Aggregates CVE and security vulnerability intelligence across all mm_forum_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting and vendor risk csrf; exposure may include vendor impact session compromise in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-15516 | The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. | [email protected] | 5.4 | 0.05% | 2020-07-07 | 2024-11-21 |
| CVE-2014-6299 | Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | [email protected] | 6.8 | 0.11% | 2014-10-03 | 2026-05-06 |
| CVE-2014-6298 | Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | [email protected] | 7.5 | 1.88% | 2014-10-03 | 2026-05-06 |
| CVE-2014-6297 | Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 4.3 | 0.26% | 2014-10-03 | 2026-05-06 |