The extension fails to properly encode user input for output in HTML context (CVE-2021-36790) and contains a blind SQL injection vulnerability (CVE-2021-36789). It is also possible to confirm various applications (CVE-2021-36792) and thereby obtain all application registration data (CVE-2021-36791).
CPE | Name | Operator | Version |
---|---|---|---|
dated_news | le | 5.1.1 |