CVE-2022-44543

The CVE-2022-44543 issue affects the TYPO3 femanager extension (versions prior to 5.5.2, 6.x prior to 6.3.3, and 7.x prior to 7.0.1). The vulnerability arises from mishandling the usergroup.inList protection, enabling creation of frontend users in restricted groups when a usergroup field is prese...

CVE-2021-36787

The CVE-2021-36787 issue affects the TYPO3 femanager extension prior to 5.5.1 and 6.x prior to 6.3.1, where a crafted SVG document can trigger Cross-Site Scripting (XSS). The vulnerability arises from how SVG content is handled during user-related operations, allowing injected script when the SVG...

CVE-2023-25014

CVE-2023-25014 affects the TYPO3 femanager extension (pre-5.5.3, pre-6.3.4 in 6.x, and pre-7.1.0 in 7.x). The root cause is missing access checks in the InvitationController, enabling an unauthenticated user to delete all frontend users. Reported across multiple feeds (NVD, Red Hat, GHSA/OSV, etc...

CVE-2023-25013

The CVE-2023-25013 issue affects the TYPO3 femanager extension (versions: <5.5.3, <6.3.4 for 6.x, and