All the vulnerabilites related to mischa_heimann - yatse
cve-2010-1004
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-17 04:04
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/yatse/0.3.2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38808 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/yatse/0.3.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38808"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1004",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-17T04:04:26.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1005
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://typo3.org/extensions/repository/view/yatse/0.3.2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38808 | vdb-entry, x_refsource_BID | |
| http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/yatse/0.3.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"name": "38808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38808"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1005",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:40:42.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mischa_heimann | yatse | * | |
| mischa_heimann | yatse | 0.1.0 | |
| mischa_heimann | yatse | 0.1.1 | |
| mischa_heimann | yatse | 0.2.0 | |
| mischa_heimann | yatse | 0.3.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F14F48-E60F-4272-BABA-6C1713A9D570",
"versionEndIncluding": "0.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FEEFF0-3DAE-4341-BC57-D7892B4B299A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07AEA64D-90F3-4FA3-AAFF-7576881CBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BC5038-053C-468E-92B0-DB9076CA2C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37818F8A-11D7-4ADA-91BF-72E166E19316",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la extensi\u00f3n Yet another TYPO3 search engine (YATSE) anterior a v0.3.2 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1004",
"lastModified": "2024-11-21T01:13:24.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T19:00:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38808"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mischa_heimann | yatse | * | |
| mischa_heimann | yatse | 0.1.0 | |
| mischa_heimann | yatse | 0.1.1 | |
| mischa_heimann | yatse | 0.2.0 | |
| mischa_heimann | yatse | 0.3.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F14F48-E60F-4272-BABA-6C1713A9D570",
"versionEndIncluding": "0.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FEEFF0-3DAE-4341-BC57-D7892B4B299A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07AEA64D-90F3-4FA3-AAFF-7576881CBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BC5038-053C-468E-92B0-DB9076CA2C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mischa_heimann:yatse:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37818F8A-11D7-4ADA-91BF-72E166E19316",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Yet another TYPO3 search engine (YATSE) anterior a v0.3.2 y anteriores para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1005",
"lastModified": "2024-11-21T01:13:24.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-19T19:00:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38808"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}