In2code

Powermail

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-47047

  • EPSS 0.54%
  • Veröffentlicht 17.09.2024 14:15:17
  • Zuletzt bearbeitet 17.03.2025 15:15:42

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use...

5.3

CVE-2024-45232

  • EPSS 0.22%
  • Veröffentlicht 29.08.2024 00:15:09
  • Zuletzt bearbeitet 30.08.2024 16:34:39

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the ...

9.8

CVE-2024-45233

  • EPSS 0.25%
  • Veröffentlicht 29.08.2024 00:15:09
  • Zuletzt bearbeitet 30.08.2024 16:33:56

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the ...

4.3

CVE-2008-2182

  • EPSS 0.4%
  • Veröffentlicht 13.05.2008 22:20:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the powermail extension before 1.1.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.