Powermail

powermail

Vendor: Alex Kellner • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-6288 1Alex Kellner 1Powermail May 6, 2026 Oct 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.
CVE-2014-3947 1Alex Kellner 1Powermail May 6, 2026 Oct 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessi...Show more Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.Show less
CVE-2014-3948 1Alex Kellner 1Powermail May 6, 2026 Jun 4, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified v...Show more Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2012-5889 1Alex Kellner 1Powermail Apr 29, 2026 Nov 17, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4892 1Alex Kellner 1Powermail Apr 29, 2026 Oct 7, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3687 1Alex Kellner 1Powermail Apr 29, 2026 Sep 29, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonst...Show more Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonstrated using the (1) Email and (2) URL fields.Show less
CVE-2010-3605 1Alex Kellner 1Powermail Apr 29, 2026 Sep 24, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3604 1Alex Kellner 1Powermail Apr 29, 2026 Sep 24, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0329 1Alex Kellner 1Powermail Apr 23, 2026 Jan 15, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."