Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1454

Malware in sbrugna...

4.3CVSS4.8AI score0.00778EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1486

Malware in sbrugna...

4.3CVSS4.8AI score0.00778EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/12/14 9:30 p.m.21 views

Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks ...

9.1CVSS8.7AI score0.00651EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/12/14 9:15 p.m.23 views

CVE-2022-47409

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations...

9.1CVSS0.006EPSS
Exploits0References1
CVE
CVE
added 2022/12/14 12:0 a.m.47 views

CVE-2022-47409

CVE-2022-47409 affects the TYPO3 fp_newsletter extension. The issue arises in the deleteAction, where attackers can unsubscribe everyone by manipulating series of subscription UIDs. Affected versions include: pre-1.1.1; 1.2.0; 2.x before 2.1.2; 2.2.1 through 2.4.0; and 3.x before 3.2.6. Impact is...

9.1CVSS7.5AI score0.006EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/12/14 12:0 a.m.17 views

CVE-2022-47408

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people...

9.1CVSS9.3AI score0.00651EPSS
Exploits0References3
Veracode
Veracode
added 2021/07/28 5:1 a.m.26 views

Information Disclosure

directmailteam/direct-mail is vulnerable to information disclosure. The extension fails to check if an authenticated backend user has access to pages with newsletter subscriber data when using the "Special query" feature...

4.3CVSS2.6AI score0.00778EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/07/26 9:34 p.m.28 views

GHSA-9PM8-XCJ6-2M33 Missing Authorization in TYPO3 extension

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4.3CVSS4.8AI score0.00778EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/07/26 9:34 p.m.71 views

Missing Authorization in TYPO3 extension

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4.3CVSS3.4AI score0.00778EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/05/13 1:15 p.m.25 views

CVE-2020-12698

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4.3CVSS4.7AI score0.00778EPSS
Exploits0References2
NVD
NVD
added 2020/05/13 1:15 p.m.26 views

CVE-2020-12700

The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...

4.3CVSS4.5AI score0.00778EPSS
Exploits0References2
OSV
OSV
added 2020/05/13 1:15 p.m.7 views

CVE-2020-12700

The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...

4.3CVSS5.9AI score0.00778EPSS
Exploits0References2
Prion
Prion
added 2020/05/13 1:15 p.m.24 views

Improper access control

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4CVSS4.7AI score0.00778EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/05/13 1:15 p.m.23 views

Information disclosure

The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...

4CVSS4.4AI score0.00778EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/05/13 12:43 p.m.21 views

CVE-2020-12700

The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...

4.4AI score0.00778EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/05/13 12:41 p.m.24 views

CVE-2020-12698

The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...

4.7AI score0.00778EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2018/03/19 11:4 a.m.15 views

shop.mohd.it XSS vulnerability

Open Bug Bounty ID: OBB-582638 Description| Value ---|--- Affected Website:| shop.mohd.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Rows per page
Query Builder