Lucene search

Direct Mail Security Vulnerabilities

cve

CVE-2009-4159

Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified...

5.3AI Score

0.001EPSS

2022-10-03 04:24 PM

cve

CVE-2020-12700

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special...

4.3CVSS

4.6AI Score

0.001EPSS

2020-05-13 01:15 PM

cve

CVE-2020-12699

The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via...

6.1CVSS

6.3AI Score

0.001EPSS

2020-05-13 01:15 PM

cve

CVE-2020-12697

The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log...

5.3CVSS

5.5AI Score

0.001EPSS

2020-05-13 01:15 PM

cve

CVE-2020-12698

The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber...

4.3CVSS

4.9AI Score

0.001EPSS

2020-05-13 01:15 PM

cve

CVE-2019-16698

The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a...

4.3CVSS

4.5AI Score

0.001EPSS

2019-10-16 07:15 PM

cve

CVE-2013-7400

The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication...

7.5CVSS

7.5AI Score

0.003EPSS

2017-12-29 03:29 PM