Skip to main content

Dated News

4 CVEs product

Monthly

CVE-2021-36792 HIGH This Week

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dated News
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-36791 MEDIUM This Month

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dated News
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-36790 MEDIUM This Month

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dated News
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-36789 CRITICAL Act Now

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dated News
NVD
CVSS 3.1
9.8
EPSS
1.0%
EPSS 1% CVSS 7.2
HIGH This Week

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dated News
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dated News
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dated News
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dated News
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy