CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2021/07/26 9:34 p.m.•16 views

GHSA-QWMJ-72MP-Q3M2 Missing Authorization in TYPO3 extension

The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...

4.3CVSS4.6AI score0.00129EPSS

Github Security Blog•added 2021/07/26 9:34 p.m.•64 views

Missing Authorization in TYPO3 extension

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4.3CVSS3.4AI score0.00129EPSS

OSV•added 2021/07/26 9:34 p.m.•18 views

GHSA-9PM8-XCJ6-2M33 Missing Authorization in TYPO3 extension

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4.3CVSS4.8AI score0.00129EPSS

Github Security Blog•added 2021/05/24 4:58 p.m.•47 views

Open redirect in direct_mail

The directmail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl...

6.1CVSS2.6AI score0.00171EPSS

OSV•added 2021/05/24 4:58 p.m.•20 views

GHSA-952M-M83C-3XM6 Open redirect in direct_mail

The directmail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl...

6.1CVSS6.3AI score0.00171EPSS

Github Security Blog•added 2021/05/24 4:58 p.m.•40 views

Denial of service in direct_mail

The directmail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries...

5.3CVSS3.6AI score0.00328EPSS

OSV•added 2021/05/24 4:58 p.m.•20 views

GHSA-5GM6-R79Q-HFGW Denial of service in direct_mail

The directmail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries...

5.3CVSS5.4AI score0.00328EPSS

NVD•added 2020/05/13 1:15 p.m.•11 views

CVE-2020-12700

The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...

4.3CVSS4.5AI score0.00129EPSS

NVD•added 2020/05/13 1:15 p.m.•14 views

CVE-2020-12698

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4.3CVSS4.7AI score0.00129EPSS

NVD•added 2020/05/13 1:15 p.m.•9 views

CVE-2020-12699

The directmail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl...

6.1CVSS6.3AI score0.00171EPSS

NVD•added 2020/05/13 1:15 p.m.•8 views

CVE-2020-12697

The directmail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries...

5.3CVSS5.3AI score0.00328EPSS

Prion•added 2020/05/13 1:15 p.m.•19 views

Improper access control

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4CVSS4.7AI score0.00129EPSS

Prion•added 2020/05/13 1:15 p.m.•12 views

Design/Logic Flaw

The directmail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries...

5CVSS5.3AI score0.00328EPSS

Prion•added 2020/05/13 1:15 p.m.•11 views

Open redirect

The directmail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl...

5.8CVSS6.3AI score0.00171EPSS

CVE•added 2020/05/13 12:43 p.m.•56 views

CVE-2020-12700

The CVE-2020-12700 issue affects TYPO3's Direct Mail extension (direct_mail), version up to 5.2.3. The root cause is a missing access check for an authenticated backend user when using the Special Query feature, which enables Information Disclosure of newsletter subscriber data. Documented impact...

4.3CVSS4.6AI score0.00129EPSS

CVE•added 2020/05/13 12:42 p.m.•61 views

CVE-2020-12699

The CVE-2020-12699 entry concerns the TYPO3 Direct Mail (direct_mail) extension up to version 5.2.3, where the jumpUrl parameter is not sanitized, enabling an Open Redirect. This conclusion is supported by multiple connected sources (Veracode, GHSA/OSV, CVE records) describing an Open Redirect vi...

6.1CVSS6.3AI score0.00171EPSS