{"url":"http://public2.vulnerablecode.io/api/packages/383947?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@3.2.6","type":"composer","namespace":"fixpunkt","name":"fp-newsletter","version":"3.2.6","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172929?format=json","vulnerability_id":"VCID-1ddx-u96n-dyaq","summary":"An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47408","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36446","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36252","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36457","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36432","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47408"},{"reference_url":"https://github.com/bihor/fp_newsletter","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bihor/fp_newsletter"},{"reference_url":"https://github.com/bihor/fp_newsletter/commit/bc673cd9ab04f3fdd1225303f2ccb378b11a3747","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bihor/fp_newsletter/commit/bc673cd9ab04f3fdd1225303f2ccb378b11a3747"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/fixpunkt/fp-newsletter/CVE-2022-47408.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/fixpunkt/fp-newsletter/CVE-2022-47408.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47408","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47408"},{"reference_url":"https://github.com/advisories/GHSA-f683-35w9-28g5","reference_id":"GHSA-f683-35w9-28g5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f683-35w9-28g5"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2022-017","reference_id":"typo3-ext-sa-2022-017","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T18:56:22Z/"}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2022-017"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383949?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@1.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/383948?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@2.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/383947?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@3.2.6"}],"aliases":["CVE-2022-47408","GHSA-f683-35w9-28g5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ddx-u96n-dyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173022?format=json","vulnerability_id":"VCID-sna2-mkjt-gffw","summary":"An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47410","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63067","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63063","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62953","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63055","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47410"},{"reference_url":"https://github.com/bihor/fp_newsletter","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bihor/fp_newsletter"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47410","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47410"},{"reference_url":"https://github.com/advisories/GHSA-vxmc-qg5x-pvfx","reference_id":"GHSA-vxmc-qg5x-pvfx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxmc-qg5x-pvfx"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2022-017","reference_id":"typo3-ext-sa-2022-017","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T18:49:49Z/"}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2022-017"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383949?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@1.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/383948?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@2.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/383947?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@3.2.6"}],"aliases":["CVE-2022-47410","GHSA-vxmc-qg5x-pvfx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sna2-mkjt-gffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173083?format=json","vulnerability_id":"VCID-xb4h-e19h-rqdc","summary":"An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47409","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55934","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.56055","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.5607","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.56056","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47409"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47409","reference_id":"CVE-2022-47409","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47409"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2022-017","reference_id":"typo3-ext-sa-2022-017","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T18:51:39Z/"}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2022-017"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383949?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@1.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/383948?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@2.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/383947?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@3.2.6"}],"aliases":["CVE-2022-47409"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xb4h-e19h-rqdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172995?format=json","vulnerability_id":"VCID-y6yh-9yv4-gqev","summary":"An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47411","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63063","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62953","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63067","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63055","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47411"},{"reference_url":"https://github.com/bihor/fp_newsletter","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bihor/fp_newsletter"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47411","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47411"},{"reference_url":"https://github.com/advisories/GHSA-r44w-pfx8-28jv","reference_id":"GHSA-r44w-pfx8-28jv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r44w-pfx8-28jv"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2022-017","reference_id":"typo3-ext-sa-2022-017","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T18:48:40Z/"}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2022-017"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383949?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@1.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/383948?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@2.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/383947?format=json","purl":"pkg:composer/fixpunkt/fp-newsletter@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@3.2.6"}],"aliases":["CVE-2022-47411","GHSA-r44w-pfx8-28jv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6yh-9yv4-gqev"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fixpunkt/fp-newsletter@3.2.6"}