Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36791 | 1 Dated News Project | 1 Dated News | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data. | |||||
CVE-2021-36790 | 1 Dated News Project | 1 Dated News | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. | |||||
CVE-2021-36789 | 1 Dated News Project | 1 Dated News | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. | |||||
CVE-2021-36792 | 1 Dated News Project | 1 Dated News | 2024-02-28 | 6.4 MEDIUM | 7.2 HIGH |
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. |