Lucene search

[email protected]NVD:CVE-2014-6299

HistoryOct 03, 2014 - 2:55 p.m.

CVE-2014-6299

2014-10-0314:55:09

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

47.7%

JSON

Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors.

Affected configurations

Nvd

Node

mm_forum_projectmm_forumRange≤1.9.2typo3

mm_forum_projectmm_forumMatch0.1.0typo3

mm_forum_projectmm_forumMatch0.1.1typo3

mm_forum_projectmm_forumMatch0.1.2typo3

mm_forum_projectmm_forumMatch0.1.3typo3

mm_forum_projectmm_forumMatch0.1.4typo3

mm_forum_projectmm_forumMatch0.1.5typo3

mm_forum_projectmm_forumMatch0.1.6typo3

mm_forum_projectmm_forumMatch0.1.7typo3

mm_forum_projectmm_forumMatch0.1.8typo3

mm_forum_projectmm_forumMatch1.8.1typo3

mm_forum_projectmm_forumMatch1.8.2typo3

mm_forum_projectmm_forumMatch1.8.3typo3

mm_forum_projectmm_forumMatch1.9.0typo3

mm_forum_projectmm_forumMatch1.9.1typo3

VendorProductVersionCPE
mm_forum_projectmm_forum*cpe:2.3:a:mm_forum_project:mm_forum:*:*:*:*:*:typo3:*:*
mm_forum_projectmm_forum0.1.0cpe:2.3:a:mm_forum_project:mm_forum:0.1.0:*:*:*:*:typo3:*:*
mm_forum_projectmm_forum0.1.1cpe:2.3:a:mm_forum_project:mm_forum:0.1.1:*:*:*:*:typo3:*:*
mm_forum_projectmm_forum0.1.2cpe:2.3:a:mm_forum_project:mm_forum:0.1.2:*:*:*:*:typo3:*:*
mm_forum_projectmm_forum0.1.3cpe:2.3:a:mm_forum_project:mm_forum:0.1.3:*:*:*:*:typo3:*:*
mm_forum_projectmm_forum0.1.4cpe:2.3:a:mm_forum_project:mm_forum:0.1.4:*:*:*:*:typo3:*:*
mm_forum_projectmm_forum0.1.5cpe:2.3:a:mm_forum_project:mm_forum:0.1.5:*:*:*:*:typo3:*:*
mm_forum_projectmm_forum0.1.6cpe:2.3:a:mm_forum_project:mm_forum:0.1.6:*:*:*:*:typo3:*:*
mm_forum_projectmm_forum0.1.7cpe:2.3:a:mm_forum_project:mm_forum:0.1.7:*:*:*:*:typo3:*:*
mm_forum_projectmm_forum0.1.8cpe:2.3:a:mm_forum_project:mm_forum:0.1.8:*:*:*:*:typo3:*:*

Vendor	Product	Version	CPE
mm_forum_project	mm_forum	*	cpe:2.3:a:mm_forum_project:mm_forum::::::typo3::*
mm_forum_project	mm_forum	0.1.0	cpe:2.3:a:mm_forum_project:mm_forum:0.1.0:::::typo3::
mm_forum_project	mm_forum	0.1.1	cpe:2.3:a:mm_forum_project:mm_forum:0.1.1:::::typo3::
mm_forum_project	mm_forum	0.1.2	cpe:2.3:a:mm_forum_project:mm_forum:0.1.2:::::typo3::
mm_forum_project	mm_forum	0.1.3	cpe:2.3:a:mm_forum_project:mm_forum:0.1.3:::::typo3::
mm_forum_project	mm_forum	0.1.4	cpe:2.3:a:mm_forum_project:mm_forum:0.1.4:::::typo3::
mm_forum_project	mm_forum	0.1.5	cpe:2.3:a:mm_forum_project:mm_forum:0.1.5:::::typo3::
mm_forum_project	mm_forum	0.1.6	cpe:2.3:a:mm_forum_project:mm_forum:0.1.6:::::typo3::
mm_forum_project	mm_forum	0.1.7	cpe:2.3:a:mm_forum_project:mm_forum:0.1.7:::::typo3::
mm_forum_project	mm_forum	0.1.8	cpe:2.3:a:mm_forum_project:mm_forum:0.1.8:::::typo3::

Rows per page:

1-10 of 151

References

typo3.org/extensions/repository/view/mm_forum

typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

47.7%

JSON

Related for NVD:CVE-2014-6299

prion1 cve1 cvelist1 typo31