17 matches found
EUVD-2021-1454
Malware in sbrugna...
EUVD-2021-1486
Malware in sbrugna...
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks ...
CVE-2022-47409
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations...
CVE-2022-47409
CVE-2022-47409 affects the TYPO3 fp_newsletter extension. The issue arises in the deleteAction, where attackers can unsubscribe everyone by manipulating series of subscription UIDs. Affected versions include: pre-1.1.1; 1.2.0; 2.x before 2.1.2; 2.2.1 through 2.4.0; and 3.x before 3.2.6. Impact is...
CVE-2022-47408
An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people...
Information Disclosure
directmailteam/direct-mail is vulnerable to information disclosure. The extension fails to check if an authenticated backend user has access to pages with newsletter subscriber data when using the "Special query" feature...
GHSA-9PM8-XCJ6-2M33 Missing Authorization in TYPO3 extension
The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...
Missing Authorization in TYPO3 extension
The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...
CVE-2020-12698
The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...
CVE-2020-12700
The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...
CVE-2020-12700
The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...
Improper access control
The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...
Information disclosure
The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...
CVE-2020-12700
The directmail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query...
CVE-2020-12698
The directmail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables...
shop.mohd.it XSS vulnerability
Open Bug Bounty ID: OBB-582638 Description| Value ---|--- Affected Website:| shop.mohd.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...