5 matches found
CVE-2021-36792
The datednews aka Dated News extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications...
CVE-2021-36792
creationtimestamp| type| source ---|---|--- 2021-08-13 20:41:21+00:00| seen| https://t.me/cibsecurity/27324...
CVE-2021-36792
The datednews aka Dated News extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications...
CVE-2021-36792
The CVE-2021-36792 issue affects the TYPO3 dated_news extension (versions up to 5.1.1). Root cause: incorrect Access Control for confirming various applications. Impact (as described in related sources): attackers could confirm various applications and potentially access all application registrat...
Multiple vulnerabilities in Extension "Dated News" (dated_news)
The extension fails to properly encode user input for output in HTML context CVE-2021-36790 and contains a blind SQL injection vulnerability CVE-2021-36789. It is also possible to confirm various applications CVE-2021-36792 and thereby obtain all application registration data CVE-2021-36791...