Search Parameters:
- Contains Software Flaws (CVE)
- CPE Product Version: cpe:/a:typo3:typo3:8.7.4
There are 2 matching records.
Vuln ID |
Summary |
CVSS Severity |
CVE-2018-6905
|
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
Published:
April 08, 2018; 01:29:00 PM -04:00
|
V3: 4.8 MEDIUM
V2: 3.5 LOW
|
CVE-2017-14251
|
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
Published:
September 11, 2017; 05:29:00 AM -04:00
|
V3: 8.8 HIGH
V2: 6.5 MEDIUM
|