Security Vulnerabilities - CVEs Published In August 2021
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-13
The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-08-13
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-13
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-08-13
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-13
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-08-13
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
CVSS Score
7.2
EPSS Score
0.002
Published
2021-08-13
The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-13
The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-08-13
The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-13