Markus Bucher

#11948de 53,633
22.9CVSS total
Vulnerabilidades · 5
Baixa
1
Média
4
PT-2023-16026
5.4
2023-09-12
Foreman · Foreman · CVE-2023-0119
**Name of the Vulnerable Software and Affected Versions** foreman (affected versions not specified) **Description** A stored Cross-site scripting vulnerability was found in the Comment section of the Hosts tab, due to incorrect filtering of user input data. This allows an attacker with an existing account to steal another user's session, make requests on behalf of the user, and obtain user credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2016-4000
5.4
2016-01-08
Typo3 · Typo3 · CVE-2015-8755
**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 6.2.x through 6.2.15 TYPO3 versions 7.x through 7.5 **Description** The issue allows remote authenticated editors to inject arbitrary web script or HTML. This is due to multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components. **Recommendations** For TYPO3 versions 6.2.x through 6.2.15, update to version 6.2.16 or later. For TYPO3 versions 7.x through 7.5, update to version 7.6.1 or later.
PT-2012-6169
4.3
2012-11-17
Basic Seo Features · Seo Basics · CVE-2012-5888
**Name of the Vulnerable Software and Affected Versions** Basic SEO Features (seo basics) extension versions prior to 0.8.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 0.8.2, update to version 0.8.2 or later to resolve the issue.
PT-2012-6170
4.3
2012-11-17
Typo3 · Typo3 Powermail Extension · CVE-2012-5889
**Name of the Vulnerable Software and Affected Versions** TYPO3 powermail extension versions prior to 1.6.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 1.6.5, update to version 1.6.5 or later to resolve the issue.
PT-2012-4787
3.5
2012-09-05
Typo3 · Typo3 · CVE-2012-3528
**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.x through 4.5.18 TYPO3 versions 4.6.x through 4.6.11 TYPO3 versions 4.7.x through 4.7.3 **Description** The issue allows remote authenticated backend users to inject arbitrary web script or HTML. This can be achieved via unspecified vectors in the backend of the software. **Recommendations** For TYPO3 versions 4.5.x through 4.5.18, update to version 4.5.19 or later. For TYPO3 versions 4.6.x through 4.6.11, update to version 4.6.12 or later. For TYPO3 versions 4.7.x through 4.7.3, update to version 4.7.4 or later.