2-5F02-44CF-84CF-D8699BD38548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F39A9A-3929-4747-BB60-7F415B22C407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0274745-3C5D-4E3B-A41F-48DED56D094C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B321C23-AFD1-4586-92DA-8A1DC8FF88F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C171728-F6C4-4B47-80B6-5CC5B67874CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06439EC9-8513-40D5-A918-DBC58879366B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05143443-C657-4B75-9BEE-A85AD09BC00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F725F38B-C2BA-4746-9F1E-B6E89A8BCAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED959D2E-37A2-46CB-B21C-91BD526D9804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A648456-839C-40F7-B7B4-4D2B9A815925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3DDDE3-CF53-435F-AB74-0E7BD6490F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB7E6E3-F533-4E24-9AAE-45FF2FC9AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D5980B-BA21-4D0C-9005-5D3184806C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:8.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7559EA-16E2-4256-90A9-0063A20B658A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code."
},
{
"lang": "es",
"value": "Una vulnerabilidad de subida de archivos sin restricciones en fileDenyPattern en sysext/core/Classes/Core/SystemEnvironmentBuilder.php en TYPO3 para las versiones 7.6.0 a 7.6.21 y 8.0.0 a 8.7.4 permite a los usuarios autenticados remotos subir archivos con una extensi\u00f3n .pht y, como consecuencia, ejecutar c\u00f3digo PHP arbitrario."
}
],
"id": "CVE-2017-14251",
"lastModified": "2024-11-21T03:12:24.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T09:29:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100620"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039295"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 00:11
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | frontend_users_view | * | |
| typo3 | frontend_users_view | 0.1.2 | |
| typo3 | frontend_users_view | 0.1.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:frontend_users_view:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1C2909-29B1-4D89-AAB8-ACBEBD79AE0F",
"versionEndIncluding": "0.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:frontend_users_view:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7255B37A-234A-444F-AC1F-A4A76AB08EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:frontend_users_view:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C2A9E2-718F-4B04-A7E7-7C41782053C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Frontend Users View (feusersview) v.0.1.6 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4656",
"lastModified": "2024-11-21T00:52:12.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T00:11:51.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31843"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-20 03:39
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| news_search_project | news_search | 0.1.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:news_search_project:news_search:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1602177C-BABF-4022-9BDB-A23AF3B944E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n News Search (news_search) v0.1.0 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos."
}
],
"id": "CVE-2013-4870",
"lastModified": "2024-11-21T01:56:36.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-20T03:39:01.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81580"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2024-11-21 02:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.1 | |
| typo3 | typo3 | 6.2.2 | |
| typo3 | typo3 | 6.2.3 | |
| typo3 | typo3 | 6.2.4 | |
| typo3 | typo3 | 6.2.5 | |
| typo3 | typo3 | 6.2.6 | |
| typo3 | typo3 | 6.2.7 | |
| typo3 | typo3 | 6.2.8 | |
| typo3 | typo3 | 6.2.9 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.11 | |
| typo3 | typo3 | 6.2.12 | |
| typo3 | typo3 | 6.2.13 | |
| typo3 | typo3 | 6.2.14 | |
| typo3 | typo3 | 6.2.15 | |
| typo3 | typo3 | 7.0.0 | |
| typo3 | typo3 | 7.0.1 | |
| typo3 | typo3 | 7.0.2 | |
| typo3 | typo3 | 7.1.0 | |
| typo3 | typo3 | 7.2.0 | |
| typo3 | typo3 | 7.3.0 | |
| typo3 | typo3 | 7.3.1 | |
| typo3 | typo3 | 7.4.0 | |
| typo3 | typo3 | 7.5.0 | |
| typo3 | typo3 | 7.6.0 | |
| typo3 | typo3 | 7.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "29602159-5C1E-4C5A-9E4C-F3183D3EA8A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52CC6148-48F9-4532-96D3-8C6D82B8B815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E501EDED-B7DC-4D00-9DAF-862BC8C14C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F67C62FD-A683-43F3-BF0E-D368617B194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8CCC09EC-CB2C-466A-BD71-4DD2C34288B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82F45E35-4731-4527-861F-3999ABED94B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "FC154041-5B1B-484C-8EF8-9EBC73A9FF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36E925BE-8D4F-49FE-90EF-68C1DE776107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DA0AF154-CC16-4536-B120-A9040CE92394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "313D0192-8849-4DA1-820E-28E2FC4E37C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "265DCFF8-2EC5-49EA-8D06-1956F3109F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D8FB68B-E4E8-4501-94F6-2922781D8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEAA4-B0D8-4B5B-8958-173245F55134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E806A38-C603-4916-93E2-FE43062B09C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB5B78-0AD1-4259-8537-058D888B30B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7E6FD-99D0-4F48-B5DF-0EFD4C05079D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21217A49-637C-4F60-B8F8-8699E71D6BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC254112-3695-422E-BD5B-B5E65F61B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC7DF87-E8E8-4333-8549-5607328399BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58A72CC1-1BCE-415C-9816-AD34C14E36FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237EEDFE-DFB0-4D6E-BAA6-7A374A384CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26264C04-D8E1-4780-97C3-13F287ECF11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B89766D-2E3C-4CE9-92ED-8E5A8FF71D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3392C868-FFD8-4B00-ADD2-02CCCAEC5EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F859F4-E3EE-4C2D-A618-6E49769A1610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7F660D-7C1E-43AA-B185-40309788F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C022973-D06B-4CEF-87BF-3C016AAD4770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36A63F3A-DC95-49FF-B6AC-FD98F8499905",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el Extension Manager en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados relacionados con datos de extensi\u00f3n durante una intalaci\u00f3n de extensi\u00f3n."
}
],
"id": "CVE-2015-8757",
"lastModified": "2024-11-21T02:39:07.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T19:59:23.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79254"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034482"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.2.15 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.3.7 | |
| typo3 | typo3 | 4.3.8 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query."
},
{
"lang": "es",
"value": "El m\u00e9todo escapeStrForLike de TYPO3 4.2.x anteriores a 4.2.16, 4.3.x anteriores a 4.3.9, y 4.4.x anteriores a 4.4.5 no codifican los caracteres no permitidos (\"escape\") apropiadamente de la entrada cuando la base de datos MySQL se encuentra en modo sql_mode NO_BACKSLASH_ESCAPES, lo que permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de caracteres comod\u00edn en una petici\u00f3n LIKE."
}
],
"id": "CVE-2010-5104",
"lastModified": "2024-11-21T01:22:31.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-21T20:55:17.617",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/70116"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64185"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jochen_rau | sk_bookreview | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jochen_rau:sk_bookreview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903090D9-A132-4D12-875F-E54CC92C4FF4",
"versionEndIncluding": "0.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Book Reviews (sk_bookreview) v0.0.12 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1018",
"lastModified": "2024-11-21T01:13:26.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38803"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| robert_heel | cwt_resetbepassword | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:robert_heel:cwt_resetbepassword:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA11BEC-C897-47C9-809D-1E852B2F1997",
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n v1.20 y anteriores de Reset backend password (cwt_resetbepassword) para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4710",
"lastModified": "2024-11-21T01:10:16.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-15T21:30:01.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36084"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35876"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37771 | Vendor Advisory | |
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37771 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| frank_krger | nl_listman | 1.2.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frank_krger:nl_listman:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCB8A53-CCEE-4FE0-A279-DD4955D79BAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n ListMan (nl_listman) v1.2.1 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de vectores inespec\u00edficos."
}
],
"id": "CVE-2009-4388",
"lastModified": "2024-11-21T01:09:31.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-22T23:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37771"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-13 18:15
Modified
2024-11-21 07:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73AB57E5-5B42-40F9-A818-06C46D6B4471",
"versionEndIncluding": "7.6.57",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8D96AD-07F4-4563-BA55-98E2C1024E82",
"versionEndIncluding": "8.7.47",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E63445-2CD1-4E0F-80B2-73977B14E319",
"versionEndIncluding": "9.5.36",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B428B4CD-4699-4E84-9002-29442DCE5250",
"versionEndIncluding": "10.4.31",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE54B85D-5F45-4346-A2E0-8204831AA225",
"versionEndIncluding": "11.5.15",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP y publicado bajo la licencia GNU GPL. Se ha detectado que la observaci\u00f3n del tiempo de respuesta durante la autenticaci\u00f3n del usuario (backend y frontend) puede usarse para distinguir entre cuentas de usuario existentes y no existentes. Los autores de extensiones de TYPO3 de terceros que proporcionan un servicio de autenticaci\u00f3n personalizado deben comprobar si la extensi\u00f3n est\u00e1 afectada por el problema descrito. Las extensiones afectadas deben implementar el nuevo \"MimicServiceInterface::mimicAuthUser\", que simula los tiempos correspondientes al procesamiento normal. Actualice a TYPO3 versiones 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 o 11.5.16 que corrigen este problema. No se presentan mitigaciones conocidas para este problema"
}
],
"id": "CVE-2022-36105",
"lastModified": "2024-11-21T07:12:24.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T18:15:14.827",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | zak_store_management | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:zak_store_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98B09D0F-BD2A-485F-83CF-1EA96D32CA36",
"versionEndIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 \"zak_store_management\" v1.0.0 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados"
}
],
"id": "CVE-2010-0344",
"lastModified": "2024-11-21T01:12:01.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:01.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axel_jung | js_css_optimizer | * | |
| axel_jung | js_css_optimizer | 0.0.1 | |
| axel_jung | js_css_optimizer | 0.1.0 | |
| axel_jung | js_css_optimizer | 0.2.0 | |
| axel_jung | js_css_optimizer | 0.2.1 | |
| axel_jung | js_css_optimizer | 0.2.2 | |
| axel_jung | js_css_optimizer | 0.2.3 | |
| axel_jung | js_css_optimizer | 1.0.0 | |
| axel_jung | js_css_optimizer | 1.0.1 | |
| axel_jung | js_css_optimizer | 1.0.2 | |
| axel_jung | js_css_optimizer | 1.0.3 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4C330B-9F91-4A57-88A6-8FD9BB7BE6D4",
"versionEndIncluding": "1.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEAE7DF-81EF-46FD-8D6A-D955ED13E9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2E00C4-3C19-4021-B0CB-A4794A6EDB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A28E8B6-512E-43FA-A0A3-D2E01D3C92AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "189AEB2D-5E51-4328-A62C-9455CE0F4955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6ECD81-1072-4BAC-85F1-7522A563902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBCE408-C089-4F42-9FED-229FBE6DBB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D870E4-0BA6-4F9B-B2F1-EC42E85A7795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C08BC8C5-6E6A-40FF-8146-0BFB510943A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBBDDE2-E8CF-4C50-BF39-916C5BB2B4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86C7A39B-5AFA-4F36-ACB2-B37F9435274F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en la extensi\u00f3n Javascript y CSS Optimizer anterior a v1.1.14 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-5570",
"lastModified": "2024-11-21T01:57:43.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-23T15:55:20.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53253"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/js_css_optimizer"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/js_css_optimizer"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81583"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 20:15
Modified
2024-11-21 08:29
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "97CE2630-5AA6-4531-9EDC-A973359351EA",
"versionEndExcluding": "8.7.55",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "CB75C6A4-F25A-4943-8683-6D373DFAEAAA",
"versionEndExcluding": "9.5.44",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "BE95F6C1-238A-48B3-BBA7-57A7C875AFA1",
"versionEndExcluding": "10.4.41",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C21A23C-E558-4B9C-AFCD-7C1D37B2D1CF",
"versionEndExcluding": "11.5.33",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B21F62-A105-487E-B52A-0E7501A4ADEA",
"versionEndExcluding": "12.4.8",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenido web basado en PHP de c\u00f3digo abierto publicado bajo GNU GPL. En las instalaciones de typo3 siempre hay al menos dos sitios diferentes. P.ej. first.example.org y second.example.com. En las versiones afectadas, una cookie de sesi\u00f3n generada para el primer sitio se puede reutilizar en el segundo sitio sin requerir autenticaci\u00f3n adicional. Esta vulnerabilidad se solucion\u00f3 en las versiones 8.7.55, 9.5.44, 10.4.41, 11.5.33 y 12.4.8. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-47127",
"lastModified": "2024-11-21T08:29:50.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T20:15:08.230",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-006"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-302"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-08 21:15
Modified
2024-11-21 05:05
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2019-013 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2019-013 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | fluid_engine | * | |
| typo3 | fluid_engine | * | |
| typo3 | fluid_engine | * | |
| typo3 | fluid_engine | * | |
| typo3 | fluid_engine | * | |
| typo3 | fluid_engine | * | |
| typo3 | fluid_engine | * | |
| typo3 | typo3 | 8.7.25 | |
| typo3 | typo3 | 9.5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:fluid_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768EE2A0-4C07-422B-A7D4-8E0132257103",
"versionEndExcluding": "2.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:fluid_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B519C49A-53BF-4F33-8582-F686CDC53BC7",
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:fluid_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6D9005-0C5C-4723-B074-045F1C669EF5",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:fluid_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "031F6347-5D70-4BCA-BF65-D399BAA67AA8",
"versionEndExcluding": "2.3.5",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:fluid_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FBB5013-12A2-467C-9D04-051629BBAADD",
"versionEndExcluding": "2.4.1",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:fluid_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3AA935-E37A-4CDD-A9CC-19C7DCD236F2",
"versionEndExcluding": "2.5.5",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:fluid_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09784D80-A267-4C8B-8989-A26B5B3155FA",
"versionEndExcluding": "2.6.1",
"versionStartIncluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:8.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "5E46577F-2AC5-427B-AAA2-9D12D158E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:9.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02D19F-8C78-4BD3-8A95-CD10984880CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1)."
},
{
"lang": "es",
"value": "TYPO3 Fluid Engine (paquete \"ypo3fluid/fluid\") versiones anteriores a 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 o 2.6.1, es susceptible a una vulnerabilidad de tipo cross-site scripting cuando se utiliza el operador condicional ternario en plantillas como \"{showFullName ? fullName : defaultValue}\". Las versiones actualizadas de este paquete tambi\u00e9n se incluyen en las siguientes versiones de TYPO3 (\"typo3/cms-core\"): TYPO3 v8.7.25 (usando \"typo3fluid/fluid\" v2.5.4) y TYPO3 v9.5.6 (usando \"typo3fluid/fluid\" v2.6.1)"
}
],
"id": "CVE-2020-15241",
"lastModified": "2024-11-21T05:05:10.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-08T21:15:10.167",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-013"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mathias_schreiber | nf_cleandb | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mathias_schreiber:nf_cleandb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "974D8254-A71C-4477-A6E5-4E050ECA3651",
"versionEndIncluding": "1.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n CleanDB (nf_cleandb) v1.0.7 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1012",
"lastModified": "2024-11-21T01:13:25.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38810"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:32
Severity ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the \"JSwindow\" property of the typolink function."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en TYPO3 versiones anteriores a 4.3.12, versiones 4.4.x anteriores a 4.4.9 y versiones 4.5.x anteriores a 4.5.4, permite a atacantes remotos inyectar un script web o HTML arbitrario por medio de la propiedad \"JSwindow\" de la funci\u00f3n typolink ."
}
],
"id": "CVE-2011-4626",
"lastModified": "2024-11-21T01:32:41.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:10.627",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4626"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-13 10:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | autobeuser | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:autobeuser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9538A307-AA75-46FF-9FC7-B28C8662B7DF",
"versionEndIncluding": "0.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de SQL en la extensi\u00f3n auto BE User Registration (autobeuser) de TYPO3 antes de la versi\u00f3n 0.0.2 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6459",
"lastModified": "2024-11-21T00:56:35.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-13T10:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48272"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31239"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45255"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-20 16:15
Modified
2024-11-21 06:07
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F7D347-2524-4871-9DBA-48700A13FFFA",
"versionEndIncluding": "8.7.40",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8EC2D0-D2D7-4512-8B9B-946186B03111",
"versionEndIncluding": "9.5.28",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC70DEB-32D3-4BD7-B688-8ADDC3BD0A0A",
"versionEndIncluding": "10.4.17",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E02E5F61-C393-4ECD-AC4C-D15276DE72E9",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. Unas versiones 9.0.0 hasta 9.5.28, 10.0.0 hasta 10.4.17, y 11.0.0 hasta 11.3.0, presentan una vulnerabilidad de tipo cross-site scripting. Cuando la configuraci\u00f3n para _backend layouts_ no est\u00e1 codificada apropiadamente, la visualizaci\u00f3n de la cuadr\u00edcula correspondiente es vulnerable a un ataque de tipo cross-site scripting persistente. Es necesario una cuenta de usuario de backend v\u00e1lida para explotar esta vulnerabilidad. TYPO3 versiones 9.5.29, 10.4.18 y 11.3.1 contienen un parche para esta vulnerabilidad"
}
],
"id": "CVE-2021-32669",
"lastModified": "2024-11-21T06:07:29.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-20T16:15:07.793",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-011"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| matthias_graubner | mg_help | * | |
| matthias_graubner | mg_help | 0.1.0 | |
| matthias_graubner | mg_help | 0.2.0 | |
| matthias_graubner | mg_help | 1.0.0 | |
| matthias_graubner | mg_help | 1.0.2 | |
| matthias_graubner | mg_help | 1.1.0 | |
| matthias_graubner | mg_help | 1.1.1 | |
| matthias_graubner | mg_help | 1.1.3 | |
| matthias_graubner | mg_help | 1.1.4 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:matthias_graubner:mg_help:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3157222-DF80-493C-BC97-7262E331BBD2",
"versionEndIncluding": "1.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_graubner:mg_help:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4009E809-583A-4BB8-90D5-BF9EF54787B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_graubner:mg_help:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "407A6451-3D9D-4E9E-8282-8C19796CBBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_graubner:mg_help:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8374D20-4D77-4224-B1D5-FE115370C3BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_graubner:mg_help:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB456A4-A09B-48FB-91B9-21F3029EE978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_graubner:mg_help:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C82600AD-46A9-4FE1-911A-CEFE70A9F1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_graubner:mg_help:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD64095-282F-4571-A3DC-8758108B5D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_graubner:mg_help:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "56AD77C4-99ED-43C1-A04F-9286E002B8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:matthias_graubner:mg_help:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13E681D4-1D2A-4037-AEA9-BFDD7055798C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de HelpDesk de TYPO3 (mg_help) v1.1.6 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0333",
"lastModified": "2024-11-21T01:12:00.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mauro_lorenzutti | wfqbe | * | |
| mauro_lorenzutti | wfqbe | 1.3.1 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mauro_lorenzutti:wfqbe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "953ABD3E-2DEE-4EA3-9EA1-4FA0DE69167D",
"versionEndIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mauro_lorenzutti:wfqbe:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F724CC77-AB61-41D7-B524-C775AC5B1BE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n DB Integration (wfqbe) anterior a v2.0.1 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos."
}
],
"id": "CVE-2013-5310",
"lastModified": "2024-11-21T01:57:17.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-16T17:55:09.770",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95957"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/wfqbe"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61653"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/wfqbe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86238"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 02:15
Modified
2024-11-21 05:48
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 | Third Party Advisory | |
| security-advisories@github.com | https://packagist.org/packages/typo3/cms-form | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2021-004 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packagist.org/packages/typo3/cms-form | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2021-004 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "176D2758-7F5E-4131-9F8A-8167038D103C",
"versionEndExcluding": "10.4.14",
"versionStartIncluding": "10.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F696292E-3CC6-416B-9F99-6C1287B1D78D",
"versionEndExcluding": "11.1.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En TYPO3 versiones anteriores a la 10.4.14, 11.1.1 se ha descubierto que el m\u00f3dulo backend Form Designer del Form Framework es vulnerable a cross-site scripting. Se necesita una cuenta de usuario backend v\u00e1lida con acceso al m\u00f3dulo de formularios para explotar esta vulnerabilidad. Esto se ha solucionado en las versiones 10.4.14, 11.1.1"
}
],
"id": "CVE-2021-21358",
"lastModified": "2024-11-21T05:48:11.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T02:15:12.813",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-004"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-22 23:30
Modified
2024-11-21 00:59
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.0.8 | |
| typo3 | typo3 | 4.0.9 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.1.7 | |
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a 4.1.7 y v4.2.0 a v4.2.3, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el (1) nombre y (2) el contenido de ficheros indexados para (a) la extensi\u00f3n del sistema Indexed Search Engine (indexed_search), (b) comandos de prueba no especificados en la extensi\u00f3n del sistema ADOb y (c) vectores no especificados en el m\u00f3dulo Workspace."
}
],
"id": "CVE-2009-0257",
"lastModified": "2024-11-21T00:59:27.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-22T23:30:04.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33617"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33679"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| fr.simon_rundell | pd_trainingcourses | 0.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:pd_trainingcourses:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8EECC13-77C9-4683-A9A2-D0547E6EC185",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Diocese of Portsmouth Training Courses (pd_trainingcourses), extensi\u00f3n v0.1.1 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6692",
"lastModified": "2024-11-21T00:57:12.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46389"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29822"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43207"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joachim_ruhs | locator | * | |
| joachim_ruhs | locator | 1.0.6 | |
| joachim_ruhs | locator | 1.0.7 | |
| joachim_ruhs | locator | 1.1.0 | |
| joachim_ruhs | locator | 1.1.8 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE93D41-08B6-4444-9CE9-0B05C83BA038",
"versionEndIncluding": "1.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5ECFDF7-213D-4944-A0E6-8272652ADA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "913B844F-8AFC-4391-B79B-E196586B310C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A0290-0EEE-4813-93CA-BC60FC3C43D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:locator:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "60134DFF-645C-4B84-8BD9-298BDEFF7319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Store Locator, en versiones anteriores a la 1.2.8, para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4949",
"lastModified": "2024-11-21T01:10:50.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-22T18:30:02.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34573"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-01 23:55
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| georg_ringer | news | * | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:georg_ringer:news:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7A35F3-9813-425A-87B0-32A64AB40276",
"versionEndIncluding": "1.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n News system (news) antes de 1.3.3 para TYPO3, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4748",
"lastModified": "2024-11-21T01:56:18.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-01T23:55:01.123",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/89134"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/news"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| mario_matzulla | cal | * | |
| mario_matzulla | cal | 0.9.0 | |
| mario_matzulla | cal | 0.10.0 | |
| mario_matzulla | cal | 0.11.0 | |
| mario_matzulla | cal | 0.12.0 | |
| mario_matzulla | cal | 0.12.1 | |
| mario_matzulla | cal | 0.13.0 | |
| mario_matzulla | cal | 0.13.1 | |
| mario_matzulla | cal | 0.14.0 | |
| mario_matzulla | cal | 0.14.1 | |
| mario_matzulla | cal | 0.15.0 | |
| mario_matzulla | cal | 0.15.1 | |
| mario_matzulla | cal | 0.15.2 | |
| mario_matzulla | cal | 0.15.3 | |
| mario_matzulla | cal | 0.15.4 | |
| mario_matzulla | cal | 0.15.5 | |
| mario_matzulla | cal | 0.16.0 | |
| mario_matzulla | cal | 0.16.1 | |
| mario_matzulla | cal | 0.16.2 | |
| mario_matzulla | cal | 0.16.3 | |
| mario_matzulla | cal | 0.16.4 | |
| mario_matzulla | cal | 0.16.5 | |
| mario_matzulla | cal | 0.16.6 | |
| mario_matzulla | cal | 0.17.0 | |
| mario_matzulla | cal | 0.17.1 | |
| mario_matzulla | cal | 0.17.2 | |
| mario_matzulla | cal | 0.17.3 | |
| mario_matzulla | cal | 1.0.0 | |
| mario_matzulla | cal | 1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB5E96D-C4B9-44E9-8073-DDBD4A8B88DD",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4065A72-7533-4D8E-ACF9-5604706CB208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB64C964-7C36-4F3C-9AF8-BD334E413A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DADC4C4B-FB4A-4BA1-B927-EBE80D83F728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6438AC43-A012-49A3-957D-1507233683CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C62589A9-8178-4B77-8DC3-251980AF6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9D28D1-7B3B-4379-805A-5C639CD0131C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC61BC22-0861-4487-8207-31D82446D4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45E04442-9642-4EE7-A176-CB5CF9872423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2318FB-9E09-499B-8B52-E88B4C6B5858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA60C05C-5A2C-487D-9452-0C1DB3D40033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84B10B5C-7344-4D9B-BB1D-2A60D37FABC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D47ADD6D-82C4-480B-8512-8D3C4CE07F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D19BFBE7-2B1F-4A89-BB24-4B30F7D1DE49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDC0D06-CFE3-437D-8CFA-43F3E860A177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A455FB8-393C-45D6-8F2A-55B617B2C7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE46693-11CD-48B4-9AEA-D2C00B3AD84E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E779D12-C8A1-44BB-AE0E-3B857EB36DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2548806-B98F-4FA1-826F-E0B036480283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000AA929-221D-4DD5-B9DD-9F27A0E9E53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49A81DDC-8D35-491E-9D37-1C1A93B90B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6811A792-031A-4DD2-A549-C16FE21FCFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62A097C2-2480-4CEF-BDA1-85C0FF918797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9522502-A801-45BB-8FFD-10C08537F4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "116E514B-4DD6-42D8-BB25-55D66DD6474B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC1A4BB-F427-4F23-90D5-90B19BB8014C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A9841A-65CF-4AF8-8465-87D543C3E14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "530F6FFB-2B29-458B-9EA2-44C47C026EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C569E8A-4285-485C-9C94-BAE3CB552E98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Calendar Base (cal) anteriores a v1.2.1 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4158",
"lastModified": "2024-11-21T01:09:03.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-02T17:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37549"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.2.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.2.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37164"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:11
Severity ?
Summary
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| patrick_bauerochse | ref_list | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:patrick_bauerochse:ref_list:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D53D58E7-F7AD-4A37-A2F9-69EBC6C2DCD7",
"versionEndIncluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 de lista de referencia de clientes (ref_list) v1.0.1 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0324",
"lastModified": "2024-11-21T01:11:59.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ref_list/1.0.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ref_list/1.0.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-13 10:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| martin_helmich | hbook | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:martin_helmich:hbook:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D360BB61-8C03-4B96-98D0-7323844B9775",
"versionEndIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de SQL en la extensi\u00f3n HBook (h_book) de TYPO3 en las versiones 2.3.0 y anteriores, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6456",
"lastModified": "2024-11-21T00:56:35.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-13T10:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48276"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31261"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45259"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2024-11-21 02:39
Severity ?
Summary
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 6.2 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.1 | |
| typo3 | typo3 | 6.2.2 | |
| typo3 | typo3 | 6.2.3 | |
| typo3 | typo3 | 6.2.4 | |
| typo3 | typo3 | 6.2.5 | |
| typo3 | typo3 | 6.2.6 | |
| typo3 | typo3 | 6.2.7 | |
| typo3 | typo3 | 6.2.8 | |
| typo3 | typo3 | 6.2.9 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.11 | |
| typo3 | typo3 | 6.2.12 | |
| typo3 | typo3 | 6.2.13 | |
| typo3 | typo3 | 6.2.14 | |
| typo3 | typo3 | 6.2.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "29602159-5C1E-4C5A-9E4C-F3183D3EA8A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52CC6148-48F9-4532-96D3-8C6D82B8B815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E501EDED-B7DC-4D00-9DAF-862BC8C14C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F67C62FD-A683-43F3-BF0E-D368617B194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8CCC09EC-CB2C-466A-BD71-4DD2C34288B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82F45E35-4731-4527-861F-3999ABED94B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "FC154041-5B1B-484C-8EF8-9EBC73A9FF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36E925BE-8D4F-49FE-90EF-68C1DE776107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DA0AF154-CC16-4536-B120-A9040CE92394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "313D0192-8849-4DA1-820E-28E2FC4E37C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "265DCFF8-2EC5-49EA-8D06-1956F3109F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D8FB68B-E4E8-4501-94F6-2922781D8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEAA4-B0D8-4B5B-8958-173245F55134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E806A38-C603-4916-93E2-FE43062B09C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB5B78-0AD1-4259-8537-058D888B30B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7E6FD-99D0-4F48-B5DF-0EFD4C05079D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21217A49-637C-4F60-B8F8-8699E71D6BFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka \"Cross-Site Flashing.\""
},
{
"lang": "es",
"value": "El componente Flvplayer en TYPO3 6.2.x en versiones anteriores a 6.2.16 permite a atacantes remotos incrustar videos de Flash procedentes de dominios externos a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como \"Cross-Site Flashing.\""
}
],
"id": "CVE-2015-8760",
"lastModified": "2024-11-21T02:39:07.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T19:59:26.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79210"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034485"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-09 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joachim_ruhs | event | * | |
| joachim_ruhs | event | 0.2.2 | |
| joachim_ruhs | event | 0.2.4 | |
| joachim_ruhs | event | 0.2.5 | |
| joachim_ruhs | event | 0.2.7 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joachim_ruhs:event:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C54C62-FF32-4CB1-86FD-6D0B94BE40F3",
"versionEndIncluding": "0.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:event:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF535B20-CDEE-4E1D-8D53-C5E6B7D75AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:event:0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B606F85-0154-48CC-8E9B-8F58CE6DB99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:event:0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89F1AB7E-B922-40F9-9F9D-FF6597E36274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:event:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "23700B61-86C2-4A14-A018-FF84ABBBFC4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Event(event) anterior a v0.3.7 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-4950",
"lastModified": "2024-11-21T01:22:08.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-09T10:55:37.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/event/0.3.7/"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/event/0.3.7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| manu_oehler | toto | * | |
| manu_oehler | toto | 0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manu_oehler:toto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9580E376-3B61-4BFF-94D7-5E097E6EB10C",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:manu_oehler:toto:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68F35600-03F0-49E7-98B6-4DCAD08736CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Fussballtippspiel (toto) v0.1.1 y anteriores (extensi\u00f3n para TYPO3) permite a atacantes remotos a ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos.\r\n"
}
],
"id": "CVE-2008-6696",
"lastModified": "2024-11-21T00:57:14.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46394"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/toto/0.1.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29824"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/toto/0.1.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | dl3_tt_news_alerts | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:dl3_tt_news_alerts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A26FA83-4F1F-44F5-8598-216E6A384590",
"versionEndIncluding": "0.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 \"tt_news Mail Alert\" (dl3_tt_news_alerts) v0.2.0 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0337",
"lastModified": "2024-11-21T01:12:00.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kennziffer | ke_search | * | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kennziffer:ke_search:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B334BF24-60EA-4B95-B381-B1FDABE12E88",
"versionEndIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Faceted Search (ke_search) anterior a v1.4.1 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos."
}
],
"id": "CVE-2013-5302",
"lastModified": "2024-11-21T01:57:15.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-16T17:55:09.447",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95959"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54306"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/ke_search"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61609"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/ke_search"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86235"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-25 20:01
Modified
2024-11-21 01:19
Severity ?
Summary
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships."
},
{
"lang": "es",
"value": "La tarea be_user_creation en TYPO3 v4.2.x anteriores a v4.2.15 y v4.3.x anteriores a v4.3.7 permite a usuarios remotos autenticados a obtener privilegios a trav\u00e9s de peticiones POST manipuladas que crean una cuenta de usuario como miembro de un grupo arbitrario."
}
],
"id": "CVE-2010-3716",
"lastModified": "2024-11-21T01:19:27.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-25T20:01:04.643",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/43786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43786"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-13 23:15
Modified
2024-12-03 20:15
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA42C4B-BB54-4702-B5C2-E3CF7903C11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "071D294C-71E4-48B4-86C5-0DBEE469BD88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones 10.4.0 y 10.4.1, ha sido detectado que los ataques basados en tiempo pueden ser usados con la funcionalidad password reset para usuarios del back-end. Esto permite a un atacante montar la enumeraci\u00f3n de usuarios basado en las direcciones de correo electr\u00f3nico asignadas a las cuentas de usuario del backend. Esto ha sido corregido en la versi\u00f3n 10.4.2."
}
],
"id": "CVE-2020-11063",
"lastModified": "2024-12-03T20:15:13.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-13T23:15:11.047",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/TYPO3/typo3/commit/14929b98ecda0ce67329b0f25ca7c01ee85df574"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-347x-877p-hcwx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-347x-877p-hcwx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-04 10:55
Modified
2024-11-21 01:31
Severity ?
Summary
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jerome_schneider | ameos_dragndropupload | * | |
| jerome_schneider | ameos_dragndropupload | 2.0.0 | |
| jerome_schneider | ameos_dragndropupload | 2.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jerome_schneider:ameos_dragndropupload:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F15B6C79-CE2A-43CA-B947-59D551D602B9",
"versionEndIncluding": "2.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jerome_schneider:ameos_dragndropupload:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E394E0F1-FA4E-44DF-B846-00970120FAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jerome_schneider:ameos_dragndropupload:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4485A994-DEDE-4EE8-AE08-31C63F9D04E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n Drag Drop Mass Upload (ameos_dragndropupload) v2.0.2 y anteriores para TYPO3 que permite a atacantes remotos subir archivos arbitrarios a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2011-3980",
"lastModified": "2024-11-21T01:31:38.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-04T10:55:11.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-010/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49516"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69694"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jo_hasenau | gridelements | * | |
| jo_hasenau | gridelements | 0.1.0 | |
| jo_hasenau | gridelements | 0.2.0 | |
| jo_hasenau | gridelements | 0.3.0 | |
| jo_hasenau | gridelements | 0.5.0 | |
| jo_hasenau | gridelements | 0.6.0 | |
| jo_hasenau | gridelements | 1.0.0 | |
| jo_hasenau | gridelements | 1.1.0 | |
| jo_hasenau | gridelements | 1.2.0 | |
| jo_hasenau | gridelements | 1.2.1 | |
| jo_hasenau | gridelements | 1.2.2 | |
| jo_hasenau | gridelements | 1.2.3 | |
| jo_hasenau | gridelements | 1.3.0 | |
| jo_hasenau | gridelements | 1.3.1 | |
| jo_hasenau | gridelements | 1.3.2 | |
| jo_hasenau | gridelements | 1.3.3 | |
| jo_hasenau | gridelements | 1.3.4 | |
| jo_hasenau | gridelements | 1.3.5 | |
| jo_hasenau | gridelements | 1.3.6 | |
| jo_hasenau | gridelements | 1.3.7 | |
| jo_hasenau | gridelements | 1.3.8 | |
| jo_hasenau | gridelements | 1.3.9 | |
| jo_hasenau | gridelements | 1.3.10 | |
| jo_hasenau | gridelements | 1.3.11 | |
| jo_hasenau | gridelements | 1.3.12 | |
| jo_hasenau | gridelements | 1.3.13 | |
| jo_hasenau | gridelements | 1.4.0 | |
| jo_hasenau | gridelements | 1.4.1 | |
| typo3 | typo3 | - | |
| jo_hasenau | gridelements | 2.0.0 | |
| jo_hasenau | gridelements | 2.0.1 | |
| jo_hasenau | gridelements | 2.0.2 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93D2F82D-F866-4E01-B5CB-97F6ABA52F38",
"versionEndIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09111685-4297-4F93-8052-318D4FD5E808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17FDD00C-90C5-4EA2-8B72-01C9C0B95459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13A405A9-5066-4B4B-AED6-B4734D46FDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86549BF1-84EE-49DA-AD84-567B5CB5F0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF66FBF-FEF1-4190-BAA9-A31E6D5809F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F92AB4BD-CC6B-46C8-8621-C2F8467B9442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F07B3379-173D-4135-94B3-6A1B932E4E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B09F6A98-35CD-4A2A-A6B5-90B177921561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1383A3D6-2643-4EA2-B326-438BB38C12B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C145E2A0-04BA-4BEB-A50E-4041D0D4AEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E5264-5E3A-45D5-8E35-26EA6BDBA06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19BB9EAE-C9A1-41EA-A06D-2B5FB75DB37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05ABCCE1-C176-49F0-AE28-4A318B90C64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07DCEDC1-1058-4281-A9C9-5B8E8170E932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "354E43A6-9190-4C6E-A757-BAE006652834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5366D77-F6E3-4127-A006-C29D98B80103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65522EE6-A402-4CAC-B260-4E6D26D838CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E45A7A-90A0-40F2-8684-C2F5A010DB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "77C69307-17E4-4B93-8B3C-9DB8FF4D7E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "595323ED-9C0A-4B3E-8ECB-F5327278FC63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A392163-529B-49FA-B8D5-9037ABDED2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB3339C-1081-4822-BE24-49E84991624F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEC7DB2-FE6F-4B41-BA3F-7B482ADF22C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E0985C30-036E-4915-BBFF-7146958C986F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C626CA-19BF-4BAF-B6BC-B5B70B01CA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3E1B7D-2008-4226-A5A1-A3FBCD39D863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A669183-F816-4A0A-BD99-15B8E7080408",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE227017-1C49-48BC-B221-C6952D94317E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EC06E3-5DC2-4E11-BF26-52024323BE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jo_hasenau:gridelements:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9CD0BE-74DA-4112-A47F-B41E1E0325E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el asistente de dise\u00f1o en la extensi\u00f3n Grid Elements (gridelements) anterior a 1.5.1 y 2.0.x anterior a 2.0.3 para TYPO3 permite a usuarios remotos autenticados de backend inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3949",
"lastModified": "2024-11-21T02:09:12.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-04T14:55:05.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58592"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/gridelements"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-008"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/gridelements"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-17 20:30
Modified
2024-11-21 00:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en la extensi\u00f3n de interfaz externo (frontend plugin) para la extensi\u00f3n de sistemas Felogin en TYPO3 4.2.0, 4.2.1 y 4.2.2, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-5656",
"lastModified": "2024-11-21T00:54:34.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-17T20:30:00.920",
"references": [
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32284"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46591"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 02:15
Modified
2024-11-21 05:48
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92 | Third Party Advisory | |
| security-advisories@github.com | https://packagist.org/packages/typo3/cms-backend | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2021-007 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packagist.org/packages/typo3/cms-backend | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2021-007 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C031A87F-5A82-48F8-AB02-FED0CDFE08A2",
"versionEndExcluding": "10.4.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F696292E-3CC6-416B-9F99-6C1287B1D78D",
"versionEndExcluding": "11.1.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 ."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En TYPO3 versiones anteriores a la 10.4.14, 11.1.1 se ha descubierto que los campos de la base de datos utilizados como _descriptionColumn_ son vulnerables al cross-site scripting cuando su contenido se previsualiza. Se necesita una cuenta de usuario v\u00e1lida para explotar esta vulnerabilidad. Esto se ha corregido en las versiones 10.4.14, 11.1.1"
}
],
"id": "CVE-2021-21340",
"lastModified": "2024-11-21T05:48:03.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T02:15:12.533",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-007"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| francisco_cifuentes | vote_for_tt_news | 1.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:francisco_cifuentes:vote_for_tt_news:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE97626-C48F-441E-872B-CF74C9DE7B72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 de rango de votaci\u00f3n para las noticias (vote_for_tt_news) v1.0.1 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0334",
"lastModified": "2024-11-21T01:12:00.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 14:43
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| stefan_koch | t3m | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stefan_koch:t3m:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F594F224-8147-404E-8A5C-44E32D4A42C0",
"versionEndIncluding": "0.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n T3M E-Mail Marketing Tool (t3m) v0.2.4 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores desconocidos."
}
],
"id": "CVE-2009-4959",
"lastModified": "2024-11-21T01:10:52.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-28T14:43:39.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36140"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2410"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C993DB-A2D1-4332-A874-DC0703C70D60",
"versionEndIncluding": "1.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F114F8E-08DE-4C8A-A0F7-567A7A822E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9677B8-7E32-4020-845B-FD31B327491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC6F692-1F1E-4FB4-9EFA-57F0D0938256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9820C6-B4E6-4632-A6D4-D7EA093B1800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AEDCA4-5AC0-4970-99B4-9BE02C880AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "303CC902-BBDA-417C-90C5-6CC316ED2E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CDAD5-EE32-47C9-9A94-5FDA002C58BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2065E944-5F55-4ABF-A20E-F5D4CEED0F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6C13C053-62AD-4866-AA6E-B6E3862734FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F84BCD42-ACAC-47B7-BC11-162BDF37E5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAB0DA1-D646-41F9-9E49-EFB3E3D6753A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2A32130E-4799-41D3-8323-8B3B4B8B5453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC13061-9822-4399-A4A1-EBEED9742EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96CEE2A8-AC38-4581-B56C-399781D73A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0415B2-89B6-4D75-AD24-DD6152110D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C905E945-4195-448E-B2B6-8C7F9C3FABCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5897048-EE9A-4DB1-9802-27018E665A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFC2BB8-B4ED-4DC0-A391-7ACB2DD94E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "56CF73D1-AA5E-4A6C-95B8-3AD4FD7EC7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7FEED-4451-43DA-9811-E7F6AA589F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4670C29-5B52-4172-8AED-0AD01229778A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "384FD986-C33D-4A87-A0ED-8EE51AD5BEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6CF5F4-67D7-4495-B610-13959A10B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D7E4A4-5887-40B8-860E-91F102A24D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7055F350-0EE7-4DE7-8FB6-26A0F2D80224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414A1EC-ED36-4113-87EE-496D0CE6C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC9389-53A8-43D8-9D03-9DBBEA26065C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2597C92A-BE72-4246-B2E7-F7B316E6BECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D0154-08BF-42AB-B97C-C0485BD34E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE66F2-621A-4F9A-8D99-C5F96D2BC528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F32EE91-CF3B-495C-9AEB-CF5F7A49E55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D79D18B0-E52B-4A80-BA0D-664BE32A667B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83192D4F-A044-456E-968C-78FD3F8782B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "027479DC-5EA0-4BAE-8F45-DB8CD2E7DBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "29168B6A-3D80-4DC7-A69E-E069B1627A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "490C3558-53F7-401D-94D4-ABC5A2DCB18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6783329E-53C6-4FAC-A76A-CDB15C30EE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3D85EF2D-D597-4BF8-8D42-65DF495F5B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ED148E81-A7BF-4E80-9BA7-1A95D4192521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCFF6F8-1913-4095-BB33-F371EA162CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5C372F-D442-44EA-9B74-A724261F7347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8B22DF-AC72-4A1D-BAC8-41AA612EEEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6293BE50-CEC2-4564-B323-5518CB5F26A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "46449EDA-9CD5-4FFC-ACC3-AE23D4CC3758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C94B49F-3249-4FF7-8D71-EFB59EB0B69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CE2E63-4B3B-4F37-983E-084058BB012D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA972B4-3307-4A9C-9E9A-F4DCA04B3320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE015AC-7FF4-445A-9112-576ECA6131A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA35D7C-6EAA-4E57-B229-771FBAE2616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBAD78D-2EEA-4E84-A31D-A8DB9A4ED6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "129FBFD3-5DF3-4C03-8416-89C9295F7245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5696F1A2-1A78-43F0-B52A-13C4B1A9989F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6F4864-877C-4FBA-99F8-CA138E089B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFE7AC9-06A3-4BCC-96F4-F978DE2A12AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95ADBE-FB92-427A-9C12-6F4DB32AB7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0661B887-07D1-4C97-A810-747D34F1854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8D2162-DEBA-400A-9BF4-CE2D5C8E59AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BD48C215-3464-49B3-AB9B-FAC18A0D6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "90DAF9E4-959D-44C6-85A4-0F9124FDEC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A773CA49-4B9D-44AC-92A6-107514320987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4A774AE5-7A2E-460A-A8E4-FC3AEEFD1F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7D81F3-C67F-4326-BB7F-414D6ADDAFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C87E0-772E-4840-BC53-C7AF9D7B8DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECCDE1E-F3B4-4CD5-8C47-C29BC6C19686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA8312C-C13F-46E1-B63A-C19DF654AAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7B1C99-CEA5-4128-B29B-AF8D71B492A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n powermail antes de v1.5.5 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-4892",
"lastModified": "2024-11-21T01:22:00.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-07T10:55:09.940",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41962"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netcreators | irfaq | 1.0.1 | |
| netcreators | irfaq | 1.0.2 | |
| netcreators | irfaq | 1.1.0 | |
| netcreators | irfaq | 1.1.1 | |
| netcreators | irfaq | 1.1.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netcreators:irfaq:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "600637DF-345E-43E5-8FE2-67E963A4261C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netcreators:irfaq:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB8DFE0-3255-4E63-BA1A-E827FD43BF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netcreators:irfaq:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE0FAE-E687-4A63-9E8F-3DADB34F47A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netcreators:irfaq:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE834341-54B2-46A0-B0DF-7532E4551698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netcreators:irfaq:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68A7F61B-A17D-499D-8CBC-3EC15A419819",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the \"return url parameter.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Modern FAQ (irfaq) v1.1.4 para TYPO3, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, posiblemente relacionado con \"return url parameter\"."
}
],
"id": "CVE-2012-1070",
"lastModified": "2024-11-21T01:36:20.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:02.697",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78749"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47823"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51845"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| david_cadu | dcdgooglemap | * | |
| david_cadu | dcdgooglemap | 1.0.0 | |
| david_cadu | dcdgooglemap | 1.0.1 | |
| david_cadu | dcdgooglemap | 1.0.2 | |
| david_cadu | dcdgooglemap | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:david_cadu:dcdgooglemap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAE6056-608D-4090-8C50-8254BC82C0A5",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_cadu:dcdgooglemap:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BECE701-B211-497D-A8A4-3337F50AA896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_cadu:dcdgooglemap:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "823FA4ED-B597-4F9F-9946-85F0152D6009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_cadu:dcdgooglemap:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E14B5496-81EC-41B9-936B-CD9AF32E04E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:david_cadu:dcdgooglemap:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E1C8AE-86AA-47F7-80F7-2AD302E5D371",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en DCD GoogleMap (dcdgooglemap) v1.1.0 y anteriores (extensi\u00f3n para TYPO3), permite a usuarios remotos inyectar de forma arbitraria secuencias de comandos web o HTML a trav\u00e9s vectores no especificados."
}
],
"id": "CVE-2008-6687",
"lastModified": "2024-11-21T00:57:11.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-10T22:00:00.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46378"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46384"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30773"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/dcdgooglemap/1.1.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29815"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/dcdgooglemap/1.1.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43199"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| fr.simon_rundell | ste_prayer | 0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:ste_prayer:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA448D28-CEE3-493F-8957-E2928F34760E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Random Prayer (ste_prayer) v0.0.1 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6694",
"lastModified": "2024-11-21T00:57:13.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.407",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46391"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29827"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43209"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 14:43
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | commerce_extension | * | |
| typo3 | commerce_extension | 0.8.32 | |
| typo3 | commerce_extension | 0.8.35 | |
| typo3 | commerce_extension | 0.9.0 | |
| typo3 | commerce_extension | 0.9.5 | |
| typo3 | commerce_extension | 0.9.6 | |
| typo3 | commerce_extension | 0.9.7 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "362EF510-F3FB-410D-937C-3857BF864EFA",
"versionEndIncluding": "0.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.8.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C51C314A-C313-455A-928D-C97E94440714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.8.35:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ADEE1-4140-41FF-B78B-E24021810E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A18B8F33-2E7A-41A0-955B-96E20E8D85A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6856341-7D9C-4147-AF64-192CBD0C849B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF5E319-11AE-46F9-9BAF-676D7058061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FA0969-82AB-4D48-82A1-3C281A0AE8F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Commerce anteriores a v0.9.9 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no espec\u00edficos."
}
],
"id": "CVE-2009-4963",
"lastModified": "2024-11-21T01:10:52.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-28T14:43:41.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36133"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2409"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-28 22:55
Modified
2024-11-21 01:58
Severity ?
Summary
Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ingo_renner | apache_solr | * | |
| ingo_renner | apache_solr | 1.0 | |
| ingo_renner | apache_solr | 1.3.0 | |
| ingo_renner | apache_solr | 1.3.1 | |
| ingo_renner | apache_solr | 2.1.0 | |
| ingo_renner | apache_solr | 2.2.0 | |
| ingo_renner | apache_solr | 2.2.1 | |
| ingo_renner | apache_solr | 2.2.2 | |
| ingo_renner | apache_solr | 2.8.0 | |
| ingo_renner | apache_solr | 2.8.1 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9314F3A-5E7D-4FBE-A46C-35A6F3F3A7BA",
"versionEndIncluding": "2.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "211526D1-C48E-43C4-8E60-9A3DDABC53D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D844805F-73B6-461C-94DF-F2950AB4E270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2C38DE-FF31-4CAC-8AE2-A596BFBC0621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83ECCAB7-3848-4289-8CC8-CCDCBAB47169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2B5498-4AA2-4B3B-A526-6732035B3053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9529891-B227-4616-B528-668C69359C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2C074A-D514-422C-ACE5-465303A93080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6526EE-4256-48F8-BE6A-F34797BD0BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingo_renner:apache_solr:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06520820-6E50-46EC-880A-786E59F131FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to \"Insecure Unserialize.\""
},
{
"lang": "es",
"value": "Vunerabilidad sin especificar en Apache Solr para la extensi\u00f3n TYPO3 anterior a 2.8.3 con impacto y vectores de ataque desconocidos relacionados con \"Deserializaci\u00f3in Insegura\""
}
],
"id": "CVE-2013-6288",
"lastModified": "2024-11-21T01:58:57.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-28T22:55:04.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54978"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/solr"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/solr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62674"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| stefan_tannhaeuser | tv21_talkshow | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stefan_tannhaeuser:tv21_talkshow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0585F45C-50FF-4165-91BC-80D3F136603C",
"versionEndIncluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 \"Talkshow TV21\"(tv21_talkshow) v1.0.1 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0332",
"lastModified": "2024-11-21T01:12:00.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-03 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B6650206-8DD5-4D05-BBD2-15A12842117B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9712BC-E1C2-46AF-8111-DE5523DFF3DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC1BD2-CB44-4C0F-8B87-6272AEEBDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D7129E4A-834D-4405-853B-89F1BD7965E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFFF68DC-AFBB-4055-83AF-BAFE9C68FBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F0FB1F-45D1-49A8-8882-393B16E6AA34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7ACA06-C0C1-4EEA-A629-C453C97660A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C444E62-897D-4C7A-AEC6-C5728166A11A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to \"Host Spoofing.\""
},
{
"lang": "es",
"value": "TYPO3 4.5.0 anterior a 4.5.34, 4.7.0 anterior a 4.7.19, 6.0.0 anterior a 6.0.14, 6.1.0 anterior a 6.1.9 y 6.2.0 anterior a 6.2.3 permite a atacantes remotos tener impacto no especificado a trav\u00e9s de una cabecera de anfitri\u00f3n HTTP manipulada, relacionado con \u0027falsificaci\u00f3n de anfitri\u00f3n.\u0027"
}
],
"id": "CVE-2014-3941",
"lastModified": "2024-11-21T02:09:10.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-03T14:55:10.910",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 20:30
Modified
2024-11-21 01:12
Severity ?
Summary
Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arco_van_geest | goof_fotoboek | * | |
| arco_van_geest | goof_fotoboek | 1.2.4 | |
| arco_van_geest | goof_fotoboek | 1.4.0 | |
| arco_van_geest | goof_fotoboek | 1.4.1 | |
| arco_van_geest | goof_fotoboek | 1.5.1 | |
| arco_van_geest | goof_fotoboek | 1.6.1 | |
| arco_van_geest | goof_fotoboek | 1.6.4 | |
| arco_van_geest | goof_fotoboek | 1.7.0 | |
| arco_van_geest | goof_fotoboek | 1.7.2 | |
| arco_van_geest | goof_fotoboek | 1.7.3 | |
| arco_van_geest | goof_fotoboek | 1.7.4 | |
| arco_van_geest | goof_fotoboek | 1.7.5 | |
| arco_van_geest | goof_fotoboek | 1.7.7 | |
| arco_van_geest | goof_fotoboek | 1.7.9 | |
| arco_van_geest | goof_fotoboek | 1.7.10 | |
| arco_van_geest | goof_fotoboek | 1.7.11 | |
| arco_van_geest | goof_fotoboek | 1.7.12 | |
| arco_van_geest | goof_fotoboek | 1.7.13 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A47C368-E00E-464F-AD09-C78E1C68DFE5",
"versionEndIncluding": "1.7.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90813014-0C2D-4684-8DD5-DCF6EABF56C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF5E2E2-7536-4817-A4F0-BF097DE8BB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A139CD8-8A86-463F-985E-CFB3E8296816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D79A0A-F058-488C-8A97-2DAD81851E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB475A0-B3C9-4441-B5AC-C75BE5C270CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4853F371-CE1A-4E07-B40B-8794598A49D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74AF0E60-9110-4C33-96C8-165FBDBBF148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF7DA3-E958-4CF2-899F-C45105FF176A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDDC390-A52D-482A-BAF6-6939B5790EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8952311C-CD9B-4ABA-9EB2-85FEFD89C7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0751AC-C16A-465F-ABCA-67E8A939B205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9DAACA-EFFB-4E05-BD6D-E25D0DDCE7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "37B967B9-7317-42A6-B4BE-D8CE2A6C0D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0FEEA5-D282-4998-A72C-BFBA4A1AC4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C97A77B1-CF81-4DFD-A9D4-30BCCF5E5145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE7BBDD-E459-4410-A47C-22BEE3C5ACD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C95FF1-67DE-40FD-9FD2-789DE7C0727C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la extensi\u00f3n de TYPO3 \"Photo Book\" (goof_fotoboek) v1.7.14 y anteriores para tiene un impacto desconocido y vectores de ataque remoto."
}
],
"id": "CVE-2010-0350",
"lastModified": "2024-11-21T01:12:02.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T20:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-20 14:55
Modified
2024-11-21 01:45
Severity ?
Summary
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.6.8 | |
| typo3 | typo3 | 4.6.9 | |
| typo3 | typo3 | 4.6.10 | |
| typo3 | typo3 | 4.6.11 | |
| typo3 | typo3 | 4.6.12 | |
| typo3 | typo3 | 4.6.13 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 | |
| typo3 | typo3 | 4.7.4 | |
| typo3 | typo3 | 4.7.5 | |
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.5.19 | |
| typo3 | typo3 | 4.5.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL."
},
{
"lang": "es",
"value": "El m\u00f3dulo Backend History en TYPO3 4.5.x anterior a 4.5.21, 4.6.x anterior a 4.6.14 y 4.7.x anterior a 4.7.6 no restringe debidamente acceso, lo que permite a editores remotos autenticados leer la historia de registros arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2012-6146",
"lastModified": "2024-11-21T01:45:54.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-20T14:55:04.067",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fr.simon_rundell | hs_religiousartgallery | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:hs_religiousartgallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA7353C-53EC-4D8B-949B-E2A158694086",
"versionEndIncluding": "0.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) v0.1.2 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4399",
"lastModified": "2024-11-21T01:09:33.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-22T23:30:00.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chris_wederka | tgm_newsletter | 0.0.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chris_wederka:tgm_newsletter:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C7ABA3-3282-4BF3-86A0-1023C8BA2CB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n TGM-Newsletter (tgm_newsletter) v0.0.2 para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1025",
"lastModified": "2024-11-21T01:13:27.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-19T19:00:01.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38805"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/tgm_newsletter/0.0.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56977"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-17 17:30
Modified
2024-11-21 01:04
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:udo_von_eynern:modern_guest_book_commenting_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9910B221-2948-4FE7-A989-4599C281A0DC",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:udo_von_eynern:modern_guest_book_commenting_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C03D4FCF-04AA-4BD7-A830-BA697C513299",
"versionEndIncluding": "2.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:udo_von_eynern:modern_guest_book_commenting_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "098141D5-BA03-471D-9FA7-BF96F6609288",
"versionEndIncluding": "2.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:udo_von_eynern:modern_guest_book_commenting_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3498A23E-E1CD-4ED9-8D78-A29DB70FB8A3",
"versionEndIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:udo_von_eynern:modern_guest_book_commenting_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9767331-890F-449E-BF86-BE2D87BBE162",
"versionEndIncluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos cruzados(XSS) en la extensi\u00f3n Modern Guestbook / Comenting System (ve_guestbook) v2.7.1 y anteriores para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-2104",
"lastModified": "2024-11-21T01:04:08.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-17T17:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55122"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35483"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35397"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| christian_hennecke | chsellector | * | |
| christian_hennecke | chsellector | 0.1.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:christian_hennecke:chsellector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF7A108-AABC-4DBF-BCA1-8AFF2A1D50AE",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:christian_hennecke:chsellector:0.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C9A47B13-9077-49BE-B0D0-D0803FA3779E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Sellector.com Widget Integration (chsellector) anterior a v0.1.2 y anteriores para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1008",
"lastModified": "2024-11-21T01:13:25.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-19T19:00:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/chsellector/0.1.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/chsellector/0.1.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38816"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| marcus_krause | t3sec_saltedpw | * | |
| marcus_krause | t3sec_saltedpw | 0.2.8 | |
| marcus_krause | t3sec_saltedpw | 0.2.9 | |
| marcus_krause | t3sec_saltedpw | 0.2.10 | |
| marcus_krause | t3sec_saltedpw | 0.2.11 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:marcus_krause:t3sec_saltedpw:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32737500-8D39-4F6A-8273-4C4714D908B1",
"versionEndIncluding": "0.2.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marcus_krause:t3sec_saltedpw:0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2B582CCD-91B8-41EF-BA78-8BDEA0174E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marcus_krause:t3sec_saltedpw:0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED4A570-03C1-4157-93C2-BC54305F15C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marcus_krause:t3sec_saltedpw:0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3D764C00-87CD-49D1-AE2C-D5D543C8FF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:marcus_krause:t3sec_saltedpw:0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "96EC015D-C0AC-44A4-B854-4787594C0764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors."
},
{
"lang": "es",
"value": "La extensi\u00f3n TYPO3 Security - Salted user password hashes (t3sec_saltedpw) anterior a v0.2.13 para TYPO3 permite a atacantes remotos evitar la autenticaci\u00f3n a trav\u00e9s de vectores deconocidos."
}
],
"id": "CVE-2010-1022",
"lastModified": "2024-11-21T01:13:27.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38992"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3sec_saltedpw/0.2.13/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3sec_saltedpw/0.2.13/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38799"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivan_kartolo | direct_mail | * | |
| ivan_kartolo | direct_mail | 2.0.0 | |
| ivan_kartolo | direct_mail | 2.0.1 | |
| ivan_kartolo | direct_mail | 2.1.1 | |
| ivan_kartolo | direct_mail | 2.1.2 | |
| ivan_kartolo | direct_mail | 2.1.4 | |
| ivan_kartolo | direct_mail | 2.1.5 | |
| ivan_kartolo | direct_mail | 2.5.0 | |
| ivan_kartolo | direct_mail | 2.6.0 | |
| ivan_kartolo | direct_mail | 2.6.1 | |
| ivan_kartolo | direct_mail | 2.6.2 | |
| ivan_kartolo | direct_mail | 2.6.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41285CAD-7BEF-4654-826F-A88C9C7988A3",
"versionEndIncluding": "2.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B03A18CF-1422-4074-8CE0-F00957ACC5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "586E7D50-2989-42B5-B260-C74E8540058E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC89EF6-5413-4ED9-A10D-F2A0A0334B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F860B9E-2976-4688-9B35-4570BB20C608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A098F808-8E6A-4780-9A10-94E5F0F04F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "400BF448-5A45-4AAF-8622-5B0D6FC00E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0533D2C-B43D-4C90-8BD1-DA805FC427D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD686FD0-8C55-434A-A36A-B8736AB54213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09BEB78C-81CF-4D4C-A7AF-CC78916DC4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC92BBB-95F6-46FE-B80B-093F8F1190A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B596E00D-3993-4521-9241-68494C4E9B0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la caracter\u00edstica de configuraci\u00f3n de newsletter en el m\u00f3dulo backend en la extensi\u00f3n Direct Mail (direct_mail) v2.6.4 y anteriores para TYPO3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores inespec\u00edficos."
}
],
"id": "CVE-2009-4159",
"lastModified": "2024-11-21T01:09:03.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-02T17:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37552"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/direct_mail/2.6.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-018/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/direct_mail/2.6.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37166"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-21 00:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.5.19 | |
| typo3 | typo3 | 4.5.20 | |
| typo3 | typo3 | 4.5.21 | |
| typo3 | typo3 | 4.5.22 | |
| typo3 | typo3 | 4.5.23 | |
| typo3 | typo3 | 4.5.24 | |
| typo3 | typo3 | 4.5.25 | |
| typo3 | typo3 | 4.5.26 | |
| typo3 | typo3 | 4.5.27 | |
| typo3 | typo3 | 4.5.28 | |
| typo3 | typo3 | 4.5.29 | |
| typo3 | typo3 | 4.5.30 | |
| typo3 | typo3 | 4.5.31 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 | |
| typo3 | typo3 | 4.7.4 | |
| typo3 | typo3 | 4.7.5 | |
| typo3 | typo3 | 4.7.6 | |
| typo3 | typo3 | 4.7.7 | |
| typo3 | typo3 | 4.7.8 | |
| typo3 | typo3 | 4.7.9 | |
| typo3 | typo3 | 4.7.10 | |
| typo3 | typo3 | 4.7.11 | |
| typo3 | typo3 | 4.7.12 | |
| typo3 | typo3 | 4.7.13 | |
| typo3 | typo3 | 4.7.14 | |
| typo3 | typo3 | 4.7.15 | |
| typo3 | typo3 | 4.7.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en Extension Manager de TYPO3 4.5.x anteriores a 4.5.32 y 4.7.x anteriores a 4.7.17 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-7076",
"lastModified": "2024-11-21T02:00:17.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-21T00:55:04.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/100883"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64247"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89624"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| maximo_cuadros | gb_fenewssubmit | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:maximo_cuadros:gb_fenewssubmit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFECE01C-F592-49AF-BD65-1D36C65A26AC",
"versionEndIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n [Gobernalia] Front End News Submitter (gb_fenewssubmit) 0.1.0 y anteriores para TYP03 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4707",
"lastModified": "2024-11-21T01:10:15.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-15T21:30:00.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 23:15
Modified
2024-11-21 09:00
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27B5B1C-F807-411B-BCA1-112C85BDC3E5",
"versionEndExcluding": "8.7.57",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F52D81-C2B7-4AFE-A99E-7E40E0751082",
"versionEndExcluding": "9.5.46",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF72A1A-60DD-4588-8E90-B5D6D84854A9",
"versionEndExcluding": "10.4.43",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE0085D-3BA8-4076-BAB0-04BBB118A78D",
"versionEndExcluding": "11.5.35",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D518ED7-F1C8-4836-B3D8-4D228A48F314",
"versionEndExcluding": "12.4.11",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E20E3F5E-8C2B-4AC1-A3E3-B428710A5480",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage (\"zero-storage\") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` \u0026 `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler-\u003eisImporting = true;`.\n\n\n"
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenido web basado en PHP de c\u00f3digo abierto publicado bajo GNU GPL. En las versiones afectadas de TYPO3, las entidades de la capa de abstracci\u00f3n de archivos (FAL) se pod\u00edan conservar directamente a trav\u00e9s de `DataHandler`. Esto permiti\u00f3 a los atacantes hacer referencia a archivos en el almacenamiento alternativo directamente y recuperar sus nombres y contenidos. El almacenamiento alternativo (\"almacenamiento cero\") se utiliza como capa de compatibilidad con versiones anteriores para archivos ubicados fuera de los almacenamientos de archivos configurados correctamente y dentro del directorio ra\u00edz web p\u00fablico. Para explotar esta vulnerabilidad se requiere una cuenta de usuario backend v\u00e1lida. Se recomienda a los usuarios que actualicen a TYPO3 versi\u00f3n 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS o 13.0.1, que solucionan el problema descrito. Cuando se persisten entidades de la capa de abstracci\u00f3n de archivos directamente a trav\u00e9s de DataHandler, las entidades `sys_file` ahora est\u00e1n denegadas de forma predeterminada, y las entidades `sys_file_reference` y `sys_file_metadata` ya no pueden hacer referencia a archivos en el almacenamiento alternativo. Al importar datos desde or\u00edgenes seguros, esto debe habilitarse expl\u00edcitamente en la instancia de DataHandler correspondiente usando `$dataHandler-\u0026gt;isImporting = true;`."
}
],
"id": "CVE-2024-25121",
"lastModified": "2024-11-21T09:00:17.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T23:15:09.080",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-006"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-27 20:55
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lina_wolf | seo_pack_for_tt_news | * | |
| lina_wolf | seo_pack_for_tt_news | 1.0.0 | |
| lina_wolf | seo_pack_for_tt_news | 1.3.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lina_wolf:seo_pack_for_tt_news:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1536463D-600E-4618-B3A8-D4E47FCF36E6",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lina_wolf:seo_pack_for_tt_news:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D7851CD-9D22-414E-B0BB-F6F2473D4A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lina_wolf:seo_pack_for_tt_news:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "773AF98A-A22C-42A9-B838-E921BFB6409F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad SQL injection en el SEO Pack para la extensi\u00f3n tt_news anterior a v1.3.3 para TYPO3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario SQL a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-4719",
"lastModified": "2024-11-21T01:56:08.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-27T20:55:01.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53283"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/lonewsseo"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/lonewsseo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81574"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| julian_kleinhans | kj_imagelightbox2 | * | |
| julian_kleinhans | kj_imagelightbox2 | 1.4.0 | |
| julian_kleinhans | kj_imagelightbox2 | 1.4.1 | |
| julian_kleinhans | kj_imagelightbox2 | 1.4.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:julian_kleinhans:kj_imagelightbox2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF5592D-30BE-48A9-9358-FEE695145153",
"versionEndIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:julian_kleinhans:kj_imagelightbox2:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F5D02B-4093-48E3-815C-3D2A01ABB809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:julian_kleinhans:kj_imagelightbox2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E996C215-4CC1-4AFD-84F6-925898DB8C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:julian_kleinhans:kj_imagelightbox2:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8ADAA04-F6DC-4E9C-8457-508951556B3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados(XSS) en la extensi\u00f3n de TYPO3 \"KJ: Imagelightbox\" (kj_imagelightbox2) v2.0.0 y anteriores permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados. Se trata de una vulnerabilidad distinta a CVE-2008-2490."
}
],
"id": "CVE-2010-0327",
"lastModified": "2024-11-21T01:11:59.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-15T19:30:00.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38165"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/kj_imagelightbox2/2.0.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/kj_imagelightbox2/2.0.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-23 22:15
Modified
2024-11-21 05:19
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56B032F6-C72B-4963-8C0D-13BFDD5F385A",
"versionEndExcluding": "10.4.10",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenido web de c\u00f3digo abierto basado en PHP.\u0026#xa0;En TYPO3 desde la versi\u00f3n 10.4.0, y anterior a versi\u00f3n 10.4.10, los widgets RSS son susceptibles al procesamiento de entidades externas XML.\u0026#xa0;Esta vulnerabilidad es razonable, pero es te\u00f3rica: no fue posible reproducir la vulnerabilidad con las versiones actuales de PHP de las distribuciones del sistema compatibles y mantenidas.\u0026#xa0;Al menos con libxml2 versi\u00f3n 2.9, el procesamiento de entidades externas XML est\u00e1 deshabilitado por defecto y no puede ser explotada.\u0026#xa0;Adem\u00e1s de eso, se necesita una cuenta de usuario de backend v\u00e1lida.\u0026#xa0;Actualice a TYPO3 versi\u00f3n 10.4.10 para corregir el problema descrito"
}
],
"id": "CVE-2020-26229",
"lastModified": "2024-11-21T05:19:35.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T22:15:12.493",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-012"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 22:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3664 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3664 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.1.14, versiones 4.2.x anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3n 4.4.1, permite una Divulgaci\u00f3n de Informaci\u00f3n en el back-end."
}
],
"id": "CVE-2010-3664",
"lastModified": "2024-11-21T01:19:20.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T22:15:10.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3664"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-02 20:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snowflake:t3blog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "048146A4-6E59-4BC7-9443-015B6F11B97E",
"versionEndIncluding": "0.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:snowflake:t3blog:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB79DB7-1BBE-44F3-B2B9-FD2C4CBB5471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:snowflake:t3blog:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35B7C3D5-EA62-4947-81B6-9E5379EE0C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:snowflake:t3blog:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A99530DC-9A8A-4CA7-A408-A25FF86D4CA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n T3BLOG v0.6.2 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-0797",
"lastModified": "2024-11-21T01:12:58.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-02T20:30:00.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38388"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-28 15:30
Modified
2024-11-21 00:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | freecap_captcha_extension | * | |
| typo3 | freecap_captcha_extension | 1.0.0 | |
| typo3 | freecap_captcha_extension | 1.0.1 | |
| typo3 | freecap_captcha_extension | 1.0.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:freecap_captcha_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3190C5C-82B9-4054-ADFB-345C6F67F4A5",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:freecap_captcha_extension:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED291B90-F9FA-4844-BCC5-8C4B8E0E896C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:freecap_captcha_extension:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA0E086-DACA-4A3F-A6BA-430833434407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:freecap_captcha_extension:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0768976F-DB50-4AA4-8CB2-1FC601DCCCC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n freeCap CAPTCHA (sr_freecap) anterior a v1.0.4 para TYPO3, permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"evaluatorSolution": "Solution: An updated version 1.0.4 is available from the TYPO3 extension manager and at typo3.org/extensions/repository/view/sr_freecap/1.0.4/. Users of the extension are advised to update the extension as soon as possible.",
"id": "CVE-2008-5995",
"lastModified": "2024-11-21T00:55:24.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-28T15:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31946"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/sr_freecap/1.0.4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080924-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31370"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/sr_freecap/1.0.4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080924-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45379"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.2.15 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.3.7 | |
| typo3 | typo3 | 4.3.8 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the \"file inclusion functionality.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la configuraci\u00f3n de TypoScript en TYPO3 v4.2.x y anteriores a v4.2.16, v4.3.x y anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5. permite a administradores remotos autenticados leer ficheros arbitrarios a trav\u00e9s de vectores no especificados y relacionados con la \"funcionalidad de inclusi\u00f3n de fichero\"."
}
],
"id": "CVE-2010-5101",
"lastModified": "2024-11-21T01:22:30.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-21T20:55:16.710",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/70119"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-19 19:55
Modified
2024-11-21 01:26
Severity ?
Summary
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webempoweredchurch | wec_discussion | * | |
| webempoweredchurch | wec_discussion | 1.6.0 | |
| webempoweredchurch | wec_discussion | 1.6.1 | |
| webempoweredchurch | wec_discussion | 1.6.2 | |
| webempoweredchurch | wec_discussion | 1.6.3 | |
| webempoweredchurch | wec_discussion | 1.7.0 | |
| webempoweredchurch | wec_discussion | 2.0.1 | |
| webempoweredchurch | wec_discussion | 2.0.2 | |
| webempoweredchurch | wec_discussion | 2.0.3 | |
| webempoweredchurch | wec_discussion | 2.0.4 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E88D89D-1DCD-4593-9F52-39F5DD156BC3",
"versionEndIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F03D13A-79F5-4B0C-B1EF-8593C1B12AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "665895CE-9D9C-48AB-A8E2-D3DD3F234C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "874C3D70-B9F8-4ADD-8451-CAE797C593F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB5775B-A31D-436B-B8F6-50E547C5D9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "434FB076-E0DC-46D6-A126-A1C23B16EE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A58AC564-C42A-4FE1-B8BF-0E2438A3055E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D37B34D-F153-406A-AFB5-BE4CEB9AF1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0EB71C-1AC8-4B2D-83C4-1CD969D2D787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED959636-1557-455F-A904-C22857C638D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el componente WEC Discussion Forum (wec_discussion) 2.1.0 y versiones anteriores de TYPO3. Permite a usuarios remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar. Se ha explotado en Abril del 2011."
}
],
"id": "CVE-2011-1722",
"lastModified": "2024-11-21T01:26:52.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-19T19:55:01.937",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/71674"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44055"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion/2.1.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47257"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0896"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/71674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion/2.1.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66619"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| marco_hezel | hm_tinymarket | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:marco_hezel:hm_tinymarket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03643EE2-BE0C-4742-BEE4-3809F408F984",
"versionEndIncluding": "0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n Tiny Market (hm_tinymarket) v0.5.4 y anterios para TYPO3, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados"
}
],
"id": "CVE-2010-4889",
"lastModified": "2024-11-21T01:22:00.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-07T10:55:09.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kurt_kunig | kk_downloader | * | |
| kurt_kunig | kk_downloader | 1.1.0 | |
| kurt_kunig | kk_downloader | 1.1.1 | |
| kurt_kunig | kk_downloader | 1.1.2 | |
| kurt_kunig | kk_downloader | 1.2.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kurt_kunig:kk_downloader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CFAFA1-F1EC-4370-95AF-ED605688C569",
"versionEndIncluding": "1.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_kunig:kk_downloader:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC6E3EE-A24D-44CB-B70C-77A9D7600602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_kunig:kk_downloader:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFEF318-87DF-4EDC-BE4A-42ABFD1942C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_kunig:kk_downloader:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD0BCC2-219C-432F-BADC-EA04A975E873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kurt_kunig:kk_downloader:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C839F38-60DC-4F07-A49A-EAF08EE6B967",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la expresi\u00f3n Simple download-system con Counter y categor\u00edas (kk_downloader) v1.2.1 y anteriores para TYP03 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de ataques desconocidos a vectores."
}
],
"id": "CVE-2009-4160",
"lastModified": "2024-11-21T01:09:03.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-02T17:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37550"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37168"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 22:15
Modified
2024-11-21 05:38
Severity ?
Summary
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://typo3.org/security/advisory/typo3-psa-2019-003/ | Third Party Advisory | |
| cve@mitre.org | https://www.purplemet.com/blog/typo3-xss-vulnerability | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-psa-2019-003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.purplemet.com/blog/typo3-xss-vulnerability | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "892CD9A6-5223-4D72-9890-E78A19A0876A",
"versionEndExcluding": "6.2.39",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB78FB2E-CA27-413B-8311-1C0F7D732285",
"versionEndIncluding": "7.1.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname."
},
{
"lang": "es",
"value": "El archivo svg.swf en TYPO3 versiones 6.2.0 hasta 6.2.38 ELTS y versiones 7.0.0 hasta 7.1.0, podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) en un sistema apuntado. Esto puede estar en un nombre de ruta contrib/websvg/svg.swf."
}
],
"id": "CVE-2020-8091",
"lastModified": "2024-11-21T05:38:17.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T22:15:11.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-psa-2019-003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.purplemet.com/blog/typo3-xss-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-psa-2019-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.purplemet.com/blog/typo3-xss-vulnerability"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andreas_kiefer | ke_yac | * | |
| andreas_kiefer | ke_yac | 1.0.3 | |
| andreas_kiefer | ke_yac | 1.0.4 | |
| andreas_kiefer | ke_yac | 1.0.5 | |
| andreas_kiefer | ke_yac | 1.1.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECAD2A0-A63A-44E3-91AB-262737E3855D",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1DF901-5BFB-4BEF-8D2A-2361BCF211FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52164132-FAC4-44D5-855C-B6A30E31274E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "205467F9-DCB2-4E69-B810-693361BDB658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andreas_kiefer:ke_yac:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7AF367-3318-4D09-AA67-A1525182894D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en la extensi\u00f3n Yet Another Calendar (ke_yac) antes de v1.1.2 para TYPO3, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-4890",
"lastModified": "2024-11-21T01:22:00.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-07T10:55:09.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/ke_yac/1.1.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42945"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 02:15
Modified
2024-11-21 05:48
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f | Third Party Advisory | |
| security-advisories@github.com | https://packagist.org/packages/typo3/cms-form | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2021-003 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packagist.org/packages/typo3/cms-form | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2021-003 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10B90F0-DA5C-4A80-BD4F-124B6C82CE8B",
"versionEndExcluding": "8.7.40",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB3125B-114D-4991-BD60-9535D97DD348",
"versionEndExcluding": "9.5.25",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C031A87F-5A82-48F8-AB02-FED0CDFE08A2",
"versionEndExcluding": "10.4.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F696292E-3CC6-416B-9F99-6C1287B1D78D",
"versionEndExcluding": "11.1.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En TYPO3 versiones anteriores a la 8.7.40, 9.5.25, 10.4.14, 11.1.1, debido a una validaci\u00f3n de entrada inadecuada, los atacantes pueden eludir las restricciones de las opciones predefinidas y enviar datos arbitrarios en el m\u00f3dulo backend del Dise\u00f1ador de formularios del Marco de formularios. En la configuraci\u00f3n por defecto del Form Framework esto permite a los atacantes permitir expl\u00edcitamente tipos mime arbitrarios para la subida de archivos - sin embargo, el _fileDenyPattern_ por defecto bloquea con \u00e9xito archivos como _.htaccess_ o _malicious.php_. Adem\u00e1s de eso, los atacantes pueden persistir esos archivos en cualquier directorio con capacidad de escritura de la correspondiente instalaci\u00f3n de TYPO3. Se necesita una cuenta de usuario backend v\u00e1lida con acceso al m\u00f3dulo de formularios para explotar esta vulnerabilidad. Esto est\u00e1 corregido en las versiones 8.7.40, 9.5.25, 10.4.14, 11.1.1"
}
],
"id": "CVE-2021-21357",
"lastModified": "2024-11-21T05:48:11.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T02:15:12.720",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-19 18:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072."
},
{
"lang": "es",
"value": "Cross-site scripting (XSS) en el m\u00e9todo errorAction en la clase base ActionController en el Framwork Extbase en TYPO3 4.5.0 hasta\u00a0 4.5.31, 4.7.0 hasta\u00a0 4.7.16, 6.0.0 hasta 6.0.11 y 6.1.0 hasta 6.1.6, cuando la propiedad Rewritten Mapper est\u00e1 activada, que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una entrada no especificada, que se traduce en un mensaje de error. NOTA: esta podr\u00eda ser la misma vulnerabilidad CVE-2.013-7.072."
}
],
"id": "CVE-2013-7078",
"lastModified": "2024-11-21T02:00:18.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-19T18:55:05.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/100885"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64239"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89629"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-04 20:55
Modified
2024-11-21 01:37
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.4.0 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 | |
| typo3 | typo3 | 4.4.5 | |
| typo3 | typo3 | 4.4.6 | |
| typo3 | typo3 | 4.4.7 | |
| typo3 | typo3 | 4.4.8 | |
| typo3 | typo3 | 4.4.9 | |
| typo3 | typo3 | 4.4.10 | |
| typo3 | typo3 | 4.4.11 | |
| typo3 | typo3 | 4.4.12 | |
| typo3 | typo3 | 4.4.13 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60F86FA-B7D3-4BE5-82F2-05F2A5F5663D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "436C3A0C-CC01-483D-A188-6406CEE13796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB1BFC-B45C-4A2A-8F9B-1E593BCD4EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "027BCB88-BBFF-46DA-A59A-35412EBF3008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4947CFBF-BA7A-460E-B716-D3EA85E19290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA8B097-5588-4F05-A882-1167EEB71178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "98CB88EB-DED5-4875-A986-CB57C2092270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E906CAAC-2337-4C4C-A2CB-B1B430575A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C43E7D85-9570-40E0-83C3-5BB4B59340D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "098B2DC5-EC2A-4955-9CD0-FD26750971E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el componente Backend en TYPO3 v4.4.0 hasta v4.4.13, v4.5.0 hasta v4.5.13, v4.6.0 hasta v4.6.6, v4.7, v6.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados"
}
],
"id": "CVE-2012-1606",
"lastModified": "2024-11-21T01:37:17.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-04T20:55:01.233",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/80760"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48622"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48647"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52771"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| jan_bednarik | cooluri | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jan_bednarik:cooluri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D77669-341D-4C3C-A287-84EB01AB30F2",
"versionEndIncluding": "1.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en CoolURI (cooluri) v1.0.11 y anteriores (extensi\u00f3n para TYPO3), permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos."
}
],
"id": "CVE-2008-6686",
"lastModified": "2024-11-21T00:57:11.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46383"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29821"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43197"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| heiko_sudar | slideshare | 0.1.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:heiko_sudar:slideshare:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86563B62-879F-42E5-814D-2C41F0D9A499",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Slideshare v0.1.0 para TYPO3, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-5569",
"lastModified": "2024-11-21T01:57:43.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-23T15:55:20.567",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90417"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82219"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mathieu_vidal | mv_cooking | 0.1.0 | |
| mathieu_vidal | mv_cooking | 0.3.0 | |
| mathieu_vidal | mv_cooking | 0.4.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mathieu_vidal:mv_cooking:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46EACBEB-581D-4613-8AB3-4BFA0E2CC3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mathieu_vidal:mv_cooking:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAF83A5-57FB-4E03-8BD7-EDC97A3B39D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mathieu_vidal:mv_cooking:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "510B247E-B1B4-4844-A451-23414605C010",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos SQL en la extensi\u00f3n Kitchen recipe (mv_cooking) v0.4.1 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados, como se explot\u00f3 a partir de Febrero de 2012."
}
],
"id": "CVE-2012-1071",
"lastModified": "2024-11-21T01:36:20.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T17:55:02.757",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78748"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47437"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/mv_cooking/0.4.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51825"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/mv_cooking/0.4.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72934"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC79A8A-0227-446D-A38E-AFB424522509",
"versionEndIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D954FE3D-B766-4D39-B0CA-31A24EDB362C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B002D-18FD-4C6A-97C0-AA9C83ABD382",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables."
}
],
"id": "CVE-2005-4875",
"lastModified": "2024-11-21T00:05:23.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.typo3.org/view.php?id=1250"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.typo3.org/view.php?id=1250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42457"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 22:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3667 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3667 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.1.14, versiones 4.2.x anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a 4.4.1, permite un Abuso de Spam en el elemento de contenido de forma nativa."
}
],
"id": "CVE-2010-3667",
"lastModified": "2024-11-21T01:19:20.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T22:15:10.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3667"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-14 19:20
Modified
2024-11-21 00:53
Severity ?
Summary
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | file_list_extension | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:file_list_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEA6B38-0A28-493C-AD0E-0FCBE47D992D",
"versionEndIncluding": "0.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n TYPO3 File List (file_list) v0.2.1 y versiones anteriores permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2008-5096",
"lastModified": "2024-11-21T00:53:16.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-14T19:20:54.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31262"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45258"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-27 17:30
Modified
2024-11-21 00:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/33256 | Vendor Advisory | |
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-20081222-3/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33256 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-20081222-3/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dennis_royer | dr_wiki | * | |
| dennis_royer | dr_wiki | 0.4 | |
| dennis_royer | dr_wiki | 0.5 | |
| dennis_royer | dr_wiki | 0.5.1 | |
| dennis_royer | dr_wiki | 0.5.2 | |
| dennis_royer | dr_wiki | 0.6 | |
| dennis_royer | dr_wiki | 0.6.1 | |
| dennis_royer | dr_wiki | 0.6.2 | |
| dennis_royer | dr_wiki | 0.7 | |
| dennis_royer | dr_wiki | 0.7.1 | |
| dennis_royer | dr_wiki | 0.7.2 | |
| dennis_royer | dr_wiki | 0.8 | |
| dennis_royer | dr_wiki | 0.8.1 | |
| dennis_royer | dr_wiki | 0.9 | |
| dennis_royer | dr_wiki | 0.9.1 | |
| dennis_royer | dr_wiki | 1.0.0 | |
| dennis_royer | dr_wiki | 1.0.1 | |
| dennis_royer | dr_wiki | 1.0.2 | |
| dennis_royer | dr_wiki | 1.1 | |
| dennis_royer | dr_wiki | 1.2 | |
| dennis_royer | dr_wiki | 1.3 | |
| dennis_royer | dr_wiki | 1.4.0 | |
| dennis_royer | dr_wiki | 1.4.1 | |
| dennis_royer | dr_wiki | 1.4.2 | |
| dennis_royer | dr_wiki | 1.4.3 | |
| dennis_royer | dr_wiki | 1.4.4 | |
| dennis_royer | dr_wiki | 1.4.5 | |
| dennis_royer | dr_wiki | 1.5.0 | |
| dennis_royer | dr_wiki | 1.5.1 | |
| dennis_royer | dr_wiki | 1.5.2 | |
| dennis_royer | dr_wiki | 1.5.3 | |
| dennis_royer | dr_wiki | 1.5.4 | |
| dennis_royer | dr_wiki | 1.5.5 | |
| dennis_royer | dr_wiki | 1.5.6 | |
| dennis_royer | dr_wiki | 1.6.0 | |
| dennis_royer | dr_wiki | 1.7.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87CCD79B-CD50-49AA-9F30-D2F6831FCC38",
"versionEndIncluding": "1.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "816996E9-858D-4AEB-B7EF-B816969AB31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCB930E-7BFA-4034-9CD3-81DFE247B8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F438694-740A-4FF0-9231-59982004281C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "106B30CE-3C1C-4493-B163-4533F74E907A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1CA68C-E2EB-46BF-9565-B36DF3B28363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B103A95-4D6B-4D71-B5D6-135C142762E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "665B4C21-91C0-4677-948D-B92B91D2DE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A2003A-F871-4214-9C19-0D143760D091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69FDAC26-474E-4B84-9383-183135E54F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1F82C0D-B861-41E2-9005-67BD426D7D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3E069B70-871F-4B2D-A6B5-0B08E5D8E68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "200181EB-FD48-4D52-ADF7-B04FC1F4E44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF4BA7B-0B35-4FA9-AAF6-8F2AE1A69ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDA8FD3-897B-4602-903F-781785FCC4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA9F0A8-2348-4748-A70F-2B41884BCB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6126F8-29F8-498F-87C4-120F10A3FFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD85315B-A801-47CB-AF83-F05E613CCBA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00AF053F-A640-4C7D-A3E8-37FC768747A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC88BE76-DAF0-48BB-A742-27D7AEC44580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64FF49D8-D2E3-44CB-B34B-BCF13B31AA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C02315A0-E9C4-48E1-8AE5-F77CAAAF71F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50A94F95-E788-4730-A500-3B5B7A4239B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79362D9A-25A2-45C9-A4FB-B51D15F46F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8035711-650E-4E4D-8BDB-2708424CEF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA48595-A128-4FB8-BBB3-84DD1EC700DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2374C955-5765-46CB-A47B-715832273BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A11DD69D-3C4F-4147-8317-C1852555A96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8094B4C9-B953-4524-B7D8-CF455E681521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10150F64-C83D-436E-ADB8-0FD27A6AB0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43722B4F-90F7-4BDB-A637-4B4B399653B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DACAECDE-1C76-45A6-9B4C-2B5591E6E270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5AEC0D3F-8A3D-4AA3-8B97-0DE50133A587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0BA60E-79F8-4904-8A9F-397438BB73BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDD04B2-A3AC-4B1A-9877-FE82EDC9322E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dennis_royer:dr_wiki:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8F572B-2350-4E9A-B2ED-057C547FBB1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n Dr Wiki (dr_wiki) v1.7.1 y anteriores para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no determinados."
}
],
"id": "CVE-2008-6346",
"lastModified": "2024-11-21T00:56:18.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-27T17:30:09.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33256"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 21:15
Modified
2024-11-21 07:03
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "CD542E1B-F3BA-4816-B97D-D877EFADA02D",
"versionEndExcluding": "8.7.47",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "83732441-A020-4401-A274-067B95354BB6",
"versionEndExcluding": "9.5.35",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "272C6A8B-94DB-4A74-BB3A-24CD0486DFA7",
"versionEndExcluding": "10.4.29",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772D645D-5158-416C-BF2C-74E5E43EF1DC",
"versionEndExcluding": "11.5.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto. En versiones anteriores a 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29 y 11.5.11, el m\u00f3dulo backend del Dise\u00f1ador de formularios de Form Framework es vulnerable a un ataque de tipo cross-site scripting. Es necesaria una cuenta de usuario backend v\u00e1lida con acceso al m\u00f3dulo de formularios para explotar esta vulnerabilidad. TYPO3 versiones 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29 y 11.5.11, contienen una correci\u00f3n para el problema"
}
],
"id": "CVE-2022-31048",
"lastModified": "2024-11-21T07:03:47.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T21:15:16.120",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-17 17:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D7489C-BBC7-4908-83E5-2EF1564AE355",
"versionEndExcluding": "8.7.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "747F57A7-EB7A-49C6-AF18-DDD45AC57138",
"versionEndExcluding": "9.5.12",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC015DE3-2712-4CBD-A5DE-2DD4F6BA774F",
"versionEndExcluding": "10.2.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en TYPO3 versiones anteriores a la versi\u00f3n 8.7.30, versiones 9.x anteriores a la versi\u00f3n 9.5.12 y versiones 10.x anteriores a la versi\u00f3n 10.2.2. Se ha descubierto que la extracci\u00f3n de archivos ZIP cargados manualmente en Extension Manager es vulnerable al salto de directorio. Privilegios de administrador son requeridos para explotar esta vulnerabilidad. (En versi\u00f3n v9 LTS y posteriores, tambi\u00e9n son requeridos privilegios de Mantenedor del Sistema)."
}
],
"id": "CVE-2019-19848",
"lastModified": "2024-11-21T04:35:31.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T17:15:17.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-23 17:59
Modified
2024-11-21 02:26
Severity ?
Summary
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "096ADAEC-A159-466C-BCD1-B12CFF5CF084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8074D252-259A-4D13-8CBF-A43EAB9DFA96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "26FB8879-0291-46B0-9C23-A7AC20700159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA1F149-3D43-4AA1-BC4A-00EF3C895993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9C937A92-045D-4767-8EB2-E8BBB466FA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "216C3E04-C772-4DF8-A0E0-11CFDC4E1DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60F86FA-B7D3-4BE5-82F2-05F2A5F5663D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "436C3A0C-CC01-483D-A188-6406CEE13796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB1BFC-B45C-4A2A-8F9B-1E593BCD4EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "027BCB88-BBFF-46DA-A59A-35412EBF3008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4947CFBF-BA7A-460E-B716-D3EA85E19290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA8B097-5588-4F05-A882-1167EEB71178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "98CB88EB-DED5-4875-A986-CB57C2092270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E906CAAC-2337-4C4C-A2CB-B1B430575A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C43E7D85-9570-40E0-83C3-5BB4B59340D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "098B2DC5-EC2A-4955-9CD0-FD26750971E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0B505B1B-A555-459A-964F-59E3B093D420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B83F54FE-B72E-4415-B29B-3D398E583AED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC1BD2-CB44-4C0F-8B87-6272AEEBDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D7129E4A-834D-4405-853B-89F1BD7965E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E80654F2-42D2-4E47-B069-126327B83C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "AABC3190-44FF-4F75-BBA6-CE9D1BAC4096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADA397D-D126-456C-BE3B-D129197CEA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7399A6-3078-458B-BF84-39081214BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D3E2-00DF-4F93-8978-24EAFAA6A916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.39:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B33260-D028-4D09-AAED-DF1004DB5930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "495B1280-1C65-45FE-B5C5-ED1BD7AF429F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6CE19A-3985-45AC-9DF5-64572AA9ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA8422F-5A4B-4696-AF31-F1128FCF482F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA625B3-16A2-436F-A63D-0B5200BAA955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "13FE26EF-79DC-4907-A593-414679AAE9B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value."
},
{
"lang": "es",
"value": "La extensi\u00f3n rsaauth en TYPO3 4.3.0 hasta 4.3.14, 4.4.0 hasta 4.4.15, 4.5.0 hasta 4.5.39, y 4.6.0 hasta 4.6.18, cuando est\u00e1 configurado para el frontend, permite a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de una contrase\u00f1a que est\u00e1 asignado a un valor vac\u00edo."
}
],
"id": "CVE-2015-2047",
"lastModified": "2024-11-21T02:26:39.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-23T17:59:03.667",
"references": [
{
"source": "security@debian.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2015/dsa-3164"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/4"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/8"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/72763"
},
{
"source": "security@debian.org",
"url": "http://www.securitytracker.com/id/1031824"
},
{
"source": "security@debian.org",
"url": "https://review.typo3.org/#/c/37013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/02/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.typo3.org/#/c/37013/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-17 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B02261C5-E11F-4D82-9609-CB1E54BDDF6D",
"versionEndIncluding": "1.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F114F8E-08DE-4C8A-A0F7-567A7A822E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9677B8-7E32-4020-845B-FD31B327491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC6F692-1F1E-4FB4-9EFA-57F0D0938256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9820C6-B4E6-4632-A6D4-D7EA093B1800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AEDCA4-5AC0-4970-99B4-9BE02C880AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "303CC902-BBDA-417C-90C5-6CC316ED2E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CDAD5-EE32-47C9-9A94-5FDA002C58BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2065E944-5F55-4ABF-A20E-F5D4CEED0F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6C13C053-62AD-4866-AA6E-B6E3862734FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F84BCD42-ACAC-47B7-BC11-162BDF37E5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAB0DA1-D646-41F9-9E49-EFB3E3D6753A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2A32130E-4799-41D3-8323-8B3B4B8B5453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC13061-9822-4399-A4A1-EBEED9742EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96CEE2A8-AC38-4581-B56C-399781D73A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0415B2-89B6-4D75-AD24-DD6152110D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C905E945-4195-448E-B2B6-8C7F9C3FABCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5897048-EE9A-4DB1-9802-27018E665A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFC2BB8-B4ED-4DC0-A391-7ACB2DD94E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "56CF73D1-AA5E-4A6C-95B8-3AD4FD7EC7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7FEED-4451-43DA-9811-E7F6AA589F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4670C29-5B52-4172-8AED-0AD01229778A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "384FD986-C33D-4A87-A0ED-8EE51AD5BEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6CF5F4-67D7-4495-B610-13959A10B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D7E4A4-5887-40B8-860E-91F102A24D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7055F350-0EE7-4DE7-8FB6-26A0F2D80224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414A1EC-ED36-4113-87EE-496D0CE6C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC9389-53A8-43D8-9D03-9DBBEA26065C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2597C92A-BE72-4246-B2E7-F7B316E6BECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D0154-08BF-42AB-B97C-C0485BD34E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE66F2-621A-4F9A-8D99-C5F96D2BC528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F32EE91-CF3B-495C-9AEB-CF5F7A49E55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D79D18B0-E52B-4A80-BA0D-664BE32A667B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83192D4F-A044-456E-968C-78FD3F8782B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "027479DC-5EA0-4BAE-8F45-DB8CD2E7DBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "29168B6A-3D80-4DC7-A69E-E069B1627A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "490C3558-53F7-401D-94D4-ABC5A2DCB18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6783329E-53C6-4FAC-A76A-CDB15C30EE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3D85EF2D-D597-4BF8-8D42-65DF495F5B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ED148E81-A7BF-4E80-9BA7-1A95D4192521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCFF6F8-1913-4095-BB33-F371EA162CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5C372F-D442-44EA-9B74-A724261F7347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8B22DF-AC72-4A1D-BAC8-41AA612EEEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6293BE50-CEC2-4564-B323-5518CB5F26A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "46449EDA-9CD5-4FFC-ACC3-AE23D4CC3758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C94B49F-3249-4FF7-8D71-EFB59EB0B69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CE2E63-4B3B-4F37-983E-084058BB012D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA972B4-3307-4A9C-9E9A-F4DCA04B3320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE015AC-7FF4-445A-9112-576ECA6131A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA35D7C-6EAA-4E57-B229-771FBAE2616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBAD78D-2EEA-4E84-A31D-A8DB9A4ED6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "129FBFD3-5DF3-4C03-8416-89C9295F7245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5696F1A2-1A78-43F0-B52A-13C4B1A9989F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6F4864-877C-4FBA-99F8-CA138E089B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFE7AC9-06A3-4BCC-96F4-F978DE2A12AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95ADBE-FB92-427A-9C12-6F4DB32AB7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0661B887-07D1-4C97-A810-747D34F1854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8D2162-DEBA-400A-9BF4-CE2D5C8E59AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BD48C215-3464-49B3-AB9B-FAC18A0D6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "90DAF9E4-959D-44C6-85A4-0F9124FDEC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A773CA49-4B9D-44AC-92A6-107514320987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4A774AE5-7A2E-460A-A8E4-FC3AEEFD1F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7D81F3-C67F-4326-BB7F-414D6ADDAFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C87E0-772E-4840-BC53-C7AF9D7B8DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECCDE1E-F3B4-4CD5-8C47-C29BC6C19686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7B1C99-CEA5-4128-B29B-AF8D71B492A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la extensi\u00f3n PowerMail antes de v1.6.5 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2012-5889",
"lastModified": "2024-11-21T01:45:26.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-17T21:55:01.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74461"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dirk_maiwert | datamints_newsticker | * | |
| dirk_maiwert | datamints_newsticker | 0.1.0 | |
| dirk_maiwert | datamints_newsticker | 0.4.0 | |
| dirk_maiwert | datamints_newsticker | 0.5.0 | |
| dirk_maiwert | datamints_newsticker | 0.6.0 | |
| dirk_maiwert | datamints_newsticker | 0.6.1 | |
| dirk_maiwert | datamints_newsticker | 0.6.2 | |
| dirk_maiwert | datamints_newsticker | 0.6.3 | |
| dirk_maiwert | datamints_newsticker | 0.7.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dirk_maiwert:datamints_newsticker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9008CF-3DF9-41A2-A972-0B1AD0B1C9D7",
"versionEndIncluding": "0.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dirk_maiwert:datamints_newsticker:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95941F0F-E1CA-4024-B73D-37A57901220C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dirk_maiwert:datamints_newsticker:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F9D25-CB75-45FD-905E-3322CC899E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dirk_maiwert:datamints_newsticker:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A021E9-D014-4507-930F-A57EB1C606E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dirk_maiwert:datamints_newsticker:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D36E34B-4607-42F4-A89E-C55BB5525D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dirk_maiwert:datamints_newsticker:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC8E164-9363-4FFE-82D2-EC4FA86FDAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dirk_maiwert:datamints_newsticker:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "552EAC75-1D6E-48B9-BF3E-635F93141651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dirk_maiwert:datamints_newsticker:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8BD321-7338-4495-BBC6-ED5411B792FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dirk_maiwert:datamints_newsticker:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDE5040-229F-4847-AFE9-92090888E70F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n datamints Newsticker (datamints_newsticker) en versiones anteriores a la 0.7.2 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4709",
"lastModified": "2024-11-21T01:10:16.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-15T21:30:00.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-31 11:30
Modified
2024-11-21 00:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | eluna_page_comments_extension | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:eluna_page_comments_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D2D353-0E6C-46F3-9259-C9EFC1419215",
"versionEndIncluding": "1.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en la extensi\u00f3n eluna Page Comments (eluna_pagecomments) v1.1.2 y anteriores en TYPO3, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-5795",
"lastModified": "2024-11-21T00:54:55.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-31T11:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32638"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32228"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46467"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| daniel_ptzinger | danp_documentdirs | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:daniel_ptzinger:danp_documentdirs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A536E9-8D26-4889-97F2-03A516EB5491",
"versionEndIncluding": "1.10.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Document Directorys (danp_documentdirs) v1.10.7 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQl de forma arbitraria a trav\u00e9s de vectores inespec\u00edficos."
}
],
"id": "CVE-2009-4393",
"lastModified": "2024-11-21T01:09:32.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-22T23:30:00.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-04 21:59
Modified
2024-11-21 02:21
Severity ?
Summary
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC1BD2-CB44-4C0F-8B87-6272AEEBDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D7129E4A-834D-4405-853B-89F1BD7965E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E80654F2-42D2-4E47-B069-126327B83C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "AABC3190-44FF-4F75-BBA6-CE9D1BAC4096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADA397D-D126-456C-BE3B-D129197CEA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7399A6-3078-458B-BF84-39081214BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D3E2-00DF-4F93-8978-24EAFAA6A916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "495B1280-1C65-45FE-B5C5-ED1BD7AF429F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6CE19A-3985-45AC-9DF5-64572AA9ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA8422F-5A4B-4696-AF31-F1128FCF482F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA625B3-16A2-436F-A63D-0B5200BAA955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "13FE26EF-79DC-4907-A593-414679AAE9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B6650206-8DD5-4D05-BBD2-15A12842117B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9712BC-E1C2-46AF-8111-DE5523DFF3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "17025DCC-2685-4EC4-BD0B-34F768181A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC167D-7CD8-42B1-AD3B-B6534BB8203E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7ACA06-C0C1-4EEA-A629-C453C97660A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C444E62-897D-4C7A-AEC6-C5728166A11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF13769-3F5A-4766-A8DA-8B939CB1AB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFFF68DC-AFBB-4055-83AF-BAFE9C68FBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F0FB1F-45D1-49A8-8882-393B16E6AA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A51F600B-F3BB-4C8A-8188-3F5E4D59114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC254112-3695-422E-BD5B-B5E65F61B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC7DF87-E8E8-4333-8549-5607328399BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors."
},
{
"lang": "es",
"value": "El componente frontend rendering en TYPO3 4.5.x anterior a 4.5.39, 4.6.x hasta 6.2.x anterior a 6.2.9, y 7.x anterior a 7.0.2, cuando config.prefixLocalAnchors est\u00e1 configurado y utiliza una p\u00e1gina web con v\u00ednculos que solamente contienen anclas, permite a atacantes remotos cambiar URLs a dominios arbitrarios para estos v\u00ednculos a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2014-9508",
"lastModified": "2024-11-21T02:21:03.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-04T21:59:05.887",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| robert_puntigam | aba_watchdog | * | |
| robert_puntigam | aba_watchdog | 2.0.0 | |
| robert_puntigam | aba_watchdog | 2.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:robert_puntigam:aba_watchdog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4606200-A121-449D-9762-E18C906B2D5B",
"versionEndIncluding": "2.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_puntigam:aba_watchdog:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C433F9BD-CF0A-4300-B554-217F6483EFFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:robert_puntigam:aba_watchdog:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9674537D-77FB-4F21-8D6F-213A7295BAFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad inespec\u00edfica en la extensi\u00f3n Watchdog (aba_watchdog) v2.0.2 y anteriores para TYPO3 permite a atacantes remotos conseguir informaci\u00f3n a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2009-4389",
"lastModified": "2024-11-21T01:09:31.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-22T23:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37770"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-20 14:55
Modified
2024-11-21 01:55
Severity ?
Summary
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250."
},
{
"lang": "es",
"value": "File Abstraction Layer (FAL) en TYPO3 6.0.x anterior a 6.0.8 y 6.1.x anterior a 6.1.4 permite a editores remotos autenticados ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de caracteres no especificados en la extensi\u00f3n de archivo cuando renombran un archivo. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2013-4250."
}
],
"id": "CVE-2013-4321",
"lastModified": "2024-11-21T01:55:21.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-20T14:55:04.270",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-13 18:15
Modified
2024-11-21 07:12
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B428B4CD-4699-4E84-9002-29442DCE5250",
"versionEndIncluding": "10.4.31",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE54B85D-5F45-4346-A2E0-8204831AA225",
"versionEndIncluding": "11.5.15",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP y publicado bajo la licencia GNU GPL. Se ha detectado que nunca ha sido evaluado el tiempo de caducidad de un enlace de restablecimiento de contrase\u00f1a para usuarios del backend de TYPO3. Como resultado, un enlace de restablecimiento de contrase\u00f1a podr\u00eda ser usado para llevar a cabo un restablecimiento de contrase\u00f1a, incluso si el tiempo de caducidad por defecto de dos horas ha sido superado. Actualice a TYPO3 versiones 10.4.32 o 11.5.16 que corrigen el problema. No se presentan mitigaciones conocidas para este problema"
}
],
"id": "CVE-2022-36106",
"lastModified": "2024-11-21T07:12:24.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T18:15:15.130",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 00:11
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | econda_plugin | * | |
| typo3 | econda_plugin | 0.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:econda_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D64A6E-89FD-4409-861A-9919E1D78202",
"versionEndIncluding": "0.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:econda_plugin:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB02C14D-107B-4CCD-AF9A-1DA1C4A83206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Plugin Econda (econda) v0.0.2 y anteriores para TYPO3; permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4657",
"lastModified": "2024-11-21T00:52:12.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T00:11:51.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/econda/0.0.4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31841"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/econda/0.0.4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-01 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.5.19 | |
| typo3 | typo3 | 4.5.20 | |
| typo3 | typo3 | 4.6 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.6.8 | |
| typo3 | typo3 | 4.6.9 | |
| typo3 | typo3 | 4.6.10 | |
| typo3 | typo3 | 4.6.11 | |
| typo3 | typo3 | 4.6.12 | |
| typo3 | typo3 | 4.6.13 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 | |
| typo3 | typo3 | 4.7.4 | |
| typo3 | typo3 | 4.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en el m\u00f3dulo BackEnd History en TYPO3 4.5.x anterior a 4.5.21, 4.6.x anterior a 4.6.14, y 4.7.x anterior a 4.7.6, permite a usuarios del backend autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-6145",
"lastModified": "2024-11-21T01:45:54.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-01T21:55:01.673",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/87116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79965"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-31 11:30
Modified
2024-11-21 00:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | wir_ber_uns_extension | * | |
| typo3 | wir_ber_uns_extension | 0.0.23 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:wir_ber_uns_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7374B2D1-DECA-4A21-93B4-3EBA7E112536",
"versionEndIncluding": "0.0.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wir_ber_uns_extension:0.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1462DE-BBEF-433A-82B0-B0CAFD0B1BD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en la extensi\u00f3n Wir ber uns [sic] (fsmi_people) v0.0.24 y anteriores, en TYPO3, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-5799",
"lastModified": "2024-11-21T00:54:55.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-31T11:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32237"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 22:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3663 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3663 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.1.14, versiones 4.2.x anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3n 4.4.1, contiene un valor predeterminado no seguro de la variable fileDenyPattern lo que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario en el backend ."
}
],
"id": "CVE-2010-3663",
"lastModified": "2024-11-21T01:19:20.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T22:15:10.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3663"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-04 20:55
Modified
2024-11-21 01:37
Severity ?
Summary
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.4.0 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 | |
| typo3 | typo3 | 4.4.5 | |
| typo3 | typo3 | 4.4.6 | |
| typo3 | typo3 | 4.4.7 | |
| typo3 | typo3 | 4.4.8 | |
| typo3 | typo3 | 4.4.9 | |
| typo3 | typo3 | 4.4.10 | |
| typo3 | typo3 | 4.4.11 | |
| typo3 | typo3 | 4.4.12 | |
| typo3 | typo3 | 4.4.13 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60F86FA-B7D3-4BE5-82F2-05F2A5F5663D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "436C3A0C-CC01-483D-A188-6406CEE13796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB1BFC-B45C-4A2A-8F9B-1E593BCD4EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "027BCB88-BBFF-46DA-A59A-35412EBF3008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4947CFBF-BA7A-460E-B716-D3EA85E19290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA8B097-5588-4F05-A882-1167EEB71178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "98CB88EB-DED5-4875-A986-CB57C2092270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E906CAAC-2337-4C4C-A2CB-B1B430575A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C43E7D85-9570-40E0-83C3-5BB4B59340D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "098B2DC5-EC2A-4955-9CD0-FD26750971E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters."
},
{
"lang": "es",
"value": "El t3lib_div::RemoveXSS API m\u00e9todo en TYPO3 v4.4.0 a trav\u00e9s de v4.4.13, v4.5.0 a trav\u00e9s de v4.5.13, v4.6.0 a trav\u00e9s de v4.6.6, 4.7, y 6.0, permite a atacantes remotos evitar la ejecuci\u00f3n de comandos en sitios cruzados (XSS) mecanismo de protecci\u00f3n e inyectar secuencias de comandos web o HTML a trav\u00e9s de caracteres no imprimibles."
}
],
"id": "CVE-2012-1608",
"lastModified": "2024-11-21T01:37:17.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-04T20:55:01.357",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48647"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/80762"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/80762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52771"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-23 14:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joachim_ruhs | flat_manager | * | |
| joachim_ruhs | flat_manager | 1.4.0 | |
| joachim_ruhs | flat_manager | 1.5.0 | |
| joachim_ruhs | flat_manager | 1.6.0 | |
| joachim_ruhs | flat_manager | 1.6.2 | |
| joachim_ruhs | flat_manager | 1.7.0 | |
| joachim_ruhs | flat_manager | 1.7.1 | |
| joachim_ruhs | flat_manager | 1.7.2 | |
| joachim_ruhs | flat_manager | 1.8.0 | |
| joachim_ruhs | flat_manager | 1.8.6 | |
| joachim_ruhs | flat_manager | 1.8.8 | |
| joachim_ruhs | flat_manager | 1.8.9 | |
| joachim_ruhs | flat_manager | 1.9.0 | |
| joachim_ruhs | flat_manager | 1.9.1 | |
| joachim_ruhs | flat_manager | 1.9.2 | |
| joachim_ruhs | flat_manager | 1.9.3 | |
| joachim_ruhs | flat_manager | 1.9.4 | |
| joachim_ruhs | flat_manager | 1.9.7 | |
| joachim_ruhs | flat_manager | 1.9.8 | |
| joachim_ruhs | flat_manager | 1.9.9 | |
| joachim_ruhs | flat_manager | 1.9.10 | |
| joachim_ruhs | flat_manager | 1.9.12 | |
| joachim_ruhs | flat_manager | 1.9.14 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD73AD9-F115-44E8-975D-84DAB82AC886",
"versionEndIncluding": "1.9.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "858948C9-004E-4243-A013-0E0628EA79B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC869708-9294-46F5-A58F-2430CAEF7E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22DD8687-9EB8-4A21-8BC0-51E7BE43BA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2EC379-7D42-4D5A-A50A-5B9A530B6933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E78CB4-13B8-4AE8-BBAF-F0ACDEF0B427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA011CDC-194F-4BDC-9AB4-1E16E9373C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CFFFF3-767C-4048-879E-66D407FD0BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5089D96-15B7-4BA1-9D9F-98C1A2209647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6467F95A-B10C-4379-B625-236C9BFFAC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "765392CA-1725-4E11-81F0-63116A1E070A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C0C899-5D2B-4A6C-ABF7-4D8248328B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDF3FEE-29DD-4C58-B453-44595E72E676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B073A0B6-F6C5-41D4-800B-3D495484077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50247F59-6580-40BC-810C-84DB0A74C78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E4016B-FB09-4343-B910-82962DAB3AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22BC45B6-56E7-446D-8C8B-AC0D5CFFEA7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3952E8A6-8800-49A1-B9D0-427C46EDB101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DB227436-90DF-4E47-AB0E-44953775D7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9E6E7B-408F-4D06-8578-74913D5FA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "19ADDD0A-3263-497B-9D1B-456CD15C6DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36CB96A4-1EE5-49ED-B521-A75ABB802710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joachim_ruhs:flat_manager:1.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7C734703-7EBF-445D-83F3-BEAB6C22CCAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Flat Manager (flatmgr) anterior a v1.9.16 de TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4802",
"lastModified": "2024-11-21T01:10:29.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-23T14:30:00.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34158"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/flatmgr/1.9.16/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33998"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hans_olthoff | alternet_csa_out | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hans_olthoff:alternet_csa_out:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00000C34-E7B8-4BF4-85FA-C33C1C654511",
"versionEndIncluding": "0.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n ClickStream Analyzer [output] (alternet_csa_out) v0.3.0 y anteriores para TYPO3, permite a atacantes remotos obtener informaci\u00f3n sensible mediante vectores desconocidos."
}
],
"id": "CVE-2009-4951",
"lastModified": "2024-11-21T01:10:50.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-22T18:30:02.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-17 01:30
Modified
2024-11-21 00:54
Severity ?
Summary
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | commerce_extension | * | |
| typo3 | commerce_extension | 0.8.32 | |
| typo3 | commerce_extension | 0.8.35 | |
| typo3 | commerce_extension | 0.9.0 | |
| typo3 | commerce_extension | 0.9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BD4059-03F2-47DC-953B-0208B5B2C10D",
"versionEndIncluding": "0.9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.8.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C51C314A-C313-455A-928D-C97E94440714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.8.35:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0ADEE1-4140-41FF-B78B-E24021810E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A18B8F33-2E7A-41A0-955B-96E20E8D85A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:commerce_extension:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6856341-7D9C-4147-AF64-192CBD0C849B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Commerce extensi\u00f3n 0.9.6 y versiones anteriores para TYPO3, permite a los atacante remotos ejecutar arbitrariamente comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-5609",
"lastModified": "2024-11-21T00:54:27.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-17T01:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/commerce/0.9.7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/commerce/0.9.7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juergen_furrer | jftcaforms | 0.0.1 | |
| juergen_furrer | jftcaforms | 0.0.2 | |
| juergen_furrer | jftcaforms | 0.1.0 | |
| juergen_furrer | jftcaforms | 0.1.1 | |
| juergen_furrer | jftcaforms | 0.2.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juergen_furrer:jftcaforms:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE14000-28FF-4FE5-A26D-DBA494C32304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juergen_furrer:jftcaforms:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56A446CF-A923-4FE1-A2D3-3CD89A3074C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juergen_furrer:jftcaforms:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C28159-F755-4D39-A649-5F7F2BECEA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juergen_furrer:jftcaforms:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "277D6174-8DF6-447C-BD24-9EBE552ABA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juergen_furrer:jftcaforms:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7A7C3F-2042-4A55-B620-AAF04183340F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en lib/class.tx_jftcaforms_tceFunc.php en la extensi\u00f3n Additional TCA Forms (jftcaforms) v0.2.1 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-5080",
"lastModified": "2024-11-21T01:33:35.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:02.023",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637\u0026rev_to=51568"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78800"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forge.typo3.org/projects/extension-jftcaforms/repository/diff?rev=51637\u0026rev_to=51568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51854"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 20:15
Modified
2024-11-21 05:48
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-ext-sa-2021-007 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-ext-sa-2021-007 | Exploit, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17B07B8B-EBB9-4966-B743-365B32FC31E2",
"versionEndExcluding": "7.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E99F1CE2-72CE-40CE-8FBD-678346EE0C1D",
"versionEndExcluding": "8.0.8",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C887BFE4-14C9-478A-9889-AD83FA34DCDB",
"versionEndExcluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85B9F508-0633-40AC-BA40-0A48B7B0DB81",
"versionEndExcluding": "9.1.3",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF391E6-82CF-410E-AA25-C83A833DAFF2",
"versionEndExcluding": "10.0.10",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD19514-12D5-4CE5-A26A-3DC13432E692",
"versionEndExcluding": "11.0.3",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/."
},
{
"lang": "es",
"value": "Bootstrap Package es un tema para TYPO3.\u0026#xa0;Se ha descubierto que la renderizaci\u00f3n de contenido en la interfaz del sitio web es vulnerable a ataques de tipo cross-site scripting.\u0026#xa0;Es necesario una cuenta de usuario de backend v\u00e1lida para explotar esta vulnerabilidad.\u0026#xa0;Los usuarios de la extensi\u00f3n que hayan sobrescrito las plantillas afectadas con c\u00f3digo personalizado deben aplicar manualmente la correcci\u00f3n de seguridad.\u0026#xa0;Actualiza a versiones 7.1.2, 8.0.8, 9.1.4, 10.0.10 o 11.0.3 del paquete Bootstrap que corrige el problema descrito.\u0026#xa0;La versi\u00f3n actualizada est\u00e1 disponible en el administrador de extensiones TYPO3, Packagist y en https://extensions.typo3.org/extension/download/bootstrap_package/"
}
],
"id": "CVE-2021-21365",
"lastModified": "2024-11-21T05:48:12.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T20:15:08.713",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-007"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 23:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3668 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3668 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.1.14, versiones 4.2.x anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3n 4.4.1, permite una Inyecci\u00f3n de Encabezado en la funcionalidad de descarga segura jumpurl."
}
],
"id": "CVE-2010-3668",
"lastModified": "2024-11-21T01:19:20.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T23:15:10.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3668"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2024-11-21 02:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/21/1 | Mailing List | |
| cve@mitre.org | https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/ | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/21/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 6.2 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.1 | |
| typo3 | typo3 | 6.2.2 | |
| typo3 | typo3 | 6.2.3 | |
| typo3 | typo3 | 6.2.4 | |
| typo3 | typo3 | 6.2.5 | |
| typo3 | typo3 | 6.2.6 | |
| typo3 | typo3 | 6.2.7 | |
| typo3 | typo3 | 6.2.8 | |
| typo3 | typo3 | 6.2.9 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.11 | |
| typo3 | typo3 | 6.2.12 | |
| typo3 | typo3 | 6.2.13 | |
| typo3 | typo3 | 6.2.14 | |
| typo3 | typo3 | 6.2.15 | |
| typo3 | typo3 | 6.2.16 | |
| typo3 | typo3 | 6.2.17 | |
| typo3 | typo3 | 6.2.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "29602159-5C1E-4C5A-9E4C-F3183D3EA8A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52CC6148-48F9-4532-96D3-8C6D82B8B815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E501EDED-B7DC-4D00-9DAF-862BC8C14C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F67C62FD-A683-43F3-BF0E-D368617B194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8CCC09EC-CB2C-466A-BD71-4DD2C34288B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82F45E35-4731-4527-861F-3999ABED94B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "FC154041-5B1B-484C-8EF8-9EBC73A9FF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36E925BE-8D4F-49FE-90EF-68C1DE776107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DA0AF154-CC16-4536-B120-A9040CE92394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "313D0192-8849-4DA1-820E-28E2FC4E37C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "265DCFF8-2EC5-49EA-8D06-1956F3109F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D8FB68B-E4E8-4501-94F6-2922781D8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEAA4-B0D8-4B5B-8958-173245F55134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E806A38-C603-4916-93E2-FE43062B09C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB5B78-0AD1-4259-8537-058D888B30B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7E6FD-99D0-4F48-B5DF-0EFD4C05079D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21217A49-637C-4F60-B8F8-8699E71D6BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECD9604-F523-4BA0-A49F-5EF80A478263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CF3415-EA27-4AEF-AFDB-395ED8F9E009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E428C4A9-0FEB-4501-936A-9FB439D0E4AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el componente Backend en TYPO3 6.2.x en versiones anteriores a 6.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de el par\u00e1metro module cuando crea un marcador."
}
],
"id": "CVE-2016-4056",
"lastModified": "2024-11-21T02:51:15.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:01.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/21/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-09 15:15
Modified
2024-11-21 04:23
Severity ?
Summary
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0971BEDC-79F2-4E41-A6DE-A11498282A9B",
"versionEndIncluding": "8.7.26",
"versionStartIncluding": "8.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9172C36-5F3A-4180-9C8B-C60B882F4499",
"versionEndIncluding": "9.5.7",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data."
},
{
"lang": "es",
"value": "TYPO3 versiones 8.x hasta 8.7.26 y versiones 9.x hasta 9.5.7, permite la Deserializaci\u00f3n de Datos No Seguros."
}
],
"id": "CVE-2019-12747",
"lastModified": "2024-11-21T04:23:29.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-09T15:15:10.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fr.simon_rundell | pd_resources | * | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:pd_resources:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F81638F8-A73C-4CBD-9606-3CB167C52E22",
"versionEndIncluding": "0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL de la extensi\u00f3n Diocese of Portsmouth Resources Database (pd_resources) v0.1.1 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4396",
"lastModified": "2024-11-21T01:09:32.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-22T23:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-07 19:15
Modified
2024-11-21 07:48
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A441EE-3A04-499B-AEA3-E5869BC418DF",
"versionEndExcluding": "9.7.51",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D02B4E-9050-4C4E-ABE5-00E8662145E1",
"versionEndExcluding": "9.5.40",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF24F98-DCD1-442F-98DB-B0DE64AC2556",
"versionEndExcluding": "10.4.36",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E225EC3-5236-450C-9655-AE920702AAA7",
"versionEndExcluding": "11.5.23",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3B9E03-7D04-4A74-8FE0-200097544319",
"versionEndExcluding": "12.2.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv(\u0027SCRIPT_NAME\u0027)` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation."
}
],
"id": "CVE-2023-24814",
"lastModified": "2024-11-21T07:48:26.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-07T19:15:09.473",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-001"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-psa-2023-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-psa-2023-001"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 00:15
Modified
2024-11-21 04:56
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "039BA16C-73B6-4752-A92D-B2980B2C3226",
"versionEndIncluding": "9.5.16",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C71BE201-8A33-4586-9943-3523546CA40F",
"versionEndIncluding": "10.4.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims\u0027 user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it\u0027s actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones 9.0.0 hasta 9.5.16 y versiones 10.0.0 hasta 10.4.1, se detect\u00f3 que la interfaz de usuario del backend y la herramienta de instalaci\u00f3n son vulnerables a un ataque de tipo same-site request forgery. Un usuario del backend puede ser enga\u00f1ado para que interact\u00fae con un recurso malicioso que un atacante administr\u00f3 previamente para cargarlo en el servidor web. Los scripts son luego ejecutados con los privilegios de la sesi\u00f3n de usuario de las v\u00edctimas. En un escenario del peor de los casos, nuevos usuarios administradores pueden ser creados, lo que pueden ser usado directamente por un atacante. La vulnerabilidad es b\u00e1sicamente una de tipo cross-site request forgery (CSRF) activada por una vulnerabilidad de tipo cross-site scripting (XSS), pero se presenta en el mismo host de destino, por lo que en realidad es una vulnerabilidad de tipo same-site request forgery. Una carga maliciosa, como HTML que contiene JavaScript, puede ser proporcionada por un usuario del backend autenticado o por un usuario no autenticado que use una extensi\u00f3n de terceros, por ejemplo, una carga de archivos en un formulario de contacto con el conocimiento de la ubicaci\u00f3n de destino. Para tener \u00e9xito, la v\u00edctima atacada requiere una sesi\u00f3n de usuario del backend o la herramienta de instalaci\u00f3n activa y v\u00e1lida al momento del ataque. Esto ha sido corregido en las versiones 9.5.17 y 10.4.2. El despliegue de t\u00e9cnicas de mitigaci\u00f3n adicionales se sugiere como se describe a continuaci\u00f3n. - Sudo Mode Extension, esta extensi\u00f3n de TYPO3 intercepta modificaciones en las tablas de bases de datos relevantes para la seguridad, por ejemplo, aquellas que almacenan cuentas de usuario o almacenamientos de la capa de abstracci\u00f3n de archivos. Las modificaciones necesitan ser confirmadas nuevamente por el usuario activo que proporcione su contrase\u00f1a nuevamente. Esta t\u00e9cnica se conoce como modo sudo. De esta manera, pueden ser mitigadas las acciones no previstas que suceden en segundo plano. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies le dice a los navegadores (modernos) c\u00f3mo se manejan los recursos que sirven a un sitio en particular. Tambi\u00e9n es posible rechazar ejecuciones de script para ubicaciones espec\u00edficas. En un contexto TYPO3, se sugiere no permitir la ejecuci\u00f3n directa de scripts al menos para las ubicaciones /fileadmin/ y /uploads/."
}
],
"id": "CVE-2020-11069",
"lastModified": "2024-11-21T04:56:43.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T00:15:11.493",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
},
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fr.simon_rundell | ste_prayer2 | * | |
| fr.simon_rundell | ste_prayer2 | 0.0.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:ste_prayer2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A132EEAE-48E8-46A6-9D53-B7B98215E738",
"versionEndIncluding": "0.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fr.simon_rundell:ste_prayer2:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8021678-5C27-435B-AF46-3170791C818C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extension Random Prayer 2 (ste_prayer2) v0.0.3 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4394",
"lastModified": "2024-11-21T01:09:32.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-22T23:30:00.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-31 11:30
Modified
2024-11-21 00:54
Severity ?
Summary
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | cms_poll_system_extension | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:cms_poll_system_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E816F541-8DD3-4337-95AE-4BFBCA5226FC",
"versionEndIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n CMS Poll system (cms_poll) anterior a v0.1.1 en TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2008-5798",
"lastModified": "2024-11-21T00:54:55.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-31T11:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32231"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46470"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juralsulek | realurlmanagement | * | |
| juralsulek | realurlmanagement | 0.1.0 | |
| juralsulek | realurlmanagement | 0.2.0 | |
| juralsulek | realurlmanagement | 0.2.1 | |
| juralsulek | realurlmanagement | 0.2.2 | |
| juralsulek | realurlmanagement | 0.2.3 | |
| juralsulek | realurlmanagement | 0.3.0 | |
| juralsulek | realurlmanagement | 0.3.2 | |
| juralsulek | realurlmanagement | 0.3.3 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juralsulek:realurlmanagement:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D06B55AE-A088-42E8-AA6B-9CC02BA8C497",
"versionEndIncluding": "0.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juralsulek:realurlmanagement:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD1CC74-18FB-4671-8C3C-433C1BDF76DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juralsulek:realurlmanagement:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A1B080-6C24-4CA1-A68D-E4AE2801B235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juralsulek:realurlmanagement:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7CA9C5-0E42-4059-8818-409D5BB4F617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juralsulek:realurlmanagement:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3722D6-A9E8-47D4-858F-8F9D42E8AF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juralsulek:realurlmanagement:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FC2823-7EBA-4EF0-BFA9-D2133E60504B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juralsulek:realurlmanagement:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "135CC504-FBE3-4D5B-AFAA-A5E376B121B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juralsulek:realurlmanagement:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78FC382A-5E0E-4B08-BECC-8C4A9F469F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juralsulek:realurlmanagement:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8FAAD3E-6D27-4A32-98E9-CDA118C86256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en la extensi\u00f3n RealURL Management (realurlmanagement) v0.3.4 y anteriores para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos."
}
],
"id": "CVE-2013-5308",
"lastModified": "2024-11-21T01:57:16.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-16T17:55:09.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95958"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61654"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86237"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.6 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.6.8 | |
| typo3 | typo3 | 4.6.9 | |
| typo3 | typo3 | 4.6.10 | |
| typo3 | typo3 | 4.6.11 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.5.x anterior a v4.5.19, v4.6.x before v4.6.12 y v4.7.x anterior a v4.7.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-3528",
"lastModified": "2024-11-21T01:41:04.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:01.990",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/84771"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50287"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/84771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77792"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-16 17:30
Modified
2024-11-21 00:55
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | wec_discussion_forum | * | |
| typo3 | wec_discussion_forum | 1.6 | |
| typo3 | wec_discussion_forum | 1.6.0 | |
| typo3 | wec_discussion_forum | 1.6.1 | |
| typo3 | wec_discussion_forum | 1.6.2 | |
| typo3 | wec_discussion_forum | 1.6.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F97572-8AEB-4305-8E8C-20BD06DF194A",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A7F726-590B-4712-9D54-734C1947C83F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B49C4FCF-8B78-40A2-A602-B02B295CB9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30AA59A8-CC5F-445F-8BEC-E2BD9876DB42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "745ACFB9-3386-4BE4-8CB5-4EABC90C3E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:wec_discussion_forum:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "270CBE3E-B87C-4047-B850-8A7F91514222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en WEC Discussion Forum (wec_discussion) extensi\u00f3n 1.7.0 y anteriores para TYPO3 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s de vectores no especificados. Se trata de una vulnerabilidad diferente a la CVE-2008-3029."
}
],
"id": "CVE-2008-6144",
"lastModified": "2024-11-21T00:55:47.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-16T17:30:04.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33254"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3502"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| daniel_regelein | dr_blob | 2.1.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:daniel_regelein:dr_blob:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C874FE1-FC80-47D2-BB5D-7490A1811E1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n File list (dr_blob) v2.1.1 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4391",
"lastModified": "2024-11-21T01:09:31.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-22T23:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 10:55
Modified
2024-11-21 01:21
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| peter_proell | * | ||
| peter_proell | 1.0.0 | ||
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:peter_proell:xing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F45C8F16-8B38-470A-8343-08F5E4945895",
"versionEndIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:peter_proell:xing:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA600CE0-3088-43FC-BE19-513CF3C7087C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en la extensi\u00f3n XING Button (xing) anteriores a v1.0.2 para TYPO3, permite a atacantes remotos ejecutar secuencias de comandos web y HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-4885",
"lastModified": "2024-11-21T01:21:59.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-07T10:55:09.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41269"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/xing/1.0.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/xing/1.0.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42937"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-02 18:30
Modified
2024-11-21 01:15
Severity ?
Summary
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mario_matzulla | cal | * | |
| mario_matzulla | cal | 0.9.0 | |
| mario_matzulla | cal | 0.10.0 | |
| mario_matzulla | cal | 0.11.0 | |
| mario_matzulla | cal | 0.12.0 | |
| mario_matzulla | cal | 0.12.1 | |
| mario_matzulla | cal | 0.13.0 | |
| mario_matzulla | cal | 0.13.1 | |
| mario_matzulla | cal | 0.14.0 | |
| mario_matzulla | cal | 0.14.1 | |
| mario_matzulla | cal | 0.15.0 | |
| mario_matzulla | cal | 0.15.1 | |
| mario_matzulla | cal | 0.15.2 | |
| mario_matzulla | cal | 0.15.3 | |
| mario_matzulla | cal | 0.15.4 | |
| mario_matzulla | cal | 0.15.5 | |
| mario_matzulla | cal | 0.16.0 | |
| mario_matzulla | cal | 0.16.1 | |
| mario_matzulla | cal | 0.16.2 | |
| mario_matzulla | cal | 0.16.3 | |
| mario_matzulla | cal | 0.16.4 | |
| mario_matzulla | cal | 0.16.5 | |
| mario_matzulla | cal | 0.16.6 | |
| mario_matzulla | cal | 0.17.0 | |
| mario_matzulla | cal | 0.17.1 | |
| mario_matzulla | cal | 0.17.2 | |
| mario_matzulla | cal | 0.17.3 | |
| mario_matzulla | cal | 1.0.0 | |
| mario_matzulla | cal | 1.1.0 | |
| mario_matzulla | cal | 1.2.0 | |
| mario_matzulla | cal | 1.2.1 | |
| mario_matzulla | cal | 1.3.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FE329F-2805-4352-AF14-B3CFECE67E13",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4065A72-7533-4D8E-ACF9-5604706CB208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB64C964-7C36-4F3C-9AF8-BD334E413A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DADC4C4B-FB4A-4BA1-B927-EBE80D83F728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6438AC43-A012-49A3-957D-1507233683CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C62589A9-8178-4B77-8DC3-251980AF6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9D28D1-7B3B-4379-805A-5C639CD0131C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC61BC22-0861-4487-8207-31D82446D4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45E04442-9642-4EE7-A176-CB5CF9872423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2318FB-9E09-499B-8B52-E88B4C6B5858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA60C05C-5A2C-487D-9452-0C1DB3D40033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84B10B5C-7344-4D9B-BB1D-2A60D37FABC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D47ADD6D-82C4-480B-8512-8D3C4CE07F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D19BFBE7-2B1F-4A89-BB24-4B30F7D1DE49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDC0D06-CFE3-437D-8CFA-43F3E860A177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A455FB8-393C-45D6-8F2A-55B617B2C7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE46693-11CD-48B4-9AEA-D2C00B3AD84E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E779D12-C8A1-44BB-AE0E-3B857EB36DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2548806-B98F-4FA1-826F-E0B036480283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000AA929-221D-4DD5-B9DD-9F27A0E9E53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49A81DDC-8D35-491E-9D37-1C1A93B90B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6811A792-031A-4DD2-A549-C16FE21FCFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62A097C2-2480-4CEF-BDA1-85C0FF918797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9522502-A801-45BB-8FFD-10C08537F4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "116E514B-4DD6-42D8-BB25-55D66DD6474B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC1A4BB-F427-4F23-90D5-90B19BB8014C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A9841A-65CF-4AF8-8465-87D543C3E14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "530F6FFB-2B29-458B-9EA2-44C47C026EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C569E8A-4285-485C-9C94-BAE3CB552E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "424322B5-D8B5-42C7-AE29-8597DE1D4384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6D119B-8AB7-4B97-B13B-954FEEF5835F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mario_matzulla:cal:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D69B1E7-73BB-4FF9-8F7F-0A1B592DF96E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Calendar Base (cal) anterior a v1.3.2 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de datos iCalendar."
}
],
"id": "CVE-2010-2131",
"lastModified": "2024-11-21T01:15:58.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-02T18:30:01.007",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62668"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38745"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.3.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/cal/1.3.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38493"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| frank_naegler | timtab_sociable | * | |
| frank_naegler | timtab_sociable | 2.0.0 | |
| frank_naegler | timtab_sociable | 2.0.1 | |
| frank_naegler | timtab_sociable | 2.0.2 | |
| frank_naegler | timtab_sociable | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frank_naegler:timtab_sociable:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A642EE2-80B2-483E-B586-211C5AD7B01B",
"versionEndIncluding": "2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frank_naegler:timtab_sociable:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A64B33F7-377F-4181-9183-960920B41320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frank_naegler:timtab_sociable:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "556D5D10-5854-4721-82FE-F1B729627123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frank_naegler:timtab_sociable:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0988A2-37CC-47F3-A42E-A55F83897A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frank_naegler:timtab_sociable:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F52F7C98-E5A2-44C4-B315-7FC61D38B39B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en TIMTAB social bookmark icons (timtab_sociable) v2.0.4 y anteriores (extensi\u00f3n para TYPO3) permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6695",
"lastModified": "2024-11-21T00:57:13.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46392"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30737"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29823"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| diocese_of_portsmouth | pd_calendar_today | 0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:diocese_of_portsmouth:pd_calendar_today:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4256AB-F54A-4D90-95A3-B992E5586E74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Diocese of Portsmouth Calendar Today (pd_calendar_today) extensi\u00f3n v0.0.3 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6691",
"lastModified": "2024-11-21T00:57:12.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46388"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30737"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29819"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43206"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:majordomo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3268FE6-1EE9-4072-912C-4634B6A59F7B",
"versionEndIncluding": "1.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados en la extensi\u00f3n de TYPO3 \"Majordomo\" v1.1.3 y anteriores permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0345",
"lastModified": "2024-11-21T01:12:01.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-15T19:30:01.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| jean-david_gadina | slideshow | 0.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jean-david_gadina:slideshow:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91612895-6E84-4293-A037-62B874C726DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n \u0027Flash slideshow\u0027 (slideshow) v0.2.2 de TYPO3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-4338",
"lastModified": "2024-11-21T01:09:24.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-17T17:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54781"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-09 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thomas_mammitzsch | vx_xajax_shoutbox | * | |
| thomas_mammitzsch | vx_xajax_shoutbox | 0.0.11 | |
| thomas_mammitzsch | vx_xajax_shoutbox | 0.1.0 | |
| thomas_mammitzsch | vx_xajax_shoutbox | 0.1.1 | |
| thomas_mammitzsch | vx_xajax_shoutbox | 0.1.2 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomas_mammitzsch:vx_xajax_shoutbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3781E77-811C-4FBF-BBAD-178A531396EF",
"versionEndIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_mammitzsch:vx_xajax_shoutbox:0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "548BE0E0-71B2-458A-8420-13951902F5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_mammitzsch:vx_xajax_shoutbox:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "555A4E0E-3E36-4E80-B700-98FF2DF48FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_mammitzsch:vx_xajax_shoutbox:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "246F3F59-DEA7-4BBE-AAD7-EC52107C3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thomas_mammitzsch:vx_xajax_shoutbox:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA83C987-92D7-4E7C-B70D-9002E459A478",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n xaJax Shoutbox (vx_xajax_shoutbox) anteriores a v1.0.1 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no espec\u00edficos."
}
],
"id": "CVE-2010-4951",
"lastModified": "2024-11-21T01:22:08.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-09T10:55:37.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/vx_xajax_shoutbox/1.0.1/"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/vx_xajax_shoutbox/1.0.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42373"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-09 05:29
Modified
2024-11-21 04:21
Severity ?
Summary
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42ADAC09-0336-415E-9DA0-7E441267E5AB",
"versionEndExcluding": "8.7.25",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3E0F4C-7DEA-4409-8D42-EE7D3F95A859",
"versionEndExcluding": "9.5.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick."
},
{
"lang": "es",
"value": "TYPO3, versiones 8.x anteriores a 8.7.25 y 9.x anteriores a 9.5.6, permite la ejecuci\u00f3n remota de c\u00f3digo porque no configura correctamente las aplicaciones utilizadas para el procesamiento de im\u00e1genes, como demuestran ImageMagick o GraphicsMagick."
}
],
"id": "CVE-2019-11832",
"lastModified": "2024-11-21T04:21:51.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-09T05:29:01.957",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/108305"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-13 10:30
Modified
2024-11-21 00:56
Severity ?
Summary
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| fr.simon_rundell | pd_churchsearch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:pd_churchsearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DBECBD1-DFDC-4287-B782-C0344B607708",
"versionEndIncluding": "0.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de SQL en la extensi\u00f3n Diocese of Portsmouth Church Search (pd_churchsearch) para TYPO3, en las versiones anteriores a la 0.1.1 y 0.2.X antes de 0.2.10, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6463",
"lastModified": "2024-11-21T00:56:36.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-13T10:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48279"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31260"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2024-11-21 01:07
Severity ?
Summary
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9297C028-4875-4370-8A47-E5BB4DC04A20",
"versionEndIncluding": "4.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8B51D2-B985-405E-8D87-1572D5096F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AB9DE7-3AB0-4B5B-9825-486111386852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D954FE3D-B766-4D39-B0CA-31A24EDB362C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AE3831-400B-4974-9C69-6787CF03433A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "66333A00-5D7D-4467-9495-79D715EBAB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "71E7C6DF-C63B-4B16-9107-3C15490951D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEAD468-F39F-4B92-9ABD-F43C636B1145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6154F853-6DAF-4A34-8019-CB5BA87CCA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67CF0EA5-E984-40BE-BA90-1C85568A0525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "395C04FB-3390-4E97-B2F1-BEF9C42F15E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "349BDDAD-35AE-44B6-9623-1ABAAFA16D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C553D36B-B446-4D63-B37F-FA32D1E5A524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*",
"matchCriteriaId": "33152254-3B0B-4413-90F3-72A8B1ADDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*",
"matchCriteriaId": "78413B61-AAB7-485D-BD24-C8A6D7631281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53B002D-18FD-4C6A-97C0-AA9C83ABD382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3885B69F-B9C0-488F-8775-E8E801418E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EAF89-59F9-4D06-A7AE-175816BB7E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A3390E31-A149-4D83-94D2-63AF63D02A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF63F45-3E42-4DD6-ABD3-BA67D04C8A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386C2885-7543-43F0-9680-B57898C4F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "231CD899-2DC5-42CD-A4F9-4D00C2C11159",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a \"frame hijacking\" issue."
},
{
"lang": "es",
"value": "El subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a usuarios autenticados remotos situar sitios web de su elecci\u00f3n en los \"framesets\" (conjuntos de marcos) de backend a trav\u00e9s de par\u00e1metros modificados, relacionado con un asunto de \"frame hijacking\" (secuestro de marco)."
}
],
"id": "CVE-2009-3630",
"lastModified": "2024-11-21T01:07:50.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-02T15:30:00.640",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=125632856206736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53920"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:32
Severity ?
Summary
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.3.12, versiones 4.4.x anteriores a 4.4.9 y versiones 4.5.x anteriores a 4.5.4, permite una divulgaci\u00f3n de informaci\u00f3n en el back-end."
}
],
"id": "CVE-2011-4627",
"lastModified": "2024-11-21T01:32:41.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:10.690",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4627"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-28 10:30
Modified
2024-11-21 01:08
Severity ?
Summary
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37094 | Vendor Advisory | |
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37094 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| stanislas_rolland | sr_freecap | * | |
| stanislas_rolland | sr_freecap | 0.1.0 | |
| stanislas_rolland | sr_freecap | 0.2.0 | |
| stanislas_rolland | sr_freecap | 0.2.2 | |
| stanislas_rolland | sr_freecap | 0.2.3 | |
| stanislas_rolland | sr_freecap | 0.3.0 | |
| stanislas_rolland | sr_freecap | 0.3.1 | |
| stanislas_rolland | sr_freecap | 0.3.2 | |
| stanislas_rolland | sr_freecap | 0.3.3 | |
| stanislas_rolland | sr_freecap | 0.4.0 | |
| stanislas_rolland | sr_freecap | 0.4.1 | |
| stanislas_rolland | sr_freecap | 0.4.2 | |
| stanislas_rolland | sr_freecap | 0.4.3 | |
| stanislas_rolland | sr_freecap | 0.4.4 | |
| stanislas_rolland | sr_freecap | 0.4.5 | |
| stanislas_rolland | sr_freecap | 0.4.6 | |
| stanislas_rolland | sr_freecap | 1.0.0 | |
| stanislas_rolland | sr_freecap | 1.0.1 | |
| stanislas_rolland | sr_freecap | 1.0.2 | |
| stanislas_rolland | sr_freecap | 1.0.3 | |
| stanislas_rolland | sr_freecap | 1.0.4 | |
| stanislas_rolland | sr_freecap | 1.1.0 | |
| stanislas_rolland | sr_freecap | 1.1.1 | |
| stanislas_rolland | sr_freecap | 1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B33C20A-46EF-4FB6-888F-0E92E31006E0",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "790A1625-537C-4FBB-BCAC-46F4A32F4888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "613F12BA-4366-4993-8E5F-01C26B572D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB79D86-0400-4AE9-8B0E-805C33BDAA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88CC3BA3-F385-4AAA-AF3C-095BEDE284BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "308D7BF4-B342-4900-B352-17666B3D6D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33273E4-0DC6-41FF-906E-A9F7E578E400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01FD68AD-DADF-4407-86FA-80D19A604E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01EA86C4-A70C-46BF-9A76-21D0DFF9AD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F02BB3A9-0F36-4EA0-BFF0-66F6F5248D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEF1362-E8C7-4FB3-AA07-C0E6480D77E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06E43279-701A-492D-B6A7-028114ECE8EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B92C37-FC72-48CA-89C9-D9CA1C9C0E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16AC96CB-8EB6-422A-9432-371C978535F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9223DD6A-CD9F-4EC5-8B0F-9CCE888F3A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DC48FC36-81A3-44B8-9265-92C0C4B85AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC4A79C-CC5B-4A2A-8049-B4B28D89FE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3837FB-06B2-4FA5-AFDA-AC31F904254F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "383B783E-10BF-493B-9405-19B4573161FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5BDFBD-9F3A-4EA0-AC09-6235D2E0C9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF69BC8-E68A-44C0-B12D-D3DC5AC85B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADBBC0F-B2F3-4218-9409-EC2A3C21925B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7CDD5C-1EA1-4F0F-B1B6-4AD505BBAA71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_freecap:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0754949-41FA-41E0-8EE1-64E87A6142F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la caracter\u00edstica session handling en freeCap CAPTCHA (sr_freecap) extension v1.2.0 y anteriores para TYPO3 tiene un impacto desconocido y vectores atacantes."
}
],
"id": "CVE-2009-3818",
"lastModified": "2024-11-21T01:08:15.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-28T10:30:00.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37094"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-01 18:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3661 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3661 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a 4.1.14, versiones 4.2.x anteriores a 4.2.13, versiones 4.3.x anteriores a 4.3.4 y versiones 4.4.x anteriores a 4.4.1, permite un redireccionamiento abierto en el back-end."
}
],
"id": "CVE-2010-3661",
"lastModified": "2024-11-21T01:19:19.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-01T18:15:11.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3661"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-05 02:30
Modified
2024-11-21 01:00
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.0.8 | |
| typo3 | typo3 | 4.0.9 | |
| typo3 | typo3 | 4.0.10 | |
| typo3 | typo3 | 4.0.11 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.1.7 | |
| typo3 | typo3 | 4.1.8 | |
| typo3 | typo3 | 4.1.9 | |
| typo3 | typo3 | 4.2 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C842A284-8360-4DE4-8D05-8082D0A0AA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4600DD-C9CA-4D71-BD31-12FE40A14D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F271C6-B5A7-4B06-A3DF-4C7F74090CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) en la interfaz de usuario backend en TYPO3 versi\u00f3n 3.3.x hasta 3.8.x, versi\u00f3n 4.0 anterior a 4.0.12, versi\u00f3n 4.1 anterior a 4.1.10, versi\u00f3n 4.2 anterior a 4.2.6 y versi\u00f3n 4.3alpha1, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de campos no especificados."
}
],
"id": "CVE-2009-0816",
"lastModified": "2024-11-21T01:00:58.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-05T02:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/02/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021709"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-24 21:00
Modified
2024-11-21 01:19
Severity ?
Summary
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EC67D0-8B43-4664-88F6-DD4309560D61",
"versionEndIncluding": "1.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F114F8E-08DE-4C8A-A0F7-567A7A822E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9677B8-7E32-4020-845B-FD31B327491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC6F692-1F1E-4FB4-9EFA-57F0D0938256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9820C6-B4E6-4632-A6D4-D7EA093B1800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AEDCA4-5AC0-4970-99B4-9BE02C880AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "303CC902-BBDA-417C-90C5-6CC316ED2E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CDAD5-EE32-47C9-9A94-5FDA002C58BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2065E944-5F55-4ABF-A20E-F5D4CEED0F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6C13C053-62AD-4866-AA6E-B6E3862734FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F84BCD42-ACAC-47B7-BC11-162BDF37E5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAB0DA1-D646-41F9-9E49-EFB3E3D6753A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2A32130E-4799-41D3-8323-8B3B4B8B5453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC13061-9822-4399-A4A1-EBEED9742EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96CEE2A8-AC38-4581-B56C-399781D73A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0415B2-89B6-4D75-AD24-DD6152110D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C905E945-4195-448E-B2B6-8C7F9C3FABCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5897048-EE9A-4DB1-9802-27018E665A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFC2BB8-B4ED-4DC0-A391-7ACB2DD94E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "56CF73D1-AA5E-4A6C-95B8-3AD4FD7EC7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7FEED-4451-43DA-9811-E7F6AA589F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4670C29-5B52-4172-8AED-0AD01229778A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "384FD986-C33D-4A87-A0ED-8EE51AD5BEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6CF5F4-67D7-4495-B610-13959A10B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D7E4A4-5887-40B8-860E-91F102A24D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7055F350-0EE7-4DE7-8FB6-26A0F2D80224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414A1EC-ED36-4113-87EE-496D0CE6C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CC9389-53A8-43D8-9D03-9DBBEA26065C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2597C92A-BE72-4246-B2E7-F7B316E6BECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D0154-08BF-42AB-B97C-C0485BD34E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE66F2-621A-4F9A-8D99-C5F96D2BC528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F32EE91-CF3B-495C-9AEB-CF5F7A49E55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D79D18B0-E52B-4A80-BA0D-664BE32A667B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83192D4F-A044-456E-968C-78FD3F8782B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "027479DC-5EA0-4BAE-8F45-DB8CD2E7DBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "29168B6A-3D80-4DC7-A69E-E069B1627A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "490C3558-53F7-401D-94D4-ABC5A2DCB18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6783329E-53C6-4FAC-A76A-CDB15C30EE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3D85EF2D-D597-4BF8-8D42-65DF495F5B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ED148E81-A7BF-4E80-9BA7-1A95D4192521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCFF6F8-1913-4095-BB33-F371EA162CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5C372F-D442-44EA-9B74-A724261F7347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8B22DF-AC72-4A1D-BAC8-41AA612EEEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6293BE50-CEC2-4564-B323-5518CB5F26A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "46449EDA-9CD5-4FFC-ACC3-AE23D4CC3758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C94B49F-3249-4FF7-8D71-EFB59EB0B69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CE2E63-4B3B-4F37-983E-084058BB012D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA972B4-3307-4A9C-9E9A-F4DCA04B3320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE015AC-7FF4-445A-9112-576ECA6131A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA35D7C-6EAA-4E57-B229-771FBAE2616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBAD78D-2EEA-4E84-A31D-A8DB9A4ED6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "129FBFD3-5DF3-4C03-8416-89C9295F7245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5696F1A2-1A78-43F0-B52A-13C4B1A9989F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6F4864-877C-4FBA-99F8-CA138E089B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFE7AC9-06A3-4BCC-96F4-F978DE2A12AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95ADBE-FB92-427A-9C12-6F4DB32AB7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0661B887-07D1-4C97-A810-747D34F1854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8D2162-DEBA-400A-9BF4-CE2D5C8E59AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BD48C215-3464-49B3-AB9B-FAC18A0D6420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "90DAF9E4-959D-44C6-85A4-0F9124FDEC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A773CA49-4B9D-44AC-92A6-107514320987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4A774AE5-7A2E-460A-A8E4-FC3AEEFD1F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7D81F3-C67F-4326-BB7F-414D6ADDAFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C87E0-772E-4840-BC53-C7AF9D7B8DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECCDE1E-F3B4-4CD5-8C47-C29BC6C19686",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n powermail v1.5.3 y versiones anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores de ataque sin especificar."
}
],
"id": "CVE-2010-3604",
"lastModified": "2024-11-21T01:19:12.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-24T21:00:33.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41530"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-01 23:55
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kasper_skarhoj | accessible_is_browse_results | * | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kasper_skarhoj:accessible_is_browse_results:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DFAB12-DAFA-4D50-8243-68FFDD71A4F5",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la extensi\u00f3n Accessible para b\u00fasquedas indexadas (accessible_is_browse_results) 1.2.1 y anteriores para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4747",
"lastModified": "2024-11-21T01:56:18.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-01T23:55:01.100",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93819"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/60297"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84674"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 02:15
Modified
2024-11-21 05:48
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp | Third Party Advisory | |
| security-advisories@github.com | https://packagist.org/packages/typo3/cms-core | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2021-001 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packagist.org/packages/typo3/cms-core | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2021-001 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E257D831-1E13-4091-B658-176CBD37B426",
"versionEndExcluding": "6.2.57",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "518930A7-E255-4A56-B76B-1C978A236856",
"versionEndExcluding": "7.6.51",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10B90F0-DA5C-4A80-BD4F-124B6C82CE8B",
"versionEndExcluding": "8.7.40",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB3125B-114D-4991-BD60-9535D97DD348",
"versionEndExcluding": "9.5.25",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C031A87F-5A82-48F8-AB02-FED0CDFE08A2",
"versionEndExcluding": "10.4.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F696292E-3CC6-416B-9F99-6C1287B1D78D",
"versionEndExcluding": "11.1.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En TYPO3 versiones anteriores 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 se ha descubierto que el manejo del inicio de sesi\u00f3n es susceptible de redirecci\u00f3n abierta, lo que permite a los atacantes redirigir a contenido arbitrario, y realizar ataques de phishing. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. Esto est\u00e1 corregido en las versiones 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1"
}
],
"id": "CVE-2021-21338",
"lastModified": "2024-11-21T05:48:03.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T02:15:12.360",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-core"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-001"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simon_rundell | pd_calendar_today | * | |
| simon_rundell | pd_calendar_today | 0.0.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simon_rundell:pd_calendar_today:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83DE9175-ABF0-4047-8FAF-4CA6A19B33FE",
"versionEndIncluding": "0.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simon_rundell:pd_calendar_today:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD45561-D458-46CC-B3C6-E37F04967BE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n \u0027Diocese of Portsmouth Calendar\u0027 (pd_calendar) v0.4.1 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores desconocidos. Se trata de una vulnerabilidad diferente a CVE-2008-6691."
}
],
"id": "CVE-2009-4337",
"lastModified": "2024-11-21T01:09:23.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-17T17:30:00.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54779"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 20:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA44A2-E2AE-46D7-B1DB-850CFA4EACE5",
"versionEndExcluding": "4.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the \"forgot password\" function."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a 4.4.1, contiene una aleatoriedad no segura durante la generaci\u00f3n de un hash con la funci\u00f3n \"forgot password\"."
}
],
"id": "CVE-2010-3670",
"lastModified": "2024-11-21T01:19:21.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T20:15:10.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3670"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-21 00:55
Modified
2024-11-21 02:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 6.0 | |
| typo3 | typo3 | 6.0.1 | |
| typo3 | typo3 | 6.0.2 | |
| typo3 | typo3 | 6.0.3 | |
| typo3 | typo3 | 6.0.4 | |
| typo3 | typo3 | 6.0.5 | |
| typo3 | typo3 | 6.0.6 | |
| typo3 | typo3 | 6.0.7 | |
| typo3 | typo3 | 6.0.8 | |
| typo3 | typo3 | 6.0.9 | |
| typo3 | typo3 | 6.0.10 | |
| typo3 | typo3 | 6.0.11 | |
| typo3 | typo3 | 6.1 | |
| typo3 | typo3 | 6.1.1 | |
| typo3 | typo3 | 6.1.2 | |
| typo3 | typo3 | 6.1.3 | |
| typo3 | typo3 | 6.1.4 | |
| typo3 | typo3 | 6.1.5 | |
| typo3 | typo3 | 6.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en Backend User Administration Module de TYPO3 6.0.x anteriores a 6.0.12 y 6.1.x anteriores a 6.1.7 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-7077",
"lastModified": "2024-11-21T02:00:17.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-21T00:55:04.580",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/100884"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89626"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 14:43
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:sbanner:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE797B-1DE1-4222-8B8B-8C0CAABF7061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Solidbase Bannermanagement (SBbanner) v1.0.1 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4969",
"lastModified": "2024-11-21T01:10:53.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-28T14:43:41.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36137"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-25 18:55
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CE9543-2BE2-4C47-B34F-0B5BB546CC77",
"versionEndIncluding": "2.0.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C11AEDF-F1DE-42D9-985F-1DFEC6F37348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "299283D4-2976-4865-9D5C-C82278721FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B21C889D-3E45-412C-9DFF-5F2C01A10631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AD47DE54-47ED-477B-BADF-8B72C1D8CB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E37FD4-0581-4A8C-95C5-05081930B75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5414AC05-5356-49C8-B8DD-233180BC70FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F2632440-10FB-4F64-8581-30D323910B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "04FE326A-BB20-443B-B736-999FB2BD6D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AABAFFFB-9CE6-417B-82F1-FECDDABFB6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "75C0796A-C51B-4D65-8717-628FFE582E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A7379826-1D7E-4E54-B8EA-320752E7D6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "18246EE8-92B5-4339-8F5B-7D7CE3759665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AE7178-D0F2-44CD-A980-5245EE2A981B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D7BE97-CEAE-4CFB-9704-DFBBA0563D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "52C2FA20-854D-4335-8112-3B2778018816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC79A9D-DB90-491E-B75C-98F91A4D8F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C9BFD162-CD9E-4582-A4AD-881AA835BA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CC941213-CD58-4D5E-807A-69132A7EB04D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:0.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "200CEBAD-54D7-4383-927D-F91F8AE84644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA53ABC6-B6C4-421F-BE7C-5881EE403496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85C1A7BD-FA95-4C92-BD75-F9B156233425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8DED72-61B9-43F0-B064-4D09791B218B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AB6276-71CE-4AC0-A986-3E3523AE4230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C801D91C-A34E-4974-B960-3112F2729B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED51963-15AF-452F-BA23-980139A6EFDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B69E0D50-AA0D-4577-B2D8-AACFCA27C7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8925CACA-A048-4393-BD96-C51CD33BFE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CC457DB1-1254-4570-A0EB-FF45BA93F4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9495C4A5-65A0-4DE3-92F7-1F95CA08D0A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0A146857-3445-4FCA-AF97-58117ACA74FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1195F343-6A1A-4362-94B5-68173BB07C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "977C4298-E04A-4FBF-96CE-9D6E03F12C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "99E449D8-CC03-4CF2-BED9-73AF1B71AE59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D31B6FD5-B87E-4DDA-998C-4B952D58BDF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FA9D5B-A758-4956-B7E8-FDD060219E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3CD37-7688-4BA2-902B-4DF6DA16FE9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7611E7E3-EE6B-4A1D-A67B-9FB245E26C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E18D1044-1745-43E3-AD7F-6D392193977E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F6E4EE-92E2-4992-84EB-75ED58BB00A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B11B1F28-3659-4ECB-8B28-3FD4CE1103CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA3B5A9-CBB6-45A9-A6BD-8246A9D3EC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "01C00262-F3F3-4CDE-A7F8-9EBC264BF4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5A354FF4-49EC-461A-83F8-A88F8A283168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B11C77-B2FD-4099-8C7F-677EFCAC25D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A26DFE-874C-4C33-8F89-0711B9D909CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "445DFBD1-BFA9-48A3-AA72-572638963B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "AAED981C-C282-46E4-A157-53E1327FB9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "40C161C0-C8EA-4887-87BC-9CA10C00CA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "884DB4EF-2F28-4219-A00A-BFD8547DD94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA60FBA-7211-4DDE-9348-63B66A27717A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "8F186E69-7F06-4C9E-86D3-E9AA48A9D791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C73741BD-7A01-4132-83DB-3A9749C80F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A27EBD05-0233-4AB3-8597-97F2500A9280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1B0B8D-5F6F-4240-80E1-A1F6F869150B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "660FAE7B-8385-49DE-9D92-95EED08661CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FF0BE8-33E0-4B86-B7EE-019C43CB24A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "81581551-60BF-4972-AEF2-43F25CDA44D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "DE045AF2-30D2-401C-B734-6F8D4AF125DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "23FD0756-CB27-4193-8DA9-2EB00F31ACC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA874E-B866-49D3-8331-27BBAB7FD666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E56E888E-0F9F-4786-8F67-F3EC7B293836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E51126-16B9-4668-92FD-E984D9631936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA72ACC-6455-4905-99CF-0313B31E08B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE4DE57-E97C-4317-81E3-145B4986D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4482221-CF36-4C7D-852E-FB1FC7E3BE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F09CB191-F5EA-43B1-8B02-80516849091F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C626B2-BAAC-490D-B46D-89C7088712A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FC88E6C1-1E73-47FE-9F06-A2C22D25CB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEAF561-4ED3-4A57-9511-113C5EB137D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3E042D27-3E0B-4D6E-AB3D-45A7BFB6C475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "97E5E6B6-8D5D-4513-8F25-1A56BEE6B905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "981885BA-2E4C-46F7-9EBD-441F157E2D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7C2C496D-77D2-4796-91E3-3FCE400E0700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "42613273-40BD-4801-9207-BD238E6E6E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B59F1246-6C61-4E60-911D-1ED3497ACCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9F046B15-4923-4D40-B61C-5A263F623133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6E6927-8E48-41C9-977F-070357475078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "752CA44C-9CFD-4CD7-9DB9-FC4E2F2B48EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADA1AB5-DF5C-454E-A11A-DAC12A894694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5FEEA8-5121-4439-A9CF-6E597EB04024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8338DEE2-DB4B-4753-B951-B5181B3C081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "351C7878-4C4B-4FDD-95CF-646AFAE8E0D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE50D5E-BE48-470C-8D5B-701341666758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DF23A6-ABDA-406C-898A-3B526B1EBB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "759C30B4-2B02-490F-AA88-B3432D5BFDE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "9B946813-9BAB-47B0-955C-0E6145673268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC365C4-4572-4147-B7D3-0C75BF26CF8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "21DBABD2-C33D-4BAB-95AD-9D127320F78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "69B5C87C-BFCB-4C58-85A5-5CE31FD0AC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "8043040F-C6BC-4CA4-8FC1-46823DC9C6C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A73BF654-089C-4B30-8716-9ADC46D2672D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "C11CECAD-2A76-462F-8A74-D2628E0F18D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "51785555-23B7-4D91-BF13-D4BB0B419F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "82C59DEA-E7B4-4AD1-ACA7-4EBB39350076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bas_van_beek:multishop:2.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "50B34C1A-DF15-487B-89E9-1B771A19A719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Multishop v2.0.39 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4682",
"lastModified": "2024-11-21T01:56:03.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-25T18:55:01.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53441"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/multishop"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/60271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/multishop"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60271"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 20:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.4.1 allows XSS in the frontend search box.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3674 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3674 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| debian | debian_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3E5F8-527D-4362-9F4F-946ABE491330",
"versionEndExcluding": "4.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.4.1 allows XSS in the frontend search box."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.4.1, permite un ataque de tipo XSS en el cuadro de b\u00fasqueda de la interfaz."
}
],
"id": "CVE-2010-3674",
"lastModified": "2024-11-21T01:19:21.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T20:15:10.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3674"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad \"click enlarge\" de TYPO3 4.3.x anteriores a 4.3.9 y 4.4.x anteriores a 4.4.5. Cuando la plataforma de cach\u00e9 est\u00e1 habilitada, permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-5097",
"lastModified": "2024-11-21T01:22:30.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-21T20:55:16.553",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/70123"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64178"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2E2639-9974-4C2A-903D-C386AB55AC44",
"versionEndIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "421912BF-3882-49E2-9BB2-59ED296F6306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF86D2B-F508-4C67-B356-B46D211E2973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D9EE8D-0880-4184-8EF9-F3BA19534351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2F34F6-CC59-44D0-BAED-524186126D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0497203C-464D-43F2-B5EF-70D4D0CF14FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0B7DF0-E1A0-425C-AE30-50B6446258E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF65F5BB-4B50-4C84-8911-B9C6278CFB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD95041-6C13-4077-92F8-941F3FE16348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "018B9765-EF07-41FE-894B-B515C8892FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3347C94C-B734-4853-A886-4A4C81B1E68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "27663404-9323-48F1-9F66-38B3AFFBE1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "153A869A-9140-4B26-AD9E-5C9949E4A38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C9ABAB-3012-427E-9F4A-AB130ED5E9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "787E56B3-1BBB-4923-A475-14D0B0C9F954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB635ED-5537-42FF-B1A3-7CFAFD3E1E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50259F6C-1FD5-45F3-80E8-745D9DF1678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21C8D317-9996-4B61-B4D4-728D9BACF22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "703F79E1-F353-4852-A0CD-128FE51CBE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90432F4B-6805-4714-AAB9-D567E0AA24EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB108D53-38D1-4F2A-A421-4265803A678B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD19DDF6-C097-4192-A47F-0817AC387F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F8E2E1-FB6B-4AE8-9EE7-5D7C1E76125B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D92196FA-F26F-4CDC-A506-60EBE1EB48F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7177D6BD-7925-4A6C-A404-AF3ED3436794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17C0C155-BEFF-42EC-90F8-CDC5E808B5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A2F3FE-AEF3-4FD6-928C-72DC70ABB4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8986C5-9AB4-4D16-8A1B-DDD1915ACA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23AD0874-BD63-4E26-90FF-019E3900F28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B72E7EC-D147-428A-AA91-B4842FED45B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F694249-2EBB-4B34-A518-4DF97E3100E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en JobControl (dmmjobcontrol) v1.15.0 y anteriores (extensi\u00f3n para TYPO3) permite a usuarios remotos inyectar de forma arbitraria secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6688",
"lastModified": "2024-11-21T00:57:12.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-10T22:00:00.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46385"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29828"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tim_lochmueller_\\\u0026_thomas_buss:a21glossary_advanced_output:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3592204-BC87-4D3C-8CC0-68226091AF80",
"versionEndIncluding": "0.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller_\\\u0026_thomas_buss:a21glossary_advanced_output:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11C7517F-BFF0-4779-BB73-A03FB23A3096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller_\\\u0026_thomas_buss:a21glossary_advanced_output:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "65A045A8-E6EF-4A28-AF8A-636C2CED5E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller_\\\u0026_thomas_buss:a21glossary_advanced_output:0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "860FEE5C-1C91-46B1-9CC2-E7D08C343D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tim_lochmueller_\\\u0026_thomas_buss:a21glossary_advanced_output:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "032ED0F4-83F7-49CA-91A5-D9256F6D5CFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n A21glossary Advanced Output (a21glossary_advanced_output), en versiones anteriores a la 0.1.12, para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4950",
"lastModified": "2024-11-21T01:10:50.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-22T18:30:02.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| michael_fritz | worldcup | * | |
| michael_fritz | worldcup | 0.1.9 | |
| michael_fritz | worldcup | 1.2.8 | |
| michael_fritz | worldcup | 1.2.9 | |
| michael_fritz | worldcup | 1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29B30FCB-75D7-4EC6-8CCF-7E792F109897",
"versionEndIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D968C544-AC69-4E8A-BA08-5AF8553C1ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58402F40-22FD-4C3D-B6EA-3244E6277E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C7435E-9191-484A-9708-5B46AFED3794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:michael_fritz:worldcup:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDDE629-2E79-43F8-A7AF-EA2EA14B4E89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en TARGET-E WorldCup Bets (worldcup) v2.0.0 y anteriores (extensi\u00f3n para TYPO3) permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6697",
"lastModified": "2024-11-21T00:57:14.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46396"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29826"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 21:15
Modified
2024-11-21 08:13
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F977D03B-2605-4DDA-8E08-9E32862B36FF",
"versionEndExcluding": "9.5.42",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD93DD8-F62F-4541-8B1E-0B78A069A9BC",
"versionEndExcluding": "10.4.39",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA1BEF0-8CBD-46AE-A155-A010CCE92F6F",
"versionEndExcluding": "11.5.30",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE209B6F-686B-4896-A7E0-B8426A4818C1",
"versionEndExcluding": "12.4.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. A partir de la versi\u00f3n 9.4.0 y antes de las versiones 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, y 12.4.4 en escenarios multi-sitio, la enumeraci\u00f3n de los par\u00e1metros de consulta HTTP \"id\" y \"L\" permit\u00eda el acceso fuera del alcance al contenido renderizado en el frontend del sitio web. Por ejemplo, esto permit\u00eda a los visitantes acceder al contenido de un sitio interno a\u00f1adiendo par\u00e1metros de consulta manuales a la URL de un sitio que estaba disponible p\u00fablicamente. Las versiones de TYPO3 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30 y 12.4.4 corrigen el problema. "
}
],
"id": "CVE-2023-38499",
"lastModified": "2024-11-21T08:13:42.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T21:15:10.997",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-20 18:29
Modified
2024-11-21 01:19
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.1.0 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.1.7 | |
| typo3 | typo3 | 4.1.8 | |
| typo3 | typo3 | 4.1.9 | |
| typo3 | typo3 | 4.1.10 | |
| typo3 | typo3 | 4.1.11 | |
| typo3 | typo3 | 4.1.12 | |
| typo3 | typo3 | 4.1.13 | |
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4219A367-8431-4A72-AF73-ED2A853B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "74F10D45-FA29-4534-8789-201D194C46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "878A3B3A-91B6-4EB3-995C-46CEF6FE4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51B3DD65-A811-47DD-ADC6-015EE9BC2A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E06499-FC41-4B7F-B76E-37FA423F17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6B3184-8868-4604-9E01-3EFBF6608EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60F86FA-B7D3-4BE5-82F2-05F2A5F5663D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) en TYPO3 CMS en versiones 4.1.x anteriores a la 4.1.14, versiones 4.2.x anteriores a la 4.2.13, versiones 4.3.x anteriores a la 4.3.4 y versiones 4.4.x anteriores a la 4.4.1 permite que usuarios remotos backend inyecten scripts web o HTML arbitrarios mediante par\u00e1metros sin especificar en el gestor de extensiones, o par\u00e1metros sin especificar en formularios de backend desconocidos."
}
],
"id": "CVE-2010-3659",
"lastModified": "2024-11-21T01:19:19.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-20T18:29:00.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/28/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/42029"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3659/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/28/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/42029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3659/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-17 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| melvin_mach | jobexchange | 0.0.3 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:melvin_mach:jobexchange:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA6172B-6C12-461C-A0B1-3A97E9999BA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Bolsa de Empleo (jobexchange) v0.0.3 para TYPO3 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-4342",
"lastModified": "2024-11-21T01:09:24.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-17T17:30:00.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54785"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 14:43
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jochen_rieger | car | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jochen_rieger:car:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184DBE72-3509-46D8-AC4C-A0A107C60FEA",
"versionEndIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Car (car) anteriores a v0.1.1 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4967",
"lastModified": "2024-11-21T01:10:53.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-28T14:43:41.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36131"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-22 23:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fr.simon_rundell | ste_parish_admin | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fr.simon_rundell:ste_parish_admin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "548CA2FA-2B02-4800-9CE3-CDC8B063281E",
"versionEndIncluding": "0.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extension de administraci\u00f3n de bases de datos v0.1.3 y anteriores de Parish (ste_parish_admin) para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4400",
"lastModified": "2024-11-21T01:09:33.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-22T23:30:00.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-17 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19555E75-281D-4248-9A87-51646A9BB52A",
"versionEndIncluding": "2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAA155D-D1C6-494D-AD8B-ECE5317487ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADF2300-E9A2-4615-B4E0-278ABBE42D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EFE2B9-5E08-468D-9EC6-1B9CDACF073C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "697353A3-169E-45FA-96D3-55B68BEBAABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "585F4ACD-7AC3-40BC-B69B-89AE2FADC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDB596B-77F5-4D4E-A310-1623C693F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DB7FBD-43DF-423D-B19F-71EB570740D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCEB3782-6FDC-4545-B56A-F622C291AEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "476D5133-8BCB-44BF-B61F-6699D7B8F9A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78CD10C9-701F-4DD1-8973-AF57188A7AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0018996E-6F56-4BA4-926F-69DF4C9E3029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A096ADF6-0654-4EBB-9438-62641B98161E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C02EFC5-7E83-45FB-B04B-5BAF17FD45B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "926799DE-4DAC-4A2A-A1FF-11A9C35ADBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA2BBB5-1CF3-482B-A07C-9C10414BC120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "192C448A-62D1-4A8A-AA36-B0D21732A1B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B238304F-2FEB-497C-B74D-4BED29879040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABDA6FBA-9A42-4524-AA65-2A15A5B2E2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F51DBFDB-9D5B-46D2-8EBC-A298E8DBBF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "530EAF4D-1170-402F-83C2-DF4CBBE2D835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC00A773-3560-4177-8496-F6F344A7E4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E487F62-CF2B-4241-A8C0-E24050A3FC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A65D8D7D-BE4C-4675-B64C-E0BA8611D7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1D50A3F1-6410-45DF-AEB8-7EED53C75392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7FABBDF7-3893-4EA2-BDDA-96B2F4D8690E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "75EC3A9F-2BC8-4D2B-919E-1423CC9F32DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9BC189-BE6A-454E-8C2E-F0CBD154C45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0952E35D-5261-4CF8-9E89-33B76CC6A588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF5FCA1-3E4D-45A6-9986-D1F78AC9786E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1476EF27-25D7-45EF-949C-761131D2EA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "546430ED-FA47-4D0D-936F-96369343A341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.17:18:*:*:*:*:*:*",
"matchCriteriaId": "F429EAA3-46C8-47C0-B88F-3D0AF2759518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2C03F06E-72E6-4F4C-A73A-01594B30064D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature."
},
{
"lang": "es",
"value": "La extensi\u00f3n \u0027Front End User Registration\u0027\r\n(sr_feuser_register) antes de v2.6.2 para TYPO3 permite a atacantes remotos obtener nombres de usuario y contrase\u00f1as a trav\u00e9s de las funcionalidad de (1) editar Perspectivas o (2) inicio de sesi\u00f3n autom\u00e1tico (\u0027autologin\u0027).\r\n"
}
],
"id": "CVE-2012-5890",
"lastModified": "2024-11-21T01:45:27.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-17T21:55:01.970",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80145"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2E2639-9974-4C2A-903D-C386AB55AC44",
"versionEndIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "421912BF-3882-49E2-9BB2-59ED296F6306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF86D2B-F508-4C67-B356-B46D211E2973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D9EE8D-0880-4184-8EF9-F3BA19534351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2F34F6-CC59-44D0-BAED-524186126D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0497203C-464D-43F2-B5EF-70D4D0CF14FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0B7DF0-E1A0-425C-AE30-50B6446258E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF65F5BB-4B50-4C84-8911-B9C6278CFB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD95041-6C13-4077-92F8-941F3FE16348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "018B9765-EF07-41FE-894B-B515C8892FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3347C94C-B734-4853-A886-4A4C81B1E68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "27663404-9323-48F1-9F66-38B3AFFBE1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "153A869A-9140-4B26-AD9E-5C9949E4A38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C9ABAB-3012-427E-9F4A-AB130ED5E9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "787E56B3-1BBB-4923-A475-14D0B0C9F954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB635ED-5537-42FF-B1A3-7CFAFD3E1E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50259F6C-1FD5-45F3-80E8-745D9DF1678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21C8D317-9996-4B61-B4D4-728D9BACF22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "703F79E1-F353-4852-A0CD-128FE51CBE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90432F4B-6805-4714-AAB9-D567E0AA24EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB108D53-38D1-4F2A-A421-4265803A678B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD19DDF6-C097-4192-A47F-0817AC387F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F8E2E1-FB6B-4AE8-9EE7-5D7C1E76125B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D92196FA-F26F-4CDC-A506-60EBE1EB48F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7177D6BD-7925-4A6C-A404-AF3ED3436794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17C0C155-BEFF-42EC-90F8-CDC5E808B5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A2F3FE-AEF3-4FD6-928C-72DC70ABB4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8986C5-9AB4-4D16-8A1B-DDD1915ACA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23AD0874-BD63-4E26-90FF-019E3900F28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B72E7EC-D147-428A-AA91-B4842FED45B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F694249-2EBB-4B34-A518-4DF97E3100E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en JobControl (dmmjobcontrol) v1.15.0 y anteriores (extensi\u00f3n para TYPO3) permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos.\r\n"
}
],
"id": "CVE-2008-6689",
"lastModified": "2024-11-21T00:57:12.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46386"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alex_kellner | powermail | * | |
| alex_kellner | powermail | 1.6.0 | |
| alex_kellner | powermail | 1.6.1 | |
| alex_kellner | powermail | 1.6.2 | |
| alex_kellner | powermail | 1.6.3 | |
| alex_kellner | powermail | 1.6.5 | |
| alex_kellner | powermail | 1.6.6 | |
| alex_kellner | powermail | 1.6.7 | |
| alex_kellner | powermail | 1.6.8 | |
| alex_kellner | powermail | 1.6.9 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEE9042-76F5-402D-B933-5659780A7548",
"versionEndIncluding": "1.6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97566C8C-A05C-4226-AFB2-BED8F0CA51B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BFEF153-A62D-499B-BD7E-11E4F6F7BEF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1199C635-5A1F-4884-9E1B-26326FCA0C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4E47D2-4A1A-4153-B6CE-6C679DD186BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE4E946-B3CF-44ED-B68B-F74C7BFF67EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F23EADCC-2791-441A-B971-1AC05AC5604F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0554C6A-5E57-4D81-BCED-5BCD63E73162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D6959629-9543-4DD5-82D9-027716C07802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alex_kellner:powermail:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26E6D0AB-6B7C-4E3B-8639-A224CE551E0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el asistente de exportaci\u00f3n HTML en el m\u00f3dulo backend en la extensi\u00f3n powermail anterior a 1.6.11 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3948",
"lastModified": "2024-11-21T02:09:11.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-04T14:55:05.403",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58909"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/powermail"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/powermail"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 20:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3n 4.4.1, permite una divulgaci\u00f3n de informaci\u00f3n en el encabezado de correo de la API de correo HTML."
}
],
"id": "CVE-2010-3673",
"lastModified": "2024-11-21T01:19:21.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T20:15:10.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3673"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-14 19:20
Modified
2024-11-21 00:53
Severity ?
Summary
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| typo3 | another_backend_login | * | |
| typo3 | another_backend_login | 0.0.1 | |
| typo3 | another_backend_login | 0.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:another_backend_login:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2B50F3-283B-4402-8C51-DBBF22406A6B",
"versionEndIncluding": "0.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:another_backend_login:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA67920-8106-428B-B375-AE3901C418BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:another_backend_login:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6655E0AA-464F-4371-90EE-0FC381874F2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n TYPO3 Another Backend Login (wrg_anotherbelogin) versiones anteriores a v0.0.4 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-5087",
"lastModified": "2024-11-21T00:53:15.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-14T19:20:53.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31266"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-08 17:29
Modified
2024-11-21 04:11
Severity ?
Summary
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1040755 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://forge.typo3.org/issues/84191 | Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/pradeepjairamani/TYPO3-XSS-POC | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040755 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forge.typo3.org/issues/84191 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pradeepjairamani/TYPO3-XSS-POC | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80798C49-EE0F-486E-BFD9-272D0E350223",
"versionEndExcluding": "8.7.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1615F2B1-FB17-48D2-9B46-ED6D575B544A",
"versionEndExcluding": "9.1.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS[\u0027TYPO3_CONF_VARS\u0027][\u0027SYS\u0027][\u0027sitename\u0027], as demonstrated by an admin entering a crafted site name during the installation process."
},
{
"lang": "es",
"value": "El m\u00f3dulo page en TYPO3, en versiones anteriores a la 8.7.11 y versiones 9.1.0,. tiene Cross-Site Scripting (XSS) mediante $GLOBALS[\u0027TYPO3_CONF_VARS\u0027][\u0027SYS\u0027][\u0027sitename\u0027], tal y como queda demostrado con un administrador que introduce un nombre de sitio manipulado durante el proceso de instalaci\u00f3n."
}
],
"id": "CVE-2018-6905",
"lastModified": "2024-11-21T04:11:23.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-08T17:29:00.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040755"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://forge.typo3.org/issues/84191"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pradeepjairamani/TYPO3-XSS-POC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://forge.typo3.org/issues/84191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pradeepjairamani/TYPO3-XSS-POC"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-20 14:55
Modified
2024-11-21 01:55
Severity ?
Summary
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file."
},
{
"lang": "es",
"value": "El (1) componente de carga de archivos y (2) la Capa de Abstracci\u00f3n de Archivo (FAL) en TYPO3 versiones 6.0.x anteriores a 6.0.8 y versiones 6.1.x anteriores a 6.1.3, no comprueba apropiadamente las extensiones de archivo, que le permiten a editores autenticados remotos ejecutar c\u00f3digo PHP arbitrario mediante la carga de un archivo .php."
}
],
"id": "CVE-2013-4250",
"lastModified": "2024-11-21T01:55:12.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-20T14:55:04.147",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-27 17:30
Modified
2024-11-21 00:56
Severity ?
Summary
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lobacher_patrick | simplefilebrowser | * | |
| lobacher_patrick | simplefilebrowser | 1.0.0 | |
| lobacher_patrick | simplefilebrowser | 1.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lobacher_patrick:simplefilebrowser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E4ED78-54AB-4AFD-8656-4582B60FCF0F",
"versionEndIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lobacher_patrick:simplefilebrowser:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A39E1B5D-2A07-4E5A-9308-E88F611B1183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lobacher_patrick:simplefilebrowser:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBBCC62-E40C-4342-965E-68C295B1B017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors."
},
{
"lang": "es",
"value": "vulnerabilidad no espec\u00edfica en la extensi\u00f3n Simple File Browser (simplefilebrowser) v1.0.2 y anteriores para TYPO3 permite a atacantes remotos obtener informaci\u00f3n importante a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2008-6342",
"lastModified": "2024-11-21T00:56:17.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-27T17:30:09.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33301"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | mjseventpro | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:mjseventpro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D1357F-DEFA-4F75-95A2-E37CE14C7776",
"versionEndIncluding": "0.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n de TYPO3 \"MJS Event Pro\" (mjseventpro) v0.2.1 y anteriores permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0340",
"lastModified": "2024-11-21T01:12:01.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:01.003",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-04 21:59
Modified
2024-11-21 02:21
Severity ?
Summary
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/ | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/ | Exploit, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC1BD2-CB44-4C0F-8B87-6272AEEBDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D7129E4A-834D-4405-853B-89F1BD7965E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E80654F2-42D2-4E47-B069-126327B83C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "AABC3190-44FF-4F75-BBA6-CE9D1BAC4096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADA397D-D126-456C-BE3B-D129197CEA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7399A6-3078-458B-BF84-39081214BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D3E2-00DF-4F93-8978-24EAFAA6A916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "495B1280-1C65-45FE-B5C5-ED1BD7AF429F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6CE19A-3985-45AC-9DF5-64572AA9ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA8422F-5A4B-4696-AF31-F1128FCF482F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA625B3-16A2-436F-A63D-0B5200BAA955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "13FE26EF-79DC-4907-A593-414679AAE9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B6650206-8DD5-4D05-BBD2-15A12842117B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9712BC-E1C2-46AF-8111-DE5523DFF3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "17025DCC-2685-4EC4-BD0B-34F768181A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC167D-7CD8-42B1-AD3B-B6534BB8203E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7ACA06-C0C1-4EEA-A629-C453C97660A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C444E62-897D-4C7A-AEC6-C5728166A11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF13769-3F5A-4766-A8DA-8B939CB1AB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFFF68DC-AFBB-4055-83AF-BAFE9C68FBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F0FB1F-45D1-49A8-8882-393B16E6AA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A51F600B-F3BB-4C8A-8188-3F5E4D59114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC254112-3695-422E-BD5B-B5E65F61B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC7DF87-E8E8-4333-8549-5607328399BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a \"Cache Poisoning\" attack using a URL with arbitrary arguments, which triggers a reload of the page."
},
{
"lang": "es",
"value": "El componente frontend rendering en TYPO3 4.5.x anterior a 4.5.39, 4.6.x hasta 6.2.x anterior a 6.2.9, y 7.x anterior a 7.0.2, cuando config.prefixLocalAnchors est\u00e1 configurado a todo o en cach\u00e9, permite a atacantes remotos tener un impacto no especificado (posiblemente consumo de recursos) a trav\u00e9s de un ataque de envenenamiento del cach\u00e9 (\u0027Cache Poisoning\u0027) utilizando una URL con argumentos arbitrarios, lo que provoca un recarga de la p\u00e1gina."
}
],
"id": "CVE-2014-9509",
"lastModified": "2024-11-21T02:21:03.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-04T21:59:07.120",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.5 | |
| typo3 | typo3 | 4.5.0 | |
| typo3 | typo3 | 4.5.1 | |
| typo3 | typo3 | 4.5.2 | |
| typo3 | typo3 | 4.5.3 | |
| typo3 | typo3 | 4.5.4 | |
| typo3 | typo3 | 4.5.5 | |
| typo3 | typo3 | 4.5.6 | |
| typo3 | typo3 | 4.5.7 | |
| typo3 | typo3 | 4.5.8 | |
| typo3 | typo3 | 4.5.9 | |
| typo3 | typo3 | 4.5.10 | |
| typo3 | typo3 | 4.5.11 | |
| typo3 | typo3 | 4.5.12 | |
| typo3 | typo3 | 4.5.13 | |
| typo3 | typo3 | 4.5.14 | |
| typo3 | typo3 | 4.5.15 | |
| typo3 | typo3 | 4.5.16 | |
| typo3 | typo3 | 4.5.17 | |
| typo3 | typo3 | 4.5.18 | |
| typo3 | typo3 | 4.6 | |
| typo3 | typo3 | 4.6.0 | |
| typo3 | typo3 | 4.6.1 | |
| typo3 | typo3 | 4.6.2 | |
| typo3 | typo3 | 4.6.3 | |
| typo3 | typo3 | 4.6.4 | |
| typo3 | typo3 | 4.6.5 | |
| typo3 | typo3 | 4.6.6 | |
| typo3 | typo3 | 4.6.7 | |
| typo3 | typo3 | 4.6.8 | |
| typo3 | typo3 | 4.6.9 | |
| typo3 | typo3 | 4.6.10 | |
| typo3 | typo3 | 4.6.11 | |
| typo3 | typo3 | 4.7 | |
| typo3 | typo3 | 4.7.0 | |
| typo3 | typo3 | 4.7.1 | |
| typo3 | typo3 | 4.7.2 | |
| typo3 | typo3 | 4.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1A90BF-E780-4282-BCCB-0E568EB785A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el Install Tool en TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores desconocidos."
}
],
"id": "CVE-2012-3531",
"lastModified": "2024-11-21T01:41:04.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:02.240",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78888"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 23:55
Modified
2024-11-21 02:00
Severity ?
Summary
Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en la extensi\u00f3n de OpenID en TYPO3 4.5.0 a 4.5.31, 4.7.0 a 4.7.16, 6.0.0 a 6.0.11, y 6.1.0 a 6.1.6 permite a atacantes remotos redireccionar usuarios a sitios web arbitrarios y efectuar ataques de phishing a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-7079",
"lastModified": "2024-11-21T02:00:18.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-23T23:55:04.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64252"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 17:30
Modified
2024-11-21 01:09
Severity ?
Summary
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lukas_taferner | it_basetag | 1.0.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lukas_taferner:it_basetag:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F1F458-7042-4476-9A1B-E28A067063A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct \"Cache spoofing\" attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n Automatic Base Tags for RealUrl (lt_basetag) v1.0.0 para TYPO3 permite a atacantes remotos conducir un ataque \"Cache spoofing\" a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4167",
"lastModified": "2024-11-21T01:09:04.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-02T17:30:00.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37169"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 23:55
Modified
2024-11-21 02:00
Severity ?
Summary
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka \"Mass Assignment.\""
},
{
"lang": "es",
"value": "La funcionalidad de creaci\u00f3n de registros en la tabla de administraci\u00f3n de la librer\u00eda (feuser_adminLib.inc) Extension en TYPO3 4.5.0 a 4.5.31, 4.7.0 a 4.7.16, y 6.0.0 a 6.0.11 permite a atacantes remotos escribir en campos arbitrarios en la tabla de configuraci\u00f3n de la base de datos a trav\u00e9s de enlaces manipulados, tambi\u00e9n conocido como \"Mass Assignment\" (asignaci\u00f3n masiva)."
}
],
"id": "CVE-2013-7080",
"lastModified": "2024-11-21T02:00:18.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T23:55:04.373",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 00:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "039BA16C-73B6-4752-A92D-B2980B2C3226",
"versionEndIncluding": "9.5.16",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C71BE201-8A33-4586-9943-3523546CA40F",
"versionEndIncluding": "10.4.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER-\u003euc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones 9.0.0 hasta 9.5.16 y versiones 10.0.0 hasta 10.4.1, ha sido detectado que la configuraci\u00f3n del usuario del backend (en $BE_USER-)uc) es vulnerables a una deserializaci\u00f3n no segura. En combinaci\u00f3n con vulnerabilidades de componentes de terceros, esto puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota. Es requerida una cuenta de usuario del back-end v\u00e1lida para explotar esta vulnerabilidad. Esto ha sido corregido en las versiones 9.5.17 y 10.4.2."
}
],
"id": "CVE-2020-11067",
"lastModified": "2024-11-21T04:56:43.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T00:15:11.400",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 02:15
Modified
2024-11-21 05:48
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh | Third Party Advisory | |
| security-advisories@github.com | https://packagist.org/packages/typo3/cms-backend | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2021-008 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packagist.org/packages/typo3/cms-backend | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2021-008 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "518930A7-E255-4A56-B76B-1C978A236856",
"versionEndExcluding": "7.6.51",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10B90F0-DA5C-4A80-BD4F-124B6C82CE8B",
"versionEndExcluding": "8.7.40",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB3125B-114D-4991-BD60-9535D97DD348",
"versionEndExcluding": "9.5.25",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C031A87F-5A82-48F8-AB02-FED0CDFE08A2",
"versionEndExcluding": "10.4.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F696292E-3CC6-416B-9F99-6C1287B1D78D",
"versionEndExcluding": "11.1.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En TYPO3 versiones anteriores a la 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 se ha descubierto que los elementos de contenido de tipo _menu_ son vulnerables al cross-site scripting cuando sus elementos referenciados se previsualizan en el m\u00f3dulo de p\u00e1gina. Se necesita una cuenta de usuario v\u00e1lida para explotar esta vulnerabilidad. Esto se ha corregido en las versiones 7.6.51, 8.7.40, 9.5.25, 10.4.14 y 11.1.1"
}
],
"id": "CVE-2021-21370",
"lastModified": "2024-11-21T05:48:13.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T02:15:12.987",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-backend"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-008"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-07 23:30
Modified
2024-11-21 01:02
Severity ?
Summary
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | * | |
| stanislas_rolland | sr_feuser_register | * | |
| stanislas_rolland | sr_feuser_register | 1.4 | |
| stanislas_rolland | sr_feuser_register | 1.6 | |
| stanislas_rolland | sr_feuser_register | 2.2.1 | |
| stanislas_rolland | sr_feuser_register | 2.2.7 | |
| stanislas_rolland | sr_feuser_register | 2.2.8 | |
| stanislas_rolland | sr_feuser_register | 2.3 | |
| stanislas_rolland | sr_feuser_register | 2.3.6 | |
| stanislas_rolland | sr_feuser_register | 2.4 | |
| stanislas_rolland | sr_feuser_register | 2.5 | |
| stanislas_rolland | sr_feuser_register | 2.5.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3355511-4472-4D36-B160-45A1F818DCFB",
"versionEndIncluding": "2.5.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "053EF31D-FE26-4CF3-BE33-EB0F1036718F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E20C0A-8B89-4C95-8B24-A2A3CBFA0127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "476D5133-8BCB-44BF-B61F-6699D7B8F9A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C84689-C9B1-480A-A3BF-00EF5316F03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9B00C7C5-54A6-485D-AAF7-61F12E0D7B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D815939A-4446-4CC8-86EE-58903DEC9CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B238304F-2FEB-497C-B74D-4BED29879040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABDA6FBA-9A42-4524-AA65-2A15A5B2E2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F51DBFDB-9D5B-46D2-8EBC-A298E8DBBF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3F44CBF4-5A38-41C8-A7C5-CA1D6A61BEE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors."
},
{
"lang": "es",
"value": "La extensi\u00f3n Frontend User Registration (sr_feuser_register) v.2.5.20 y anteriores para TYPO3, no comprueba adecuadamente los permisos de acceso, esto permite a usuarios autenticados en remoto obtener informaci\u00f3n sensible como contrase\u00f1as a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2009-1264",
"lastModified": "2024-11-21T01:02:02.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-07T23:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53278"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34586"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34374"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0938"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 20:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77",
"versionEndExcluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim\u0027s session."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.1.14, versiones 4.2.x anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3n 4.4.1, est\u00e1 abierto a un ataque de fijaci\u00f3n de sesi\u00f3n lo que permite a atacantes remotos secuestrar la sesi\u00f3n de una v\u00edctima."
}
],
"id": "CVE-2010-3671",
"lastModified": "2024-11-21T01:19:21.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T20:15:10.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3671"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:mm_whtppr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D75661-6A06-4A37-A7D4-E7DED86EBC33",
"versionEndIncluding": "0.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos SQL en la extensi\u00f3n White Papers (mm_whtppr) antes de v0.0.4 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1074",
"lastModified": "2024-11-21T01:36:21.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T17:55:02.897",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78786"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51837"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72959"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:terminal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68B97E61-1429-4F44-AE2E-0AFEA79E478A",
"versionEndIncluding": "0.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n Terminal PHP Shell (terminal) v0.3.2 y anteriores para TYPO3, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1082",
"lastModified": "2024-11-21T01:36:22.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T17:55:03.430",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78796"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51849"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| stefan_tannhaeuser | tv21_talkshow | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stefan_tannhaeuser:tv21_talkshow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0585F45C-50FF-4165-91BC-80D3F136603C",
"versionEndIncluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados(XSS) en la extensi\u00f3n de TYPO3 \"Talkshow TV21\" (tv21_talkshow) v1.0.1 y anteriores permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0331",
"lastModified": "2024-11-21T01:12:00.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-15T19:30:00.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | beuserswitch | 0.0.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:beuserswitch:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "967F2C4C-B393-4BDC-9213-B6E98920EF7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n BE User Switch (beuserswitch) v0.0.1 para TYPO3, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-1085",
"lastModified": "2024-11-21T01:36:22.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T17:55:03.540",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78799"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51852"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72973"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2024-11-21 02:39
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.0 | |
| typo3 | typo3 | 6.2.1 | |
| typo3 | typo3 | 6.2.2 | |
| typo3 | typo3 | 6.2.3 | |
| typo3 | typo3 | 6.2.4 | |
| typo3 | typo3 | 6.2.5 | |
| typo3 | typo3 | 6.2.6 | |
| typo3 | typo3 | 6.2.7 | |
| typo3 | typo3 | 6.2.8 | |
| typo3 | typo3 | 6.2.9 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.10 | |
| typo3 | typo3 | 6.2.11 | |
| typo3 | typo3 | 6.2.12 | |
| typo3 | typo3 | 6.2.13 | |
| typo3 | typo3 | 6.2.14 | |
| typo3 | typo3 | 6.2.15 | |
| typo3 | typo3 | 7.0.0 | |
| typo3 | typo3 | 7.0.2 | |
| typo3 | typo3 | 7.1.0 | |
| typo3 | typo3 | 7.2.0 | |
| typo3 | typo3 | 7.3.0 | |
| typo3 | typo3 | 7.3.1 | |
| typo3 | typo3 | 7.4.0 | |
| typo3 | typo3 | 7.5.0 | |
| typo3 | typo3 | 7.6.0 | |
| typo3 | typo3 | 7.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "612D54CF-9089-45EB-897B-487DCF6C84AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "29602159-5C1E-4C5A-9E4C-F3183D3EA8A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "52CC6148-48F9-4532-96D3-8C6D82B8B815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E501EDED-B7DC-4D00-9DAF-862BC8C14C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F67C62FD-A683-43F3-BF0E-D368617B194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8CCC09EC-CB2C-466A-BD71-4DD2C34288B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "82F45E35-4731-4527-861F-3999ABED94B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "FC154041-5B1B-484C-8EF8-9EBC73A9FF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36E925BE-8D4F-49FE-90EF-68C1DE776107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DA0AF154-CC16-4536-B120-A9040CE92394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "313D0192-8849-4DA1-820E-28E2FC4E37C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "265DCFF8-2EC5-49EA-8D06-1956F3109F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D8FB68B-E4E8-4501-94F6-2922781D8C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEAA4-B0D8-4B5B-8958-173245F55134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E806A38-C603-4916-93E2-FE43062B09C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "17EB5B78-0AD1-4259-8537-058D888B30B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7E6FD-99D0-4F48-B5DF-0EFD4C05079D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21217A49-637C-4F60-B8F8-8699E71D6BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC254112-3695-422E-BD5B-B5E65F61B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58A72CC1-1BCE-415C-9816-AD34C14E36FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237EEDFE-DFB0-4D6E-BAA6-7A374A384CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26264C04-D8E1-4780-97C3-13F287ECF11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B89766D-2E3C-4CE9-92ED-8E5A8FF71D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3392C868-FFD8-4B00-ADD2-02CCCAEC5EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F859F4-E3EE-4C2D-A618-6E49769A1610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7F660D-7C1E-43AA-B185-40309788F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C022973-D06B-4CEF-87BF-3C016AAD4770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36A63F3A-DC95-49FF-B6AC-FD98F8499905",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en componentes del backend no especificados en TYPO3 6.2.x en versiones anteriores a 6.2.16 y 7.x en versiones anteriores a 7.6.1 permiten a editores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2015-8755",
"lastModified": "2024-11-21T02:39:06.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T19:59:21.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79236"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034483"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 17:55
Modified
2024-11-21 01:36
Severity ?
Summary
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manfred_egger | bc_post2facebook | * | |
| manfred_egger | bc_post2facebook | 0.2.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manfred_egger:bc_post2facebook:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B1AA40-2843-4EDB-87A8-5A00821791B5",
"versionEndIncluding": "0.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:manfred_egger:bc_post2facebook:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22063029-7AE1-4389-9FCC-3FB54F6C9BAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos SQL en la extensi\u00f3n Post data records to facebook (bc_post2facebook) v0.2.2 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-1077",
"lastModified": "2024-11-21T01:36:21.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T17:55:03.070",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78790"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-16 22:41
Modified
2024-11-21 00:47
Severity ?
Summary
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | apache_webserver | * | |
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.0.8 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:apache_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF97C8-A5E1-4091-A43D-B8F60E0313E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F271C6-B5A7-4B06-A3DF-4C7F74090CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
},
{
"lang": "es",
"value": "TYPO3 versiones 4.0.x anteriores a 4.0.9, versiones 4.1.x anteriores a 4.1.7, y versiones 4.2.x anteriores a 4.2.1, utiliza un fileDenyPattern predeterminado insuficientemente restrictivo para Apache, que permite a los atacantes remotos omitir las restricciones de seguridad y cargar archivos de configuraci\u00f3n como .htaccess, o conducir ataques de carga de archivos mediante varias extensiones."
}
],
"id": "CVE-2008-2717",
"lastModified": "2024-11-21T00:47:32.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-16T22:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30619"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30660"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3945"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 02:15
Modified
2024-11-21 05:48
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Summary
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2 | Third Party Advisory | |
| security-advisories@github.com | https://packagist.org/packages/typo3/cms-form | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://typo3.org/security/advisory/typo3-core-sa-2021-002 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packagist.org/packages/typo3/cms-form | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-core-sa-2021-002 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F10B90F0-DA5C-4A80-BD4F-124B6C82CE8B",
"versionEndExcluding": "8.7.40",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB3125B-114D-4991-BD60-9535D97DD348",
"versionEndExcluding": "9.5.25",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C031A87F-5A82-48F8-AB02-FED0CDFE08A2",
"versionEndExcluding": "10.4.14",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F696292E-3CC6-416B-9F99-6C1287B1D78D",
"versionEndExcluding": "11.1.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web de c\u00f3digo abierto basado en PHP. En TYPO3 versiones anteriores a la 8.7.40, 9.5.25, 10.4.14, 11.1.1, debido a la falta de garant\u00eda de que las extensiones de archivo pertenecen a los tipos mime permitidos configurados, los atacantes pueden subir datos arbitrarios con extensiones de archivo arbitrarias - sin embargo, _fileDenyPattern_ por defecto bloquea con \u00e9xito archivos como _.htaccess_ o _malicious.php_. Adem\u00e1s de eso, _UploadedFileReferenceConverter_ transforma los archivos subidos en objetos de modelo de dominio FileReference apropiados y maneja posibles subidas de archivos para otras extensiones tambi\u00e9n - dado que esas extensiones usan el marco MVC de Extbase, hacen uso de elementos FileReference en sus definiciones de modelo de dominio directas o heredadas y no implementaron su propio convertidor de tipos. En caso de que este escenario se aplique, _UploadedFileReferenceConverter_ acepta cualquier tipo mime de archivo y persigue los archivos en la ubicaci\u00f3n predeterminada. De cualquier manera, los archivos subidos se colocan en la ubicaci\u00f3n por defecto _/fileadmin/user_upload/_, en la mayor\u00eda de los escenarios manteniendo el nombre del archivo enviado - lo que permite a los atacantes referenciar directamente los archivos, o incluso adivinar correctamente los nombres de los archivos utilizados por otras personas, revelando esta informaci\u00f3n. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. Esto est\u00e1 corregido en las versiones 8.7.40, 9.5.25, 10.4.14, 11.1.1"
}
],
"id": "CVE-2021-21355",
"lastModified": "2024-11-21T05:48:11.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T02:15:12.627",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/typo3/cms-form"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-002"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
},
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-28 14:43
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vincent_tietz | vjchat | * | |
| vincent_tietz | vjchat | 0.2.6 | |
| vincent_tietz | vjchat | 0.2.7 | |
| vincent_tietz | vjchat | 0.3.0 | |
| vincent_tietz | vjchat | 0.3.1 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vincent_tietz:vjchat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7073AF52-D70E-4B67-934E-4CA01E3C5330",
"versionEndIncluding": "0.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vincent_tietz:vjchat:0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EC90D584-F978-4352-A5E0-1750F47DC667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vincent_tietz:vjchat:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "94CB8A03-2FDE-47A2-A40A-29F18EC2B98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vincent_tietz:vjchat:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B944EF00-CBD5-4658-858F-28533F027F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vincent_tietz:vjchat:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "285AE204-81C8-4743-9D89-A8C3090535E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n AJAX Chat (vjchat) anterior a v0.3.3 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4971",
"lastModified": "2024-11-21T01:10:53.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-28T14:43:41.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36141"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| steffen_kamper | reports_logview | * | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:steffen_kamper:reports_logview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D093AEF-3DD1-434C-90BC-EDDCC4D4CF94",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Reports Logfile View (reports_logview) v1.2.1 y anteriores para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1014",
"lastModified": "2024-11-21T01:13:25.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-19T19:00:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38823"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-15 19:30
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arco_van_geest | goof_fotoboek | * | |
| arco_van_geest | goof_fotoboek | 1.2.4 | |
| arco_van_geest | goof_fotoboek | 1.4.0 | |
| arco_van_geest | goof_fotoboek | 1.4.1 | |
| arco_van_geest | goof_fotoboek | 1.5.1 | |
| arco_van_geest | goof_fotoboek | 1.6.1 | |
| arco_van_geest | goof_fotoboek | 1.6.4 | |
| arco_van_geest | goof_fotoboek | 1.7.0 | |
| arco_van_geest | goof_fotoboek | 1.7.2 | |
| arco_van_geest | goof_fotoboek | 1.7.3 | |
| arco_van_geest | goof_fotoboek | 1.7.4 | |
| arco_van_geest | goof_fotoboek | 1.7.5 | |
| arco_van_geest | goof_fotoboek | 1.7.7 | |
| arco_van_geest | goof_fotoboek | 1.7.9 | |
| arco_van_geest | goof_fotoboek | 1.7.10 | |
| arco_van_geest | goof_fotoboek | 1.7.11 | |
| arco_van_geest | goof_fotoboek | 1.7.12 | |
| arco_van_geest | goof_fotoboek | 1.7.13 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A47C368-E00E-464F-AD09-C78E1C68DFE5",
"versionEndIncluding": "1.7.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90813014-0C2D-4684-8DD5-DCF6EABF56C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF5E2E2-7536-4817-A4F0-BF097DE8BB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A139CD8-8A86-463F-985E-CFB3E8296816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D79A0A-F058-488C-8A97-2DAD81851E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB475A0-B3C9-4441-B5AC-C75BE5C270CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4853F371-CE1A-4E07-B40B-8794598A49D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74AF0E60-9110-4C33-96C8-165FBDBBF148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF7DA3-E958-4CF2-899F-C45105FF176A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDDC390-A52D-482A-BAF6-6939B5790EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8952311C-CD9B-4ABA-9EB2-85FEFD89C7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0751AC-C16A-465F-ABCA-67E8A939B205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9DAACA-EFFB-4E05-BD6D-E25D0DDCE7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "37B967B9-7317-42A6-B4BE-D8CE2A6C0D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0FEEA5-D282-4998-A72C-BFBA4A1AC4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C97A77B1-CF81-4DFD-A9D4-30BCCF5E5145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE7BBDD-E459-4410-A47C-22BEE3C5ACD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arco_van_geest:goof_fotoboek:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C95FF1-67DE-40FD-9FD2-789DE7C0727C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la extensi\u00f3n de libro de fotos (goof_fotoboek) v1.7.14 y anteriores para TYPO3 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2010-0323",
"lastModified": "2024-11-21T01:11:59.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-15T19:30:00.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-27 20:55
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webempoweredchurch | wec_discussion | * | |
| webempoweredchurch | wec_discussion | 1.6.0 | |
| webempoweredchurch | wec_discussion | 1.6.1 | |
| webempoweredchurch | wec_discussion | 1.6.2 | |
| webempoweredchurch | wec_discussion | 1.6.3 | |
| webempoweredchurch | wec_discussion | 1.7.0 | |
| webempoweredchurch | wec_discussion | 2.0.1 | |
| webempoweredchurch | wec_discussion | 2.0.2 | |
| webempoweredchurch | wec_discussion | 2.0.3 | |
| webempoweredchurch | wec_discussion | 2.0.4 | |
| webempoweredchurch | wec_discussion | 2.1.0 | |
| typo3 | typo3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E60CD544-DC3C-4C88-A644-13A8DB84DF19",
"versionEndIncluding": "2.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F03D13A-79F5-4B0C-B1EF-8593C1B12AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "665895CE-9D9C-48AB-A8E2-D3DD3F234C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "874C3D70-B9F8-4ADD-8451-CAE797C593F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB5775B-A31D-436B-B8F6-50E547C5D9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "434FB076-E0DC-46D6-A126-A1C23B16EE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A58AC564-C42A-4FE1-B8BF-0E2438A3055E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D37B34D-F153-406A-AFB5-BE4CEB9AF1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0EB71C-1AC8-4B2D-83C4-1CD969D2D787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED959636-1557-455F-A904-C22857C638D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webempoweredchurch:wec_discussion:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6B9898-B4DE-41E0-B780-5468477572ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n WEC Discussion Forum anterior a v2.1.2 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4720",
"lastModified": "2024-11-21T01:56:08.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-27T20:55:01.840",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90413"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/58054"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/wec_discussion"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 17:15
Modified
2024-11-21 01:32
Severity ?
Summary
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C2013-3653-40E0-B692-8524309338F0",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA153A2C-2697-47BC-B836-17AA48875F7A",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898F86CE-0897-4403-A0AC-90C5DCED8AF4",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en TYPO3 versiones anteriores a la versi\u00f3n 4.3.12, versiones 4.4.x anteriores a 4.4.9 y versiones 4.5.x anteriores a 4.5.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del asistente de navegaci\u00f3n."
}
],
"id": "CVE-2011-4630",
"lastModified": "2024-11-21T01:32:41.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T17:15:10.910",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4630"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-25 05:15
Modified
2024-11-21 08:00
Severity ?
Summary
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:11.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "39861941-0E9B-46A9-9C88-4886FEE7C544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]."
},
{
"lang": "es",
"value": "En TYPO3 11.5.24, el componente filelist permite a los atacantes (que tienen acceso al panel de administrador) leer archivos arbitrarios a trav\u00e9s del directory traversal en el campo baseuri, como lo demuestra POST /typo3/record/edit con ../../. ./ en datos[sys_file_storage]*[datos][sDEF][lDEF][basePath][vDEF]."
}
],
"id": "CVE-2023-30451",
"lastModified": "2024-11-21T08:00:12.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-25T05:15:08.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-26 20:30
Modified
2024-11-21 01:10
Severity ?
Summary
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:ws_ecard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEF5BC2-2386-4B94-BEB3-67EA835B172E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la extensi\u00f3n Webesse E-Card (ws_ecard) v1.0.2 y anteriores para TYPO3, tiene vectores de ataque remotos e impacto no especificados."
}
],
"id": "CVE-2009-4740",
"lastModified": "2024-11-21T01:10:20.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-26T20:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-18 00:55
Modified
2024-11-21 01:32
Severity ?
Summary
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo PHP en Classes/Controller/AbstractController.php en la extensi\u00f3n del sistema de espacios de trabajo de TYPO3 v4.5.x antes de v4.5.9, v4.6.x antes de v4.6.2 y versiones de desarrollo de v4.7 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en el par\u00e1metro BACK_PATH."
}
],
"id": "CVE-2011-4614",
"lastModified": "2024-11-21T01:32:39.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-18T00:55:02.213",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47201"
},
{
"source": "secalert@redhat.com",
"url": "http://typo3.org/fileadmin/security-team/bug32571/32571.diff"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/12/16/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/77776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/fileadmin/security-team/bug32571/32571.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/12/16/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77776"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 23:15
Modified
2024-11-21 01:19
Severity ?
Summary
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-3669 | Third Party Advisory | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-3669 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493",
"versionEndExcluding": "4.3.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3",
"versionEndExcluding": "4.4.1",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box."
},
{
"lang": "es",
"value": "TYPO3 versiones anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3n 4.4.1, permite una ataque de tipo XSS y un Redireccionamiento Abierto en el cuadro de inicio de sesi\u00f3n del frontend."
}
],
"id": "CVE-2010-3669",
"lastModified": "2024-11-21T01:19:21.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T23:15:10.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3669"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-3669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-10 17:15
Modified
2024-11-21 06:07
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "62943057-9B6F-4931-AC81-122F81675224",
"versionEndIncluding": "7.6.52",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*",
"matchCriteriaId": "15152F24-9A5D-45DD-8E20-9EDE1164A769",
"versionEndIncluding": "8.7.41",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8EC2D0-D2D7-4512-8B9B-946186B03111",
"versionEndIncluding": "9.5.28",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9ECFF0F-AF27-4F7E-9E4D-847B7511BC5C",
"versionEndIncluding": "10.4.18",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B274A76-C202-4115-BD26-1A72B534E935",
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag \u0026 attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described."
},
{
"lang": "es",
"value": "TYPO3 es un sistema de administrador de contenidos web de c\u00f3digo abierto basado en PHP y publicado bajo la licencia GNU GPL. En las versiones afectadas que no analizan, sanean y codifican apropiadamente el contenido de texto enriquecido malicioso, el proceso de representaci\u00f3n del contenido en el frontend del sitio web es vulnerable a un ataque de tipo cross-site scripting. Las instrucciones de renderizaci\u00f3n correspondientes por medio de la funcionalidad TypoScript HTMLparser no considera todas las combinaciones de etiquetas y atributos HTML potencialmente maliciosas por defecto. En los escenarios predeterminados, se necesita una cuenta de usuario de backend v\u00e1lida para explotar esta vulnerabilidad. En caso de que los plugins personalizados usados en el frontend del sitio web acepten y reflejen el contenido de texto enriquecido enviado por usuarios, no es requerida una autenticaci\u00f3n. Actualizar a versiones de TYPO3 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 que corrigen el problema descrito"
}
],
"id": "CVE-2021-32768",
"lastModified": "2024-11-21T06:07:42.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-10T17:15:10.587",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2021-013"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.2.15 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.3.7 | |
| typo3 | typo3 | 4.3.8 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo de la lista en TYPO3 v4.2.x antes de v4.2.16, v4.3.x antes de v4.3.9 y v4.4.x antes de v4.4.5 permite ejecutar comandos SQL a usuarios remotos autenticados con determinados permisos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-5103",
"lastModified": "2024-11-21T01:22:30.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-21T20:55:17.570",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/70117"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64184"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 21:30
Modified
2024-11-21 01:10
Severity ?
Summary
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| liviu_mitrofan | myth_download | 0.1.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:liviu_mitrofan:myth_download:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AF5B43-591C-4537-9AEB-C0A13675977A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Myth download (myth_download) v0.1.0 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4701",
"lastModified": "2024-11-21T01:10:15.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-15T21:30:00.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| stefan_geith | sg_userdata | * | |
| stefan_geith | sg_userdata | 0.90.100 | |
| stefan_geith | sg_userdata | 0.90.101 | |
| stefan_geith | sg_userdata | 0.90.109 | |
| stefan_geith | sg_userdata | 0.90.111 | |
| stefan_geith | sg_userdata | 0.90.202 | |
| stefan_geith | sg_userdata | 0.90.210 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stefan_geith:sg_userdata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAC7CF9-C901-4DB0-93A2-EB644F11CF13",
"versionEndIncluding": "0.90.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stefan_geith:sg_userdata:0.90.100:*:*:*:*:*:*:*",
"matchCriteriaId": "EF160919-C2DB-4C75-8BBC-608A9A0A88D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stefan_geith:sg_userdata:0.90.101:*:*:*:*:*:*:*",
"matchCriteriaId": "2337337C-6376-4BBB-86EB-7CCE801FBCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stefan_geith:sg_userdata:0.90.109:*:*:*:*:*:*:*",
"matchCriteriaId": "B154982F-DA32-4F5C-A93F-2D5636F79295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stefan_geith:sg_userdata:0.90.111:*:*:*:*:*:*:*",
"matchCriteriaId": "290A9A79-3D2F-45C7-A5C7-A0E69B396E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stefan_geith:sg_userdata:0.90.202:*:*:*:*:*:*:*",
"matchCriteriaId": "14D8FE4B-D7DC-479F-BE52-AD7CB23D5543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stefan_geith:sg_userdata:0.90.210:*:*:*:*:*:*:*",
"matchCriteriaId": "C4AA59AF-62D8-4041-8884-CE6E4992FA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Userdata Create/Edit (sg_userdata) en versiones anteriores a la 0.91.0 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4953",
"lastModified": "2024-11-21T01:10:51.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-22T18:30:02.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-27 17:30
Modified
2024-11-21 00:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mathieu_vidal | mv_vox_populi | * | |
| mathieu_vidal | mv_vox_populi | 0.1.0 | |
| mathieu_vidal | mv_vox_populi | 0.2.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mathieu_vidal:mv_vox_populi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AF5A96-16CD-48B3-AC63-C1304B6AB3CC",
"versionEndIncluding": "0.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mathieu_vidal:mv_vox_populi:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE27FEE7-B925-43DE-A3C2-2F2CD4AB81D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mathieu_vidal:mv_vox_populi:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "266B7381-D0A5-47ED-8AEC-EA933BBEE99A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la extensi\u00f3n vox populi (mv_vox_populi) v0.3.0 y anteriores de TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6340",
"lastModified": "2024-11-21T00:56:17.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-27T17:30:09.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33262"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mv_vox_populi/0.3.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/mv_vox_populi/0.3.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32980"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201607-0657
Vulnerability from variot
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. This vulnerability "httpoxy" Is called a problem. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host.
The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more information:
https://php.net/ChangeLog-5.php#5.6.24
For the stable distribution (jessie), these problems have been fixed in version 5.6.24+dfsg-0+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7.0.9-1 of the php7.0 source package.
We recommend that you upgrade your php5 packages.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. For more information, see: http://php.net/ChangeLog-5.php#5.6.24 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz
Slackware 14.1 package: aea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: ab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz
Slackware 14.2 package: c88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: ed5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz
Slackware -current package: c25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz
Slackware x86_64 -current package: 17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg php-5.6.24-i586-1_slack14.2.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: php security and bug fix update Advisory ID: RHSA-2016:1613-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1613.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 =====================================================================
- Summary:
An update for php is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- (CVE-2016-5385)
Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.
Bug Fix(es):
-
Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected. (BZ#1346758)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1346758 - Segmentation fault while header_register_callback 1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: php-5.4.16-36.3.el7_2.src.rpm
x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: php-5.4.16-36.3.el7_2.src.rpm
x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: php-5.4.16-36.3.el7_2.src.rpm
ppc64: php-5.4.16-36.3.el7_2.ppc64.rpm php-cli-5.4.16-36.3.el7_2.ppc64.rpm php-common-5.4.16-36.3.el7_2.ppc64.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm php-gd-5.4.16-36.3.el7_2.ppc64.rpm php-ldap-5.4.16-36.3.el7_2.ppc64.rpm php-mysql-5.4.16-36.3.el7_2.ppc64.rpm php-odbc-5.4.16-36.3.el7_2.ppc64.rpm php-pdo-5.4.16-36.3.el7_2.ppc64.rpm php-pgsql-5.4.16-36.3.el7_2.ppc64.rpm php-process-5.4.16-36.3.el7_2.ppc64.rpm php-recode-5.4.16-36.3.el7_2.ppc64.rpm php-soap-5.4.16-36.3.el7_2.ppc64.rpm php-xml-5.4.16-36.3.el7_2.ppc64.rpm php-xmlrpc-5.4.16-36.3.el7_2.ppc64.rpm
ppc64le: php-5.4.16-36.3.el7_2.ppc64le.rpm php-cli-5.4.16-36.3.el7_2.ppc64le.rpm php-common-5.4.16-36.3.el7_2.ppc64le.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm php-gd-5.4.16-36.3.el7_2.ppc64le.rpm php-ldap-5.4.16-36.3.el7_2.ppc64le.rpm php-mysql-5.4.16-36.3.el7_2.ppc64le.rpm php-odbc-5.4.16-36.3.el7_2.ppc64le.rpm php-pdo-5.4.16-36.3.el7_2.ppc64le.rpm php-pgsql-5.4.16-36.3.el7_2.ppc64le.rpm php-process-5.4.16-36.3.el7_2.ppc64le.rpm php-recode-5.4.16-36.3.el7_2.ppc64le.rpm php-soap-5.4.16-36.3.el7_2.ppc64le.rpm php-xml-5.4.16-36.3.el7_2.ppc64le.rpm php-xmlrpc-5.4.16-36.3.el7_2.ppc64le.rpm
s390x: php-5.4.16-36.3.el7_2.s390x.rpm php-cli-5.4.16-36.3.el7_2.s390x.rpm php-common-5.4.16-36.3.el7_2.s390x.rpm php-debuginfo-5.4.16-36.3.el7_2.s390x.rpm php-gd-5.4.16-36.3.el7_2.s390x.rpm php-ldap-5.4.16-36.3.el7_2.s390x.rpm php-mysql-5.4.16-36.3.el7_2.s390x.rpm php-odbc-5.4.16-36.3.el7_2.s390x.rpm php-pdo-5.4.16-36.3.el7_2.s390x.rpm php-pgsql-5.4.16-36.3.el7_2.s390x.rpm php-process-5.4.16-36.3.el7_2.s390x.rpm php-recode-5.4.16-36.3.el7_2.s390x.rpm php-soap-5.4.16-36.3.el7_2.s390x.rpm php-xml-5.4.16-36.3.el7_2.s390x.rpm php-xmlrpc-5.4.16-36.3.el7_2.s390x.rpm
x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: php-bcmath-5.4.16-36.3.el7_2.ppc64.rpm php-dba-5.4.16-36.3.el7_2.ppc64.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm php-devel-5.4.16-36.3.el7_2.ppc64.rpm php-embedded-5.4.16-36.3.el7_2.ppc64.rpm php-enchant-5.4.16-36.3.el7_2.ppc64.rpm php-fpm-5.4.16-36.3.el7_2.ppc64.rpm php-intl-5.4.16-36.3.el7_2.ppc64.rpm php-mbstring-5.4.16-36.3.el7_2.ppc64.rpm php-mysqlnd-5.4.16-36.3.el7_2.ppc64.rpm php-pspell-5.4.16-36.3.el7_2.ppc64.rpm php-snmp-5.4.16-36.3.el7_2.ppc64.rpm
ppc64le: php-bcmath-5.4.16-36.3.el7_2.ppc64le.rpm php-dba-5.4.16-36.3.el7_2.ppc64le.rpm php-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm php-devel-5.4.16-36.3.el7_2.ppc64le.rpm php-embedded-5.4.16-36.3.el7_2.ppc64le.rpm php-enchant-5.4.16-36.3.el7_2.ppc64le.rpm php-fpm-5.4.16-36.3.el7_2.ppc64le.rpm php-intl-5.4.16-36.3.el7_2.ppc64le.rpm php-mbstring-5.4.16-36.3.el7_2.ppc64le.rpm php-mysqlnd-5.4.16-36.3.el7_2.ppc64le.rpm php-pspell-5.4.16-36.3.el7_2.ppc64le.rpm php-snmp-5.4.16-36.3.el7_2.ppc64le.rpm
s390x: php-bcmath-5.4.16-36.3.el7_2.s390x.rpm php-dba-5.4.16-36.3.el7_2.s390x.rpm php-debuginfo-5.4.16-36.3.el7_2.s390x.rpm php-devel-5.4.16-36.3.el7_2.s390x.rpm php-embedded-5.4.16-36.3.el7_2.s390x.rpm php-enchant-5.4.16-36.3.el7_2.s390x.rpm php-fpm-5.4.16-36.3.el7_2.s390x.rpm php-intl-5.4.16-36.3.el7_2.s390x.rpm php-mbstring-5.4.16-36.3.el7_2.s390x.rpm php-mysqlnd-5.4.16-36.3.el7_2.s390x.rpm php-pspell-5.4.16-36.3.el7_2.s390x.rpm php-snmp-5.4.16-36.3.el7_2.s390x.rpm
x86_64: php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: php-5.4.16-36.3.el7_2.src.rpm
x86_64: php-5.4.16-36.3.el7_2.x86_64.rpm php-cli-5.4.16-36.3.el7_2.x86_64.rpm php-common-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-gd-5.4.16-36.3.el7_2.x86_64.rpm php-ldap-5.4.16-36.3.el7_2.x86_64.rpm php-mysql-5.4.16-36.3.el7_2.x86_64.rpm php-odbc-5.4.16-36.3.el7_2.x86_64.rpm php-pdo-5.4.16-36.3.el7_2.x86_64.rpm php-pgsql-5.4.16-36.3.el7_2.x86_64.rpm php-process-5.4.16-36.3.el7_2.x86_64.rpm php-recode-5.4.16-36.3.el7_2.x86_64.rpm php-soap-5.4.16-36.3.el7_2.x86_64.rpm php-xml-5.4.16-36.3.el7_2.x86_64.rpm php-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: php-bcmath-5.4.16-36.3.el7_2.x86_64.rpm php-dba-5.4.16-36.3.el7_2.x86_64.rpm php-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm php-devel-5.4.16-36.3.el7_2.x86_64.rpm php-embedded-5.4.16-36.3.el7_2.x86_64.rpm php-enchant-5.4.16-36.3.el7_2.x86_64.rpm php-fpm-5.4.16-36.3.el7_2.x86_64.rpm php-intl-5.4.16-36.3.el7_2.x86_64.rpm php-mbstring-5.4.16-36.3.el7_2.x86_64.rpm php-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm php-pspell-5.4.16-36.3.el7_2.x86_64.rpm php-snmp-5.4.16-36.3.el7_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXrPgaXlSAg2UNWIIRAjn0AJ9+uobkj268+7awLhgQLyNGujzgkgCgp8+D ggdX4EUo7inKwJDZgGYrNok= =Zn6M -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-3045-1 August 02, 2016
php5, php7.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description: - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain SplMinHeap::compar e operations. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. Thi s issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116 )
It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873)
It was discovered that PHP incorrectly validated certain Exception object s when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2015-8876)
It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use thi s issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935)
It was discovered that PHP incorrectly handled certain locale operations.
An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093)
It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-5094, CVE-2016-5095)
It was discovered that the PHP fread() function incorrectly handled certa in lengths. An attacker could use this issue to cause PHP to crash, resultin g in a denial of service, or possibly execute arbitrary code. This issue on ly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)
It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker cou ld use this issue to cause PHP to crash, resulting in a denial of service, o r possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)
It was discovered that PHP would not protect applications from contents o f the HTTP_PROXY environment variable when based on the contents of the Pro xy header from HTTP requests. A remote attacker could possibly use this issu e in combination with scripts that honour the HTTP_PROXY variable to redire ct outgoing HTTP requests. (CVE-2016-5385)
Hans Jerry Illikainen discovered that the PHP bzread() function incorrect ly performed error handling. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399)
It was discovered that certain PHP multibyte string functions incorrectly
handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)
It was discovered that the PHP Mcrypt extension incorrectly handled memor y. A remote attacker could use this issue to cause PHP to crash, resulting i n a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)
It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker coul d use this issue to cause PHP to crash, resulting in a denial of service, o r possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)
It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP t o crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772)
It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cau se PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0 4 LTS. (CVE-2016-6288)
It was discovered that PHP incorrectly handled path lengths when extracti ng certain Zip archives. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6289)
It was discovered that PHP incorrectly handled session deserialization. A
remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290)
It was discovered that PHP incorrectly handled exif headers when processi ng certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292)
It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294)
It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use
this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT S and Ubuntu 16.04 LTS. (CVE-2016-6295)
It was discovered that the PHP xmlrpc_encode_request() function incorrect ly handled certain lengths. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296)
It was discovered that the PHP php_stream_zip_opener() function incorrect ly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2 php7.0-cgi 7.0.8-0ubuntu0.16.04.2 php7.0-cli 7.0.8-0ubuntu0.16.04.2 php7.0-fpm 7.0.8-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19 php5-cgi 5.5.9+dfsg-1ubuntu4.19 php5-cli 5.5.9+dfsg-1ubuntu4.19 php5-fpm 5.5.9+dfsg-1ubuntu4.19
Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.24 php5-cgi 5.3.10-1ubuntu3.24 php5-cli 5.3.10-1ubuntu3.24 php5-fpm 5.3.10-1ubuntu3.24
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3045-1 CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768, CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297
Package Information: https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05333297
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05333297 Version: 2
HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-01-14 Last Updated: 2017-01-13
Potential Security Impact: Remote: Denial of Service (DoS), Unauthorized Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A security vulnerability in PHP was addressed by the HPE StoreEver MSL6480 Tape Library firmware version 5.10. The vulnerability could be exploited remotely to allow Unauthorized Disclosure of Information or Denial of Service via the Ethernet Management Interface. Please note that the Management Interface cannot access data stored on tape media, so this vulnerability does not allow for remote unauthorized disclosure of data stored on tape media or remote denial of service.
References:
- CVE-2016-5385 - PHP, HTTPoxy
- CVE-2016-3074 - PHP
- CVE-2013-7456 - PHP
- CVE-2016-5093 - PHP
- CVE-2016-5094 - PHP
- CVE-2016-5096 - PHP
- CVE-2016-5766 - PHP
- CVE-2016-5767 - PHP
- CVE-2016-5768 - PHP
- CVE-2016-5769 - PHP
- CVE-2016-5770 - PHP
- CVE-2016-5771 - PHP
- CVE-2016-5772 - PHP
- CVE-2016-5773 - PHP
- CVE-2016-6207 - GD Graphics Library
- CVE-2016-6289 - PHP
- CVE-2016-6290 - PHP
- CVE-2016-6291 - PHP
- CVE-2016-6292 - PHP
- CVE-2016-6293 - PHP
- CVE-2016-6294 - PHP
- CVE-2016-6295 - PHP
- CVE-2016-6296 - PHP
- CVE-2016-6297 - PHP
- CVE-2016-5399 - PHP
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP StoreEver MSL6480 Tape Library prior to 5.10
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2013-7456
7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-3074
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5093
8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5094
8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5096
8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5385
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5399
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5766
8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-5767
8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-5768
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5769
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5770
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5771
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5772
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5773
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-6207
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2016-6289
7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-6290
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-6291
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-6292
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2016-6293
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-6294
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-6295
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-6296
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-6297
8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following software update to resolve the vulnerabilities for the impacted versions of the HPE StoreEver MSL6480 Tape Library:
HISTORY
Version:1 (rev.1) - 15 November 2016 Initial release
Version:2 (rev.2) - 13 January 2017 Updating CVE list
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storeever msl6480 tape library",
"scope": null,
"trust": 1.6,
"vendor": "hewlett packard",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.1.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "24"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.5.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.6.24"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "23"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.0.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.0"
},
{
"model": "php",
"scope": "lte",
"trust": 1.0,
"vendor": "php",
"version": "7.0.8"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "storeever msl6480 tape library",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "5.09"
},
{
"model": "system management homepage",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "7.5.5.0"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.5.38"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "7.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache http server",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "haproxy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hhvm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "python",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lighttpd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "php",
"scope": "lte",
"trust": 0.8,
"vendor": "the php group",
"version": "7.0.8"
},
{
"model": "linux",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "system management homepage",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "development environment v6.1 to v6.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.2 to v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.2 to v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.2 to v8.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v8.2 to v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v7.1 to v8.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v7.1 to v8.1"
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "\"(with developers studio) v8.2 to v9.4\""
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.1 to v8.1"
},
{
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.4 to v9.3"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2 to v9.3"
},
{
"model": "webotx sip application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v7.1 to v8.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "7.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:storeever_msl6480_tape_library_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hp:storeever_msl6480_tape_library:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.24",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.38",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.8",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.7",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "138070"
}
],
"trust": 0.1
},
"cve": "CVE-2016-5385",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5385",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-94204",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5385",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5385",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-538",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94204",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5385",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. This vulnerability \"httpoxy\" Is called a problem. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host. \n\nThe vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.24, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.6.24\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.24+dfsg-0+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.9-1 of the php7.0 source package. \n\nWe recommend that you upgrade your php5 packages. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. \n For more information, see:\n http://php.net/ChangeLog-5.php#5.6.24\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\naea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\ned5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz\n\nSlackware x86_64 -current package:\n17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.6.24-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: php security and bug fix update\nAdvisory ID: RHSA-2016:1613-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1613.html\nIssue date: 2016-08-11\nCVE Names: CVE-2016-5385 \n=====================================================================\n\n1. Summary:\n\nAn update for php is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. (CVE-2016-5385)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue. \n\nBug Fix(es):\n\n* Previously, an incorrect logic in the SAPI header callback routine caused\nthat the callback counter was not incremented. Consequently, when a script\nincluded a header callback, it could terminate unexpectedly with a\nsegmentation fault. With this update, the callback counter is properly\nmanaged, and scripts with a header callback implementation work as\nexpected. (BZ#1346758)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1346758 - Segmentation fault while header_register_callback\n1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nphp-5.4.16-36.3.el7_2.src.rpm\n\nx86_64:\nphp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-bcmath-5.4.16-36.3.el7_2.x86_64.rpm\nphp-cli-5.4.16-36.3.el7_2.x86_64.rpm\nphp-common-5.4.16-36.3.el7_2.x86_64.rpm\nphp-dba-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-devel-5.4.16-36.3.el7_2.x86_64.rpm\nphp-embedded-5.4.16-36.3.el7_2.x86_64.rpm\nphp-enchant-5.4.16-36.3.el7_2.x86_64.rpm\nphp-fpm-5.4.16-36.3.el7_2.x86_64.rpm\nphp-gd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-intl-5.4.16-36.3.el7_2.x86_64.rpm\nphp-ldap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-odbc-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pdo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-process-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pspell-5.4.16-36.3.el7_2.x86_64.rpm\nphp-recode-5.4.16-36.3.el7_2.x86_64.rpm\nphp-snmp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-soap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xml-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nphp-5.4.16-36.3.el7_2.src.rpm\n\nx86_64:\nphp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-bcmath-5.4.16-36.3.el7_2.x86_64.rpm\nphp-cli-5.4.16-36.3.el7_2.x86_64.rpm\nphp-common-5.4.16-36.3.el7_2.x86_64.rpm\nphp-dba-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-devel-5.4.16-36.3.el7_2.x86_64.rpm\nphp-embedded-5.4.16-36.3.el7_2.x86_64.rpm\nphp-enchant-5.4.16-36.3.el7_2.x86_64.rpm\nphp-fpm-5.4.16-36.3.el7_2.x86_64.rpm\nphp-gd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-intl-5.4.16-36.3.el7_2.x86_64.rpm\nphp-ldap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-odbc-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pdo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-process-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pspell-5.4.16-36.3.el7_2.x86_64.rpm\nphp-recode-5.4.16-36.3.el7_2.x86_64.rpm\nphp-snmp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-soap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xml-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp-5.4.16-36.3.el7_2.src.rpm\n\nppc64:\nphp-5.4.16-36.3.el7_2.ppc64.rpm\nphp-cli-5.4.16-36.3.el7_2.ppc64.rpm\nphp-common-5.4.16-36.3.el7_2.ppc64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm\nphp-gd-5.4.16-36.3.el7_2.ppc64.rpm\nphp-ldap-5.4.16-36.3.el7_2.ppc64.rpm\nphp-mysql-5.4.16-36.3.el7_2.ppc64.rpm\nphp-odbc-5.4.16-36.3.el7_2.ppc64.rpm\nphp-pdo-5.4.16-36.3.el7_2.ppc64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.ppc64.rpm\nphp-process-5.4.16-36.3.el7_2.ppc64.rpm\nphp-recode-5.4.16-36.3.el7_2.ppc64.rpm\nphp-soap-5.4.16-36.3.el7_2.ppc64.rpm\nphp-xml-5.4.16-36.3.el7_2.ppc64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.ppc64.rpm\n\nppc64le:\nphp-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-cli-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-common-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-gd-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-ldap-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-mysql-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-odbc-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-pdo-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-pgsql-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-process-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-recode-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-soap-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-xml-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.ppc64le.rpm\n\ns390x:\nphp-5.4.16-36.3.el7_2.s390x.rpm\nphp-cli-5.4.16-36.3.el7_2.s390x.rpm\nphp-common-5.4.16-36.3.el7_2.s390x.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.s390x.rpm\nphp-gd-5.4.16-36.3.el7_2.s390x.rpm\nphp-ldap-5.4.16-36.3.el7_2.s390x.rpm\nphp-mysql-5.4.16-36.3.el7_2.s390x.rpm\nphp-odbc-5.4.16-36.3.el7_2.s390x.rpm\nphp-pdo-5.4.16-36.3.el7_2.s390x.rpm\nphp-pgsql-5.4.16-36.3.el7_2.s390x.rpm\nphp-process-5.4.16-36.3.el7_2.s390x.rpm\nphp-recode-5.4.16-36.3.el7_2.s390x.rpm\nphp-soap-5.4.16-36.3.el7_2.s390x.rpm\nphp-xml-5.4.16-36.3.el7_2.s390x.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.s390x.rpm\n\nx86_64:\nphp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-cli-5.4.16-36.3.el7_2.x86_64.rpm\nphp-common-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-gd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-ldap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-odbc-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pdo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-process-5.4.16-36.3.el7_2.x86_64.rpm\nphp-recode-5.4.16-36.3.el7_2.x86_64.rpm\nphp-soap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xml-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nphp-bcmath-5.4.16-36.3.el7_2.ppc64.rpm\nphp-dba-5.4.16-36.3.el7_2.ppc64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.ppc64.rpm\nphp-devel-5.4.16-36.3.el7_2.ppc64.rpm\nphp-embedded-5.4.16-36.3.el7_2.ppc64.rpm\nphp-enchant-5.4.16-36.3.el7_2.ppc64.rpm\nphp-fpm-5.4.16-36.3.el7_2.ppc64.rpm\nphp-intl-5.4.16-36.3.el7_2.ppc64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.ppc64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.ppc64.rpm\nphp-pspell-5.4.16-36.3.el7_2.ppc64.rpm\nphp-snmp-5.4.16-36.3.el7_2.ppc64.rpm\n\nppc64le:\nphp-bcmath-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-dba-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-devel-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-embedded-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-enchant-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-fpm-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-intl-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-mbstring-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-pspell-5.4.16-36.3.el7_2.ppc64le.rpm\nphp-snmp-5.4.16-36.3.el7_2.ppc64le.rpm\n\ns390x:\nphp-bcmath-5.4.16-36.3.el7_2.s390x.rpm\nphp-dba-5.4.16-36.3.el7_2.s390x.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.s390x.rpm\nphp-devel-5.4.16-36.3.el7_2.s390x.rpm\nphp-embedded-5.4.16-36.3.el7_2.s390x.rpm\nphp-enchant-5.4.16-36.3.el7_2.s390x.rpm\nphp-fpm-5.4.16-36.3.el7_2.s390x.rpm\nphp-intl-5.4.16-36.3.el7_2.s390x.rpm\nphp-mbstring-5.4.16-36.3.el7_2.s390x.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.s390x.rpm\nphp-pspell-5.4.16-36.3.el7_2.s390x.rpm\nphp-snmp-5.4.16-36.3.el7_2.s390x.rpm\n\nx86_64:\nphp-bcmath-5.4.16-36.3.el7_2.x86_64.rpm\nphp-dba-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-devel-5.4.16-36.3.el7_2.x86_64.rpm\nphp-embedded-5.4.16-36.3.el7_2.x86_64.rpm\nphp-enchant-5.4.16-36.3.el7_2.x86_64.rpm\nphp-fpm-5.4.16-36.3.el7_2.x86_64.rpm\nphp-intl-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pspell-5.4.16-36.3.el7_2.x86_64.rpm\nphp-snmp-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp-5.4.16-36.3.el7_2.src.rpm\n\nx86_64:\nphp-5.4.16-36.3.el7_2.x86_64.rpm\nphp-cli-5.4.16-36.3.el7_2.x86_64.rpm\nphp-common-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-gd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-ldap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-odbc-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pdo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pgsql-5.4.16-36.3.el7_2.x86_64.rpm\nphp-process-5.4.16-36.3.el7_2.x86_64.rpm\nphp-recode-5.4.16-36.3.el7_2.x86_64.rpm\nphp-soap-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xml-5.4.16-36.3.el7_2.x86_64.rpm\nphp-xmlrpc-5.4.16-36.3.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nphp-bcmath-5.4.16-36.3.el7_2.x86_64.rpm\nphp-dba-5.4.16-36.3.el7_2.x86_64.rpm\nphp-debuginfo-5.4.16-36.3.el7_2.x86_64.rpm\nphp-devel-5.4.16-36.3.el7_2.x86_64.rpm\nphp-embedded-5.4.16-36.3.el7_2.x86_64.rpm\nphp-enchant-5.4.16-36.3.el7_2.x86_64.rpm\nphp-fpm-5.4.16-36.3.el7_2.x86_64.rpm\nphp-intl-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mbstring-5.4.16-36.3.el7_2.x86_64.rpm\nphp-mysqlnd-5.4.16-36.3.el7_2.x86_64.rpm\nphp-pspell-5.4.16-36.3.el7_2.x86_64.rpm\nphp-snmp-5.4.16-36.3.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXrPgaXlSAg2UNWIIRAjn0AJ9+uobkj268+7awLhgQLyNGujzgkgCgp8+D\nggdX4EUo7inKwJDZgGYrNok=\n=Zn6M\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n=========================================================================\nUbuntu Security Notice USN-3045-1\nAugust 02, 2016\n\nphp5, php7.0 vulnerabilities\n=========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n\nSoftware Description:\n- php7.0: HTML-embedded scripting language interpreter\n- php5: HTML-embedded scripting language interpreter\n\nDetails:\n\nIt was discovered that PHP incorrectly handled certain SplMinHeap::compar\ne\noperations. A remote attacker could use this issue to cause PHP to crash,\n\nresulting in a denial of service, or possibly execute arbitrary code. Thi\ns\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116\n)\n\nIt was discovered that PHP incorrectly handled recursive method calls. A\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2015-8873)\n\nIt was discovered that PHP incorrectly validated certain Exception object\ns\nwhen unserializing data. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2015-8876)\n\nIt was discovered that PHP header() function performed insufficient\nfiltering for Internet Explorer. A remote attacker could possibly use thi\ns\nissue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2015-8935)\n\nIt was discovered that PHP incorrectly handled certain locale operations. \n\nAn attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2016-5093)\n\nIt was discovered that the PHP php_html_entities() function incorrectly\nhandled certain string lengths. A remote attacker could use this issue to\n\ncause PHP to crash, resulting in a denial of service, or possibly execute\n\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2016-5094, CVE-2016-5095)\n\nIt was discovered that the PHP fread() function incorrectly handled certa\nin\nlengths. An attacker could use this issue to cause PHP to crash, resultin\ng\nin a denial of service, or possibly execute arbitrary code. This issue on\nly\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)\n\nIt was discovered that the PHP FastCGI Process Manager (FPM) SAPI\nincorrectly handled memory in the access logging feature. An attacker cou\nld\nuse this issue to cause PHP to crash, resulting in a denial of service, o\nr\npossibly expose sensitive information. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)\n\nIt was discovered that PHP would not protect applications from contents o\nf\nthe HTTP_PROXY environment variable when based on the contents of the Pro\nxy\nheader from HTTP requests. A remote attacker could possibly use this issu\ne\nin combination with scripts that honour the HTTP_PROXY variable to redire\nct\noutgoing HTTP requests. (CVE-2016-5385)\n\nHans Jerry Illikainen discovered that the PHP bzread() function incorrect\nly\nperformed error handling. A remote attacker could use this issue to cause\n\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-5399)\n\nIt was discovered that certain PHP multibyte string functions incorrectly\n\nhandled memory. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)\n\nIt was discovered that the PHP Mcrypt extension incorrectly handled memor\ny. \nA remote attacker could use this issue to cause PHP to crash, resulting i\nn\na denial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)\n\nIt was discovered that the PHP garbage collector incorrectly handled\ncertain objects when unserializing malicious data. A remote attacker coul\nd\nuse this issue to cause PHP to crash, resulting in a denial of service, o\nr\npossibly execute arbitrary code. This issue was only addressed in Ubuntu\nUbuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)\n\nIt was discovered that PHP incorrectly handled memory when unserializing\nmalicious xml data. A remote attacker could use this issue to cause PHP t\no\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2016-5772)\n\nIt was discovered that the PHP php_url_parse_ex() function incorrectly\nhandled string termination. A remote attacker could use this issue to cau\nse\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0\n4\nLTS. (CVE-2016-6288)\n\nIt was discovered that PHP incorrectly handled path lengths when extracti\nng\ncertain Zip archives. A remote attacker could use this issue to cause PHP\n\nto crash, resulting in a denial of service, or possibly execute arbitrary\n\ncode. (CVE-2016-6289)\n\nIt was discovered that PHP incorrectly handled session deserialization. A\n\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service, or possibly execute arbitrary code. (CVE-2016-6290)\n\nIt was discovered that PHP incorrectly handled exif headers when processi\nng\ncertain JPEG images. A remote attacker could use this issue to cause PHP \nto\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-6291, CVE-2016-6292)\n\nIt was discovered that PHP incorrectly handled certain locale operations. \n A\nremote attacker could use this issue to cause PHP to crash, resulting in \na\ndenial of service, or possibly execute arbitrary code. (CVE-2016-6294)\n\nIt was discovered that the PHP garbage collector incorrectly handled\ncertain objects when unserializing SNMP data. A remote attacker could use\n\nthis issue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT\nS\nand Ubuntu 16.04 LTS. (CVE-2016-6295)\n\nIt was discovered that the PHP xmlrpc_encode_request() function incorrect\nly\nhandled certain lengths. An attacker could use this issue to cause PHP to\n\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-6296)\n\nIt was discovered that the PHP php_stream_zip_opener() function incorrect\nly\nhandled memory. An attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2016-6297)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2\n php7.0-cgi 7.0.8-0ubuntu0.16.04.2\n php7.0-cli 7.0.8-0ubuntu0.16.04.2\n php7.0-fpm 7.0.8-0ubuntu0.16.04.2\n\nUbuntu 14.04 LTS:\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19\n php5-cgi 5.5.9+dfsg-1ubuntu4.19\n php5-cli 5.5.9+dfsg-1ubuntu4.19\n php5-fpm 5.5.9+dfsg-1ubuntu4.19\n\nUbuntu 12.04 LTS:\n libapache2-mod-php5 5.3.10-1ubuntu3.24\n php5-cgi 5.3.10-1ubuntu3.24\n php5-cli 5.3.10-1ubuntu3.24\n php5-fpm 5.3.10-1ubuntu3.24\n\nIn general, a standard system update will make all the necessary changes. \n\n\nReferences:\n http://www.ubuntu.com/usn/usn-3045-1\n CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935,\n CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096,\n CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768,\n CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773,\n CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291,\n CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296,\n CVE-2016-6297\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05333297\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05333297\nVersion: 2\n\nHPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface,\nMultiple Remote Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-01-14\nLast Updated: 2017-01-13\n\nPotential Security Impact: Remote: Denial of Service (DoS), Unauthorized\nDisclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability in PHP was addressed by the HPE StoreEver MSL6480\nTape Library firmware version 5.10. The vulnerability could be exploited\nremotely to allow Unauthorized Disclosure of Information or Denial of Service\nvia the Ethernet Management Interface. Please note that the Management\nInterface cannot access data stored on tape media, so this vulnerability does\nnot allow for remote unauthorized disclosure of data stored on tape media or\nremote denial of service. \n\nReferences:\n\n - CVE-2016-5385 - PHP, HTTPoxy\n - CVE-2016-3074 - PHP\n - CVE-2013-7456 - PHP\n - CVE-2016-5093 - PHP\n - CVE-2016-5094 - PHP\n - CVE-2016-5096 - PHP\n - CVE-2016-5766 - PHP\n - CVE-2016-5767 - PHP\n - CVE-2016-5768 - PHP\n - CVE-2016-5769 - PHP\n - CVE-2016-5770 - PHP\n - CVE-2016-5771 - PHP\n - CVE-2016-5772 - PHP\n - CVE-2016-5773 - PHP\n - CVE-2016-6207 - GD Graphics Library\n - CVE-2016-6289 - PHP\n - CVE-2016-6290 - PHP\n - CVE-2016-6291 - PHP\n - CVE-2016-6292 - PHP\n - CVE-2016-6293 - PHP\n - CVE-2016-6294 - PHP\n - CVE-2016-6295 - PHP\n - CVE-2016-6296 - PHP\n - CVE-2016-6297 - PHP\n - CVE-2016-5399 - PHP\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP StoreEver MSL6480 Tape Library prior to 5.10\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2013-7456\n 7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-3074\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5093\n 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5094\n 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5096\n 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5385\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5399\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5766\n 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5767\n 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5768\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5769\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5770\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5771\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5772\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5773\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-6207\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2016-6289\n 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-6290\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-6291\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-6292\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2016-6293\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-6294\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-6295\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-6296\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-6297\n 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software update to resolve the vulnerabilities\nfor the impacted versions of the HPE StoreEver MSL6480 Tape Library:\n\n * \u003chttp://www.hpe.com/support/msl6480\u003e\n\nHISTORY\n\nVersion:1 (rev.1) - 15 November 2016 Initial release\n\nVersion:2 (rev.2) - 13 January 2017 Updating CVE list\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5385"
},
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138299"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "140515"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94204",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#797896",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-5385",
"trust": 3.1
},
{
"db": "BID",
"id": "91821",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1036335",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU91485132",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "138299",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138014",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138070",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138295",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143933",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139744",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138297",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138296",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-94204",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5385",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138136",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140515",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138299"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "140515"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"id": "VAR-201607-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:03:59.307000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2016-4e7db3d437",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/"
},
{
"title": "FEDORA-2016-8eb11666aa",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/"
},
{
"title": "FEDORA-2016-9c8cf5912c",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/"
},
{
"title": "HPSBMU03653",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
},
{
"title": "HPSBST03671",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05333297"
},
{
"title": "NV16-020",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv16-020.html"
},
{
"title": "Oracle Linux Bulletin - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"title": "Bug 1353794",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
},
{
"title": "RHSA-2016:1609",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1609.html"
},
{
"title": "RHSA-2016:1610",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1610.html"
},
{
"title": "RHSA-2016:1611",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1611.html"
},
{
"title": "RHSA-2016:1612",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1612.html"
},
{
"title": "RHSA-2016:1613",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1613.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://php.net/"
},
{
"title": "TLSA-2016-19",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-19j.html"
},
{
"title": "PHP CGI Web server httpoxy Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=62998"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/07/18/httpoxy_hole/"
},
{
"title": "Amazon Linux AMI: ALAS-2016-728",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-728"
},
{
"title": "Ubuntu Security Notice: php5, php7.0 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3045-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
},
{
"title": "Forcepoint Security Advisories: HTTPoxy CGI HTTP_PROXY Variable Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=47734ce563632c9864b0b698ae37ddf9"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "bach",
"trust": 0.1,
"url": "https://github.com/sonatype-nexus-community/bach "
},
{
"title": "bach",
"trust": 0.1,
"url": "https://github.com/ossindex/bach "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2016-5385 "
},
{
"title": "jbot",
"trust": 0.1,
"url": "https://github.com/jschauma/jbot "
},
{
"title": "CVE-2016-5385",
"trust": 0.1,
"url": "https://github.com/aipocai/cve-2016-5385 "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/chaplean/nginx-proxy "
},
{
"title": "nginx-proxy2",
"trust": 0.1,
"url": "https://github.com/corzel/nginx-proxy2 "
},
{
"title": "Test",
"trust": 0.1,
"url": "https://github.com/abhinav4git/test "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/jwilder/nginx-proxy "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/gloveofgames/hehe "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jquepi/nginx-proxy-2 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/lemonhope-mz/replica_nginx-proxy "
},
{
"title": "reto-ejercicio1",
"trust": 0.1,
"url": "https://github.com/quiriancordova/reto-ejercicio1 "
},
{
"title": "nginx",
"trust": 0.1,
"url": "https://github.com/ratika-web/nginx "
},
{
"title": "docker-nginx-proxy",
"trust": 0.1,
"url": "https://github.com/codekoalas/docker-nginx-proxy "
},
{
"title": "jwilder-nginx-proxy",
"trust": 0.1,
"url": "https://github.com/linguamerica/jwilder-nginx-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/abhi1693/nginx-proxy "
},
{
"title": "DockerProject",
"trust": 0.1,
"url": "https://github.com/antoinechab/dockerproject "
},
{
"title": "plonevhost",
"trust": 0.1,
"url": "https://github.com/alteroo/plonevhost "
},
{
"title": "nginx-proxy-docker-image-builder",
"trust": 0.1,
"url": "https://github.com/expoli/nginx-proxy-docker-image-builder "
},
{
"title": "reto-ejercicio3",
"trust": 0.1,
"url": "https://github.com/quiriancordova/reto-ejercicio3 "
},
{
"title": "nginx",
"trust": 0.1,
"url": "https://github.com/isaiahweeks/nginx "
},
{
"title": "docker-dev-tools-proxy",
"trust": 0.1,
"url": "https://github.com/antimatter-studios/docker-dev-tools-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/nginx-proxy/nginx-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/bfirestone/nginx-proxy "
},
{
"title": "nginx-oidc-proxy",
"trust": 0.1,
"url": "https://github.com/garnser/nginx-oidc-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/vitasl/nginx-proxy "
},
{
"title": "nginx-proxy-docker-image-builder",
"trust": 0.1,
"url": "https://github.com/expoli/nginx-proxy-docker-image "
},
{
"title": "docker-proxy",
"trust": 0.1,
"url": "https://github.com/antimatter-studios/docker-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/junkl-solbox/nginx-proxy "
},
{
"title": "nginxProxy",
"trust": 0.1,
"url": "https://github.com/moewsystem/nginxproxy "
},
{
"title": "kube-active-proxy",
"trust": 0.1,
"url": "https://github.com/adi90x/kube-active-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/antimatter-studios/nginx-proxy "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/6d617274696e73/nginx-waf-proxy "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/mikediamanto/nginx-proxy "
},
{
"title": "rancher-active-proxy",
"trust": 0.1,
"url": "https://github.com/adi90x/rancher-active-proxy "
},
{
"title": "algm-php-vulnerability-checker",
"trust": 0.1,
"url": "https://github.com/timclifford/algm-php-vulnerability-checker "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/t0m4too/t0m4to "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/korayagaya/trivyweb "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/vulnerability-scanner-for-containers "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/mohzeela/external-secret "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cgi-script-vulnerability-httpoxy-allows-man-in-the-middle-attacks/119345/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/91821"
},
{
"trust": 2.4,
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"trust": 2.0,
"url": "https://httpoxy.org/"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1613.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1036335"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1609.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1610.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1611.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1612.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
},
{
"trust": 1.8,
"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1"
},
{
"trust": 1.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
},
{
"trust": 1.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05333297"
},
{
"trust": 1.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.8,
"url": "https://www.drupal.org/sa-core-2016-003"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03770en_us"
},
{
"trust": 1.6,
"url": "https://www.apache.org/security/asf-httpoxy-response.txt"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5385"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc3875"
},
{
"trust": 0.8,
"url": "https://httpoxy.org"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/807.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/454.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91485132"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5385"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2016-5385"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:1613"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:1612"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:1611"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:1610"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:1609"
},
{
"trust": 0.6,
"url": "httpoxy.org/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5399"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6294"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6289"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6297"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6291"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6292"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6295"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6296"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6290"
},
{
"trust": 0.2,
"url": "https://php.net/changelog-5.php#5.6.24"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5093"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5772"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5768"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5094"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5773"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5096"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03770en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/601.html"
},
{
"trust": 0.1,
"url": "https://github.com/sonatype-nexus-community/bach"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6207"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6288"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8876"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8873"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3045-1"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05333297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7456"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5770"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5767"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6293"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/msl6480\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138299"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "140515"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "PACKETSTORM",
"id": "138070"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138299"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "140515"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "CERT/CC",
"id": "VU#797896"
},
{
"date": "2016-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-94204"
},
{
"date": "2016-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"date": "2016-07-27T14:25:39",
"db": "PACKETSTORM",
"id": "138070"
},
{
"date": "2016-07-22T22:42:48",
"db": "PACKETSTORM",
"id": "138014"
},
{
"date": "2016-08-12T18:03:29",
"db": "PACKETSTORM",
"id": "138299"
},
{
"date": "2016-08-02T22:59:53",
"db": "PACKETSTORM",
"id": "138136"
},
{
"date": "2017-01-15T23:24:00",
"db": "PACKETSTORM",
"id": "140515"
},
{
"date": "2016-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-538"
},
{
"date": "2016-07-19T02:00:17.773000",
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-19T00:00:00",
"db": "CERT/CC",
"id": "VU#797896"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-94204"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"date": "2016-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"date": "2023-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-538"
},
{
"date": "2023-02-12T23:23:28.023000",
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "138299"
},
{
"db": "PACKETSTORM",
"id": "138136"
},
{
"db": "PACKETSTORM",
"id": "140515"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables",
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-538"
}
],
"trust": 0.6
}
}