CVE Tools

in2code

Web & CMS Pluginscommercial

1

Cumulative CVEs

1

Monthly snapshots

#145

Peak rank

Top products

Latest CVEs

The 10 most recently published vulnerabilities affecting in2code.

CVE-2024-47047An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in som...7.5Sep 17, 2024
CVE-2024-45233An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, ...9.8Aug 28, 2024
CVE-2024-45232An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An ...5.3Aug 28, 2024
CVE-2022-44543The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form...5.3Dec 12, 2023
CVE-2023-25014An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to...8.6Feb 2, 2023
CVE-2023-25013An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to...8.6Feb 2, 2023
CVE-2022-35628A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.9.8Jul 12, 2022
CVE-2021-36787The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.5.4Aug 13, 2021
CVE-2014-6292The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors.6.4Oct 3, 2014
CVE-2008-2182Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3May 13, 2008