MidnightBSD

Advisories for andreas_kiefer

CVE-2010-4890 MEDIUM

Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
andreas_kiefer ke_yac 1.0.3
andreas_kiefer ke_yac 1.0.5
andreas_kiefer ke_yac *
andreas_kiefer ke_yac 1.0.4
andreas_kiefer ke_yac 1.1.0
CVE-2010-4891 HIGH

SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
andreas_kiefer ke_yac 1.0.3
andreas_kiefer ke_yac 1.0.5
andreas_kiefer ke_yac *
andreas_kiefer ke_yac 1.0.4
andreas_kiefer ke_yac 1.1.0