Skip to main content
CVE-2013-3926 HIGH POC This Week

Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Atlassian Crowd
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-3925 MEDIUM POC This Month

Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Atlassian XXE Crowd
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-4745 HIGH This Week

SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Myquizpoll
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-4748 HIGH PATCH This Week

SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi News
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-2158 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Services
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-6144 MEDIUM PATCH This Month

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Typo3
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2013-4744 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Phpunit
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4746 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Myquizpoll
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4747 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Accessible Is Browse Results
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4749 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Usertask Center Messaging
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6148 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Typo3
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-6147 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Typo3
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-6145 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Typo3
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy