Sascha Egerer

**Nome do Software Vulnerável e Versões Afetadas** Versões do Form to Database anteriores a 2.2.5 Versões do Form to Database 3.0.0 até 3.2.2 Versões do Form to Database 4.0.0 até 4.2.3 Versões do Form to Database 5.0.0 até 5.0.2 **Descrição** A extensão "Form to Database" está vulnerável a Cross-Site Scripting. **Recomendações** Atualize para uma versão anterior a 2.2.5. Atualize para uma versão anterior a 3.0.0 ou posterior a 3.2.2. Atualize para uma versão anterior a 4.0.0 ou posterior a 4.2.3. Atualize para uma versão anterior a 5.0.0 ou posterior a 5.0.2.

**Name of the Vulnerable Software and Affected Versions** Joomla! Core versions prior to 3.8.8 **Description** An issue was discovered where the web install application would autofill password fields after a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. **Recommendations** For versions prior to 3.8.8, update to version 3.8.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 6.0.x through 6.0.7 TYPO3 versions 6.1.x through 6.1.3 **Description** The issue allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. This is due to an incomplete fix for a previous issue. **Recommendations** For TYPO3 versions 6.0.x through 6.0.7, update to version 6.0.8 or later. For TYPO3 versions 6.1.x through 6.1.3, update to version 6.1.4 or later.