SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kennziffer | ke_search | * |
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kennziffer | ke_search | 1.1.0 |
| kennziffer | ke_search | 1.2.0 |
| kennziffer | ke_search | 0.2.0 |
| kennziffer | ke_search | 1.3.0 |
| kennziffer | ke_search | * |
| kennziffer | ke_search | 0.1.1 |
| kennziffer | ke_search | 0.3.0 |
| kennziffer | ke_search | 1.1.1 |
| kennziffer | ke_search | 1.0.1 |
| kennziffer | ke_search | 1.0.0 |
| kennziffer | ke_search | 1.0.2 |
| kennziffer | ke_search | 1.3.1 |
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kennziffer | ke_dompdf | * |
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kennziffer | statistics | * |
The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kennziffer | ke_questionnaire | * |