7 matches found
CVE-2022-47410
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations...
createAction() ,castApproval(), castDisapproval() functions vulnerable replay attacks
Lines of code Vulnerability details Impact /// @notice Mapping of policyholders to function selectors to current nonces for EIP-712 signatures. /// @dev This is used to prevent replay attacks by incrementing the nonce for each operation createAction, /// castApproval and castDisapproval signed by...
GHSA-VXMC-QG5X-PVFX "Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations...
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations...
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks ...
CVE-2022-47410
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations...
PT-2022-28061 · Typo3 · Fp Newsletter
Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions prior to 1.1.1 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.x prior to 2.1.2 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.x prior to 3.2.6...