directmailteam/direct-mail

Packagist7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting directmailteam/direct-mailpage 1 of 1

CVE-2009-4159NONECVSS 0.0EG 0.0✓ Fixed in 2.6.5
2009-12-02
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script …
CVE-2013-7400HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.2
2017-12-29
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.
CVE-2019-16698MEDIUMCVSS 4.3EG 4.3✓ Fixed in 5.2.3
2019-10-16
vulnerable: 5.0 ... v5.1.1 (7 versions)
The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are sub…
CVE-2020-12697MEDIUMCVSS 5.3EG 5.3✓ Fixed in 5.2.4
2020-05-13
vulnerable: 5.0 ... v5.1.1 (8 versions)
The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.
CVE-2020-12698MEDIUMCVSS 4.3EG 4.3✓ Fixed in 5.2.4
2020-05-13
vulnerable: 5.0 ... v5.1.1 (8 versions)
The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables.
CVE-2020-12699MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.2.4
2020-05-13
vulnerable: 5.0 ... v5.1.1 (8 versions)
The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.
CVE-2020-12700MEDIUMCVSS 4.3EG 4.3✓ Fixed in 5.2.4
2020-05-13
vulnerable: 5.0 ... v5.1.1 (8 versions)
The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query.

Check whether directmailteam/direct-mail is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for directmailteam/direct-mail CVEs against the assets you own.

Start Free Scan →