CVE-2022-47410

HIGH7.5EPSS 0.43%

"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data

Published: 12/14/2022Modified: 4/21/2025

Description

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.

Affected packages (1)

Packagist/fixpunkt/fp-newsletterfrom 0, < 1.1.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-47410
PATCHhttps://github.com/bihor/fp_newsletter
WEBhttps://typo3.org/security/advisory/typo3-ext-sa-2022-017