Lucene search
TYPO3 AssociationTYPO3-EXT-SA-2021-013HistoryAug 10, 2021 - 12:00 a.m.
Multiple vulnerabilities in Extension "Dated News" (dated_news)
2021-08-1000:00:00
TYPO3 Association
typo3.org
31
0.002 Low
EPSS
Percentile
51.6%
The extension fails to properly encode user input for output in HTML context (CVE-2021-36790) and contains a blind SQL injection vulnerability (CVE-2021-36789). It is also possible to confirm various applications (CVE-2021-36792) and thereby obtain all application registration data (CVE-2021-36791).
| CPE | Name | Operator | Version |
|---|---|---|---|
| dated_news | le | 5.1.1 |
Related
cvelist
cvelist
nvd
nvd
cnvd
cnvd
TYPO3 Information Disclosure Vulnerability (CNVD-2022-17979)
2021-08-13 00:00:00
TYPO3 SQL Injection Vulnerability (CNVD-2022-17976)
2021-08-16 00:00:00
TYPO3 Cross-Site Scripting Vulnerability (CNVD-2022-17980)
2021-08-13 00:00:00
prion
prion
Cross site scripting
2021-08-13 17:15:00
Information disclosure
2021-08-13 17:15:00
Sql injection
2021-08-13 17:15:00
cve
cve