CVEDB API

Vulnerabilities

Vulnerable Software

Kennziffer: Security Vulnerabilities

CVE-2014-8874

The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request.

CVSS Score

5.0

EPSS Score

0.003

Published

2014-12-02

CVE-2014-6293

SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.

CVSS Score

7.5

EPSS Score

0.004

Published

2014-10-03

CVE-2014-6235

Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS Score

7.5

EPSS Score

0.07

Published

2014-09-11

CVE-2013-5302

SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.007

Published

2013-08-16

CVE-2013-5307

Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.005

Published

2013-08-16

Page 1

Vulnerabilities

Vulnerable Software

Kennziffer: Security Vulnerabilities

Products

Pricing

Contact Us