Vulnerabilities > MM Forum Project > MM Forum > 0.1.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-07 | CVE-2020-15516 | Cross-Site Request Forgery (CSRF) vulnerability in MM Forum Project MM Forum The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. | 5.8 |
2014-10-03 | CVE-2014-6299 | Cross-Site Request Forgery (CSRF) vulnerability in MM Forum Project MM Forum Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | 6.8 |
2014-10-03 | CVE-2014-6298 | Code Injection vulnerability in MM Forum Project MM Forum Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | 7.5 |
2014-10-03 | CVE-2014-6297 | Cross-Site Scripting vulnerability in MM Forum Project MM Forum Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |