FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|48bcb4b2-e708-11e1-a59d-000d601460a4||typo3 -- Multiple vulernabilities in TYPO3 Core|
Typo Security Team reports:
It has been discovered that TYPO3 Core is vulnerable to Cross-Site
Scripting, Information Disclosure, Insecure Unserialize leading to
Arbitrary Code Execution.
TYPO3 Backend Help System - Due to a missing signature (HMAC) for a
parameter in the view_help.php file, an attacker could unserialize
arbitrary objects within TYPO3. We are aware of a working exploit,
which can lead to arbitrary code execution. A valid backend user
login or multiple successful cross site request forgery attacks are
required to exploit this vulnerability.
TYPO3 Backend - Failing to properly HTML-encode user input in
several places, the TYPO3 backend is susceptible to Cross-Site
Scripting. A valid backend user is required to exploit these
TYPO3 Backend - Accessing the configuration module discloses the
Encryption Key. A valid backend user with access to the
configuration module is required to exploit this vulnerability.
TYPO3 HTML Sanitizing API - By not removing several HTML5
filter specially crafted HTML injections, thus is susceptible to
API method t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site
TYPO3 Install Tool - Failing to properly sanitize user input, the
Install Tool is susceptible to Cross-Site Scripting.
ge 4.5.0 lt 4.5.19
ge 4.6.0 lt 4.6.12
ge 4.7.0 lt 4.7.4