Lucene search
+L

88 matches found

osv
osv
added 2023/02/02 12:0 a.m.16 views

CVE-2023-25014

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users...

8.6CVSS7.6AI score0.00501EPSS
Exploits0References4
osv
osv
added 2023/02/02 12:0 a.m.19 views

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...

8.6CVSS7.7AI score0.00501EPSS
Exploits0References4
friendsofphp
friendsofphp
added 2023/01/19 12:56 p.m.39 views

TYPO3-EXT-SA-2023-001: Broken Access Control in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-001...

8.6CVSS7.2AI score0.00501EPSS
Exploits0Affected Software1
github
github
added 2022/11/03 6:10 p.m.28 views

TYPO3 Extension femanager vulnerable to Broken Access Control

The TYPO3 Extension femanager prior to versions 5.5.2, 6.3.3, and 7.0.1 is vulnerable to broken access control. The usergroup.inList validation can be bypassed resulting in new frontend users created by the extension may be members of groups that are restricted. The vulnerability is only...

5.3CVSS3.6AI score0.00603EPSS
Exploits0References9Affected Software1
osv
osv
added 2022/11/03 6:10 p.m.15 views

GHSA-59M9-P6CM-94Q5 TYPO3 Extension femanager vulnerable to Broken Access Control

The TYPO3 Extension femanager prior to versions 5.5.2, 6.3.3, and 7.0.1 is vulnerable to broken access control. The usergroup.inList validation can be bypassed resulting in new frontend users created by the extension may be members of groups that are restricted. The vulnerability is only...

6.5CVSS5.1AI score0.00603EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2022/11/03 12:0 a.m.5 views

PT-2022-27229 · Typo3 · Femanager

Name of the Vulnerable Software and Affected Versions: femanager extension versions prior to 5.5.2 femanager extension versions 6.x prior to 6.3.3 femanager extension versions 7.x prior to 7.0.1 Description: The issue allows creation of frontend users in restricted groups if there is a usergroup...

6.5CVSS5.2AI score0.00603EPSS
Exploits0References12
friendsofphp
friendsofphp
added 2022/10/31 5:7 p.m.35 views

TYPO3-EXT-SA-2022-015: Broken Access Control in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-015...

5.3CVSS7.2AI score0.00603EPSS
Exploits0Affected Software1
github
github
added 2022/05/13 1:4 a.m.11 views

TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...

6.4CVSS6.9AI score0.01333EPSS
Exploits0References4Affected Software1
snyk
snyk
added 2022/05/13 1:4 a.m.4 views

Missing Authorization

Overview in2code/femanager is a Modern TYPO3 Frontend User Registration. Affected versions of this package are vulnerable to Missing Authorization via unspecified vectors. An attacker can modify or delete the records of other frontend users by exploiting these vectors. Remediation Upgrade...

9.1CVSS7AI score0.01333EPSS
Exploits0References2
osv
osv
added 2022/05/13 1:4 a.m.12 views

GHSA-377V-8637-6VQ6 TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...

8.8CVSS6.8AI score0.01333EPSS
Exploits0References4
packetstorm
packetstorm
added 2022/01/25 12:0 a.m.514 views

TYPO3 femanager 6.3.0 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and below fixed version: 6.3.1 and 5.5.1 CVE...

5.4CVSS0.2AI score0.01333EPSS
Exploits3
zdt
zdt
added 2022/01/25 12:0 a.m.317 views

TYPO3 femanager 6.3.0 Cross Site Scripting Vulnerability

======================================================================= title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and below fixed version: 6.3.1 and 5.5.1 CVE number: CVE-2021-36787 impact: Medium homepage:...

5.4CVSS0.01333EPSS
Exploits3
github
github
added 2021/09/01 6:36 p.m.39 views

Cross-site Scripting in the femanager TYPO3 extension

The extension allows by default to upload SVG files when a logged in frontend user uploads a new profile image. This may lead to Cross-Site Scripting, when the uploaded SVG image is used as is on the website. Note: If SVG uploads are required, it is recommended to use the TYPO3 extension...

5.4CVSS5.4AI score0.01333EPSS
Exploits3References9Affected Software1
osv
osv
added 2021/09/01 6:36 p.m.54 views

GHSA-F3RF-V9QM-9C89 Cross-site Scripting in the femanager TYPO3 extension

The extension allows by default to upload SVG files when a logged in frontend user uploads a new profile image. This may lead to Cross-Site Scripting, when the uploaded SVG image is used as is on the website. Note: If SVG uploads are required, it is recommended to use the TYPO3 extension...

5.4CVSS5.3AI score0.01333EPSS
Exploits3References9
veracode
veracode
added 2021/08/16 5:33 a.m.18 views

Cross-site Scripting (XSS)

femanageris vulnerable to Cross-site Scripting. The vulnerability exists due to insufficient sanitization of user-supplied data in the SVG image. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in...

5.4CVSS5.5AI score0.01333EPSS
Exploits3References5Affected Software1
cnvd
cnvd
added 2021/08/16 12:0 a.m.25 views

TYPO3 Cross-Site Scripting Vulnerability (CNVD-2022-17974)

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 Femanager has a cross-site scripting vulnerability that can be exploited by attackers to XSS through a well-designed SVG document...

5.4CVSS3.2AI score0.01333EPSS
Exploits3References1
nvd
nvd
added 2021/08/13 5:15 p.m.29 views

CVE-2021-36787

The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document...

5.4CVSS0.01333EPSS
Exploits3References4
osv
osv
added 2021/08/13 5:15 p.m.16 views

CVE-2021-36787

The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document...

5.4CVSS5.7AI score
Exploits0References4
cvelist
cvelist
added 2021/08/13 4:15 p.m.26 views

CVE-2021-36787

The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document...

5.4AI score0.01333EPSS
Exploits3References4
cve
cve
added 2021/08/13 4:15 p.m.111 views

CVE-2021-36787

The CVE-2021-36787 issue affects the TYPO3 femanager extension prior to 5.5.1 and 6.x prior to 6.3.1, where a crafted SVG document can trigger Cross-Site Scripting (XSS). The vulnerability arises from how SVG content is handled during user-related operations, allowing injected script when the SVG...

5.4CVSS5AI score0.01333EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder