Femanager
Monthly
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.