Christian Seifert

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions prior to 9.5.34 ELTS TYPO3 versions prior to 10.4.29 TYPO3 versions prior to 11.5.11 **Description** The issue concerns user-submitted content not being properly encoded in HTML emails sent to users. The affected components are mail clients used to view those messages. **Recommendations** For versions prior to 9.5.34 ELTS, update to version 9.5.34 ELTS or later. For versions prior to 10.4.29, update to version 10.4.29 or later. For versions prior to 11.5.11, update to version 11.5.11 or later.

**Name of the Vulnerable Software and Affected Versions** TYPO3 ClickStream Analyzer extension versions 0.3.0 and earlier **Description** The issue allows remote attackers to obtain sensitive information via unknown vectors. **Recommendations** For versions 0.3.0 and earlier, update to a version later than 0.3.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 ws ecard extension versions 1.0.2 and earlier **Description** A directory traversal issue exists in the Webesse E-Card (ws ecard) extension for TYPO3, allowing for remote attack vectors. The impact of this issue is not specified. **Recommendations** For versions 1.0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webesse E-Card (ws ecard) extension versions 1.0.2 and earlier **Description** The issue allows remote attackers to obtain sensitive information via unknown vectors. **Recommendations** For versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 twittersearch extension versions prior to 0.1.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 0.1.1, update to version 0.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Mailform extension versions prior to 0.9.24 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 0.9.24, update to version 0.9.24 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension gb fenewssubmit version 0.1.0 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions 0.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Myth download (myth download) extension version 0.1.0 for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Myth download (myth download) extension version 0.1.0, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** datamints newsticker extension versions prior to 0.7.2 for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 0.7.2, update to version 0.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension cwt resetbepassword versions 1.20 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 1.20 and earlier, update to a version later than 1.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CoolURI extension versions prior to 1.0.16 for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For CoolURI extension versions prior to 1.0.16, update to version 1.0.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension gb fenewssubmit version 0.1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 0.1.0 and earlier, update to a version later than 0.1.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Tour Extension (pm tour) versions prior to 0.0.13 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 0.0.13, update to version 0.0.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Webesse Image Gallery (ws gallery) extension versions 1.0.4 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 1.0.4 and earlier, update to a version later than 1.0.4 to resolve the issue.