CVE-2021-36792

The CVE-2021-36792 issue affects the TYPO3 dated_news extension (versions up to 5.1.1). Root cause: incorrect Access Control for confirming various applications. Impact (as described in related sources): attackers could confirm various applications and potentially access all application registrat...

CVE-2021-36789

CVE-2021-36789 corresponds to a SQL Injection vulnerability in the TYPO3 dated_news (Dated News) extension up to version 5.1.1. The issue is caused by improper handling/encoding of user input, enabling injection via database queries. Connected sources confirm the same extension is involved and re...

CVE-2021-36791

CVE-2021-36791 affects the TYPO3 Dated News extension (dated_news) up to version 5.1.1, enabling information disclosure of application registration data. The available sources (NVD/Red Hat/CVE records and TYPO3 advisory) confirm the vulnerability and affected component but do not include explicit...

CVE-2021-36790

The CVE-2021-36790 entry affects the TYPO3 dated_news extension (up to version 5.1.1). The vulnerability is a Cross-Site Scripting (XSS) flaw caused by improper encoding of user input for HTML output, enabling injection of malicious scripts. Severity is reflected as MEDIUM (CVSS v2: 4.3; CVSS v3....