Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/typo3/cms@7.0.1

Type composer

Namespace typo3

Name cms

Version 7.0.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 9.5.25

Latest_non_vulnerable_version 12.2.0

Affected_by_vulnerabilities

url VCID-1u4r-r97q-3yfk

vulnerability_id VCID-1u4r-r97q-3yfk

summary Information Disclosure possibility exploitable by Editors.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005/

fixed_packages

url pkg:composer/typo3/cms@7.3.0

purl pkg:composer/typo3/cms@7.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-c57c-akce-xufq

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-j6x1-dfre-2bdq

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0

aliases GMS-2015-83

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1u4r-r97q-3yfk

url VCID-3ugj-6m1e-e3hr

vulnerability_id VCID-3ugj-6m1e-e3hr

summary

Cross-site Scripting
Cross-Site Scripting in Online Media Asset Rendering.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-006/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-006/

fixed_packages

url pkg:composer/typo3/cms@7.6.32

purl pkg:composer/typo3/cms@7.6.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-xw1s-93bu-wuh9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32

url pkg:composer/typo3/cms@8.7.21

purl pkg:composer/typo3/cms@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21

url pkg:composer/typo3/cms@9.5.2

purl pkg:composer/typo3/cms@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2

aliases GMS-2018-97

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugj-6m1e-e3hr

url VCID-5hm4-ms5p-uuae

vulnerability_id VCID-5hm4-ms5p-uuae

summary Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021

fixed_packages

url pkg:composer/typo3/cms@7.6.11

purl pkg:composer/typo3/cms@7.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.11

url pkg:composer/typo3/cms@8.0.0

purl pkg:composer/typo3/cms@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11u3-8xzy-jfhh

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-28fn-ncj5-2ufk

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2rhr-8vaz-hqfj

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-39vn-73mc-jqav

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4wnp-gusy-43b8

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5u2f-5zzf-j3e4

vulnerability	VCID-66kh-c1dm-8fbf

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-6su8-bbrw-hbhp

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-94r9-hh4g-jkej

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9726-hafj-wkay

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-9yu1-z7c2-t3fj

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-bq2j-t19h-zyad

vulnerability	VCID-bstt-ybrs-5ua3

vulnerability	VCID-buj5-2t53-3kcr

vulnerability	VCID-d6c2-upx1-e7cd

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-f319-jpf5-hyex

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fgqa-5fx9-nkaz

vulnerability	VCID-fh61-7rfy-s3hg

vulnerability	VCID-fqkc-utex-3kav

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-g7mm-vjbw-bbhd

vulnerability	VCID-gk79-jtuz-myh6

vulnerability	VCID-gpv4-4tpd-tbaa

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hyx9-8ae6-sba8

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-j8sh-5evd-dkaz

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jf28-91be-6kbr

vulnerability	VCID-jmea-qzsr-wkf4

vulnerability	VCID-jn38-wfec-7bb2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-jwb1-3sbg-kfa5

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-nvbp-pbjw-3qgx

vulnerability	VCID-p576-w7dd-p3h7

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q2ym-y2rz-1bdn

vulnerability	VCID-q52p-xfj8-gygd

vulnerability	VCID-q7vt-19eb-sqeq

vulnerability	VCID-qcnh-z4zh-myaw

vulnerability	VCID-qdxh-arxx-wbcr

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-sdz8-hju8-4bcb

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-teby-zvvw-zkhv

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-u5he-6tqb-gqaf

vulnerability	VCID-u6as-cwxc-pkhk

vulnerability	VCID-uq77-aax5-k7d8

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-w483-prq4-rycx

vulnerability	VCID-w58p-3wg1-7ycr

vulnerability	VCID-wat8-4m83-hken

vulnerability	VCID-wy45-2gmr-fkfg

100

vulnerability	VCID-x175-xjek-97ds

101

vulnerability	VCID-x5x1-w7yv-eye9

102

vulnerability	VCID-xh68-defe-f7ce

103

vulnerability	VCID-xpxg-qq49-b7fd

104

vulnerability	VCID-xvyu-2hb8-8ufh

105

vulnerability	VCID-xw1s-93bu-wuh9

106

vulnerability	VCID-y7ds-p5r2-yuhq

107

vulnerability	VCID-ygw4-jdqu-4fbt

108

vulnerability	VCID-yh6b-tc4u-v3bk

109

vulnerability	VCID-yn6z-9v7k-x7br

110

vulnerability	VCID-yz6t-ge1y-qfgr

111

vulnerability	VCID-zgfw-pk39-gyg8

112

vulnerability	VCID-zmwv-gwq3-fkej

113

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0

url pkg:composer/typo3/cms@8.3.1

purl pkg:composer/typo3/cms@8.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-d6c2-upx1-e7cd

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hg2n-xera-jkdh

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q52p-xfj8-gygd

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-wy45-2gmr-fkfg

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.3.1

aliases TYPO3-CORE-SA-2016-021

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hm4-ms5p-uuae

url VCID-7n9x-c9gs-9yb3

vulnerability_id VCID-7n9x-c9gs-9yb3

summary

Cross-site Scripting
Cross-Site Scripting in 3rd party library Flowplayer.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-007/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-007/

fixed_packages

url pkg:composer/typo3/cms@7.3.0

purl pkg:composer/typo3/cms@7.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-c57c-akce-xufq

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-j6x1-dfre-2bdq

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0

aliases GMS-2015-85

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7n9x-c9gs-9yb3

url VCID-8jcy-3kje-fqeh

vulnerability_id VCID-8jcy-3kje-fqeh

summary

Cache Flooding in Frontend
Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022

fixed_packages

url pkg:composer/typo3/cms@7.6.11

purl pkg:composer/typo3/cms@7.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.11

url pkg:composer/typo3/cms@8.0.0

purl pkg:composer/typo3/cms@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11u3-8xzy-jfhh

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-28fn-ncj5-2ufk

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2rhr-8vaz-hqfj

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-39vn-73mc-jqav

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4wnp-gusy-43b8

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5u2f-5zzf-j3e4

vulnerability	VCID-66kh-c1dm-8fbf

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-6su8-bbrw-hbhp

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-94r9-hh4g-jkej

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9726-hafj-wkay

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-9yu1-z7c2-t3fj

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-bq2j-t19h-zyad

vulnerability	VCID-bstt-ybrs-5ua3

vulnerability	VCID-buj5-2t53-3kcr

vulnerability	VCID-d6c2-upx1-e7cd

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-f319-jpf5-hyex

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fgqa-5fx9-nkaz

vulnerability	VCID-fh61-7rfy-s3hg

vulnerability	VCID-fqkc-utex-3kav

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-g7mm-vjbw-bbhd

vulnerability	VCID-gk79-jtuz-myh6

vulnerability	VCID-gpv4-4tpd-tbaa

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hyx9-8ae6-sba8

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-j8sh-5evd-dkaz

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jf28-91be-6kbr

vulnerability	VCID-jmea-qzsr-wkf4

vulnerability	VCID-jn38-wfec-7bb2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-jwb1-3sbg-kfa5

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-nvbp-pbjw-3qgx

vulnerability	VCID-p576-w7dd-p3h7

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q2ym-y2rz-1bdn

vulnerability	VCID-q52p-xfj8-gygd

vulnerability	VCID-q7vt-19eb-sqeq

vulnerability	VCID-qcnh-z4zh-myaw

vulnerability	VCID-qdxh-arxx-wbcr

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-sdz8-hju8-4bcb

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-teby-zvvw-zkhv

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-u5he-6tqb-gqaf

vulnerability	VCID-u6as-cwxc-pkhk

vulnerability	VCID-uq77-aax5-k7d8

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-w483-prq4-rycx

vulnerability	VCID-w58p-3wg1-7ycr

vulnerability	VCID-wat8-4m83-hken

vulnerability	VCID-wy45-2gmr-fkfg

100

vulnerability	VCID-x175-xjek-97ds

101

vulnerability	VCID-x5x1-w7yv-eye9

102

vulnerability	VCID-xh68-defe-f7ce

103

vulnerability	VCID-xpxg-qq49-b7fd

104

vulnerability	VCID-xvyu-2hb8-8ufh

105

vulnerability	VCID-xw1s-93bu-wuh9

106

vulnerability	VCID-y7ds-p5r2-yuhq

107

vulnerability	VCID-ygw4-jdqu-4fbt

108

vulnerability	VCID-yh6b-tc4u-v3bk

109

vulnerability	VCID-yn6z-9v7k-x7br

110

vulnerability	VCID-yz6t-ge1y-qfgr

111

vulnerability	VCID-zgfw-pk39-gyg8

112

vulnerability	VCID-zmwv-gwq3-fkej

113

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0

url pkg:composer/typo3/cms@8.3.1

purl pkg:composer/typo3/cms@8.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-d6c2-upx1-e7cd

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hg2n-xera-jkdh

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q52p-xfj8-gygd

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-wy45-2gmr-fkfg

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.3.1

aliases TYPO3-CORE-SA-2016-022

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jcy-3kje-fqeh

url VCID-953t-q1cr-zyd6

vulnerability_id VCID-953t-q1cr-zyd6

summary

Cross-site Scripting
Cross-Site Scripting in Backend Modal Component.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-007/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-007/

fixed_packages

url pkg:composer/typo3/cms@7.6.32

purl pkg:composer/typo3/cms@7.6.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-xw1s-93bu-wuh9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32

url pkg:composer/typo3/cms@8.7.21

purl pkg:composer/typo3/cms@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21

url pkg:composer/typo3/cms@9.5.2

purl pkg:composer/typo3/cms@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2

aliases GMS-2018-98

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-953t-q1cr-zyd6

url VCID-abjx-8v46-d7d8

vulnerability_id VCID-abjx-8v46-d7d8

summary

Improper Authentication
Authentication Bypass in TYPO3 CMS.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-001/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-001/

fixed_packages

url pkg:composer/typo3/cms@7.6.30

purl pkg:composer/typo3/cms@7.6.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30

url pkg:composer/typo3/cms@8.7.17

purl pkg:composer/typo3/cms@8.7.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17

url pkg:composer/typo3/cms@9.3.2

purl pkg:composer/typo3/cms@9.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2

aliases GMS-2018-93

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-abjx-8v46-d7d8

url VCID-ansr-8m5j-pya6

vulnerability_id VCID-ansr-8m5j-pya6

summary

Cross-site Scripting
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/

fixed_packages

url pkg:composer/typo3/cms@7.6.1

purl pkg:composer/typo3/cms@7.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-dd9u-w2y2-87h9

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-exjy-5cyn-zfg1

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-g9ns-sxkx-aqh1

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-s97a-nmk8-y3ay

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y1ap-y4az-x7ec

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1

aliases GMS-2015-87

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ansr-8m5j-pya6

url VCID-c57c-akce-xufq

vulnerability_id VCID-c57c-akce-xufq

summary

Cross-Site Scripting Vulnerability
It has been discovered, that it is possible to forge a link to a backend module, which contains a JavaScript payload. This JavaScript is executed, if an authenticated editor with access to the module follows the link that, is tricked to click on a certain HTML target. Because TYPO3 include a secret token unknown to an attacker in every URL, an exploit would not be feasible for these versions.

references

reference_url

http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5956

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.37817
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5956

reference_url

http://seclists.org/fulldisclosure/2015/Sep/57

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2015/Sep/57

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2015-5956.yaml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2015-5956.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5956

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5956

reference_url	https://review.typo3.org/#/c/43122/
reference_id
reference_type
scores
url	https://review.typo3.org/#/c/43122/

reference_url

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/

reference_url

http://www.securityfocus.com/archive/1/536464/100/0/threaded

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/archive/1/536464/100/0/threaded

reference_url

http://www.securitytracker.com/id/1033551

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1033551

fixed_packages

url pkg:composer/typo3/cms@7.4.0

purl pkg:composer/typo3/cms@7.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.4.0

aliases CVE-2015-5956, GHSA-989h-wv8x-933p

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c57c-akce-xufq

url VCID-dsqm-9q3e-dudw

vulnerability_id VCID-dsqm-9q3e-dudw

summary

Uncontrolled Resource Consumption
Denial of Service in Online Media Asset Handling.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-011/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-011/

fixed_packages

url pkg:composer/typo3/cms@7.6.32

purl pkg:composer/typo3/cms@7.6.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-xw1s-93bu-wuh9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32

url pkg:composer/typo3/cms@8.7.21

purl pkg:composer/typo3/cms@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21

url pkg:composer/typo3/cms@9.5.2

purl pkg:composer/typo3/cms@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2

aliases GMS-2018-102

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsqm-9q3e-dudw

url VCID-dwjk-7sqh-hqa8

vulnerability_id VCID-dwjk-7sqh-hqa8

summary Frontend login Session Fixation.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003/

fixed_packages

url pkg:composer/typo3/cms@7.3.0

purl pkg:composer/typo3/cms@7.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-c57c-akce-xufq

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-j6x1-dfre-2bdq

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0

aliases GMS-2015-81

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dwjk-7sqh-hqa8

url VCID-e1gr-txgg-fqa6

vulnerability_id VCID-e1gr-txgg-fqa6

summary

Information Exposure
Frontend: Unauthenticated Path Disclosure.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/

fixed_packages

url pkg:composer/typo3/cms@7.3.0

purl pkg:composer/typo3/cms@7.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-c57c-akce-xufq

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-j6x1-dfre-2bdq

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0

aliases GMS-2015-86

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e1gr-txgg-fqa6

url VCID-e82x-2cdb-7fgn

vulnerability_id VCID-e82x-2cdb-7fgn

summary

Cross-site Scripting
Cross-Site Scripting vulnerability in typolinks.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/

fixed_packages

url pkg:composer/typo3/cms@7.6.1

purl pkg:composer/typo3/cms@7.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-dd9u-w2y2-87h9

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-exjy-5cyn-zfg1

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-g9ns-sxkx-aqh1

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-s97a-nmk8-y3ay

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y1ap-y4az-x7ec

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1

aliases GMS-2015-88

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e82x-2cdb-7fgn

url VCID-ec17-eauu-67d3

vulnerability_id VCID-ec17-eauu-67d3

summary

Improper Restriction of Excessive Authentication Attempts
Brute Force Protection Bypass in backend login.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/

fixed_packages

url pkg:composer/typo3/cms@7.3.0

purl pkg:composer/typo3/cms@7.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-c57c-akce-xufq

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-j6x1-dfre-2bdq

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0

aliases GMS-2015-84

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec17-eauu-67d3

url VCID-ev4k-5k1d-2bhu

vulnerability_id VCID-ev4k-5k1d-2bhu

summary

URL Redirection to Untrusted Site (Open Redirect)
Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21338

reference_id

reference_type

scores

value	0.00253
scoring_system	epss
scoring_elements	0.48774
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21338

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp

reference_url

https://packagist.org/packages/typo3/cms-core

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-core

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-001

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-001

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21338

reference_id

CVE-2021-21338

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21338

fixed_packages

url pkg:composer/typo3/cms@7.6.51

purl pkg:composer/typo3/cms@7.6.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51

url pkg:composer/typo3/cms@8.7.40

purl pkg:composer/typo3/cms@8.7.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40

url	pkg:composer/typo3/cms@9.5.25
purl	pkg:composer/typo3/cms@9.5.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25

url	pkg:composer/typo3/cms@10.4.14
purl	pkg:composer/typo3/cms@10.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14

url	pkg:composer/typo3/cms@11.1.1
purl	pkg:composer/typo3/cms@11.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1

aliases CVE-2021-21338, GHSA-4jhw-2p6j-5wmp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev4k-5k1d-2bhu

url VCID-fdnw-2tz5-4fdr

vulnerability_id VCID-fdnw-2tz5-4fdr

summary

Uncontrolled Resource Consumption
Denial of Service in Frontend Record Registration.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-012/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-012/

fixed_packages

url pkg:composer/typo3/cms@7.6.32

purl pkg:composer/typo3/cms@7.6.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-xw1s-93bu-wuh9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32

url pkg:composer/typo3/cms@8.7.21

purl pkg:composer/typo3/cms@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21

url pkg:composer/typo3/cms@9.0.0

purl pkg:composer/typo3/cms@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11u3-8xzy-jfhh

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-28fn-ncj5-2ufk

vulnerability	VCID-2rhr-8vaz-hqfj

vulnerability	VCID-39vn-73mc-jqav

vulnerability	VCID-3k2k-a3gb-n3ba

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-66kh-c1dm-8fbf

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-94r9-hh4g-jkej

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-9yu1-z7c2-t3fj

vulnerability	VCID-a1g9-pyz5-9fca

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-buj5-2t53-3kcr

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-f319-jpf5-hyex

vulnerability	VCID-f4n7-q72x-3yea

vulnerability	VCID-fpa2-ffg1-fyaa

vulnerability	VCID-fqkc-utex-3kav

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-gpv4-4tpd-tbaa

vulnerability	VCID-hknp-f88a-kqec

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-je4q-svfw-hqda

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jwb1-3sbg-kfa5

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p576-w7dd-p3h7

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q2t1-kx56-s3c3

vulnerability	VCID-q7vt-19eb-sqeq

vulnerability	VCID-qcnh-z4zh-myaw

vulnerability	VCID-qdxh-arxx-wbcr

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-teby-zvvw-zkhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-u6as-cwxc-pkhk

vulnerability	VCID-uq77-aax5-k7d8

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-w1wb-mq2y-dfca

vulnerability	VCID-w7z1-aw31-vugx

vulnerability	VCID-wat8-4m83-hken

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xvyu-2hb8-8ufh

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-yh6b-tc4u-v3bk

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zgfw-pk39-gyg8

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0

aliases GMS-2018-103

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdnw-2tz5-4fdr

url VCID-fqkx-v8t5-q3h6

vulnerability_id VCID-fqkx-v8t5-q3h6

summary

Cleartext Storage of Sensitive Information
User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21339

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32224
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21339

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch

reference_url

https://packagist.org/packages/typo3/cms-core

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-core

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-006

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-006

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21339

reference_id

CVE-2021-21339

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21339

fixed_packages

url pkg:composer/typo3/cms@7.6.51

purl pkg:composer/typo3/cms@7.6.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51

url pkg:composer/typo3/cms@8.7.40

purl pkg:composer/typo3/cms@8.7.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40

url	pkg:composer/typo3/cms@9.5.25
purl	pkg:composer/typo3/cms@9.5.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25

url	pkg:composer/typo3/cms@10.4.14
purl	pkg:composer/typo3/cms@10.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14

url	pkg:composer/typo3/cms@11.1.1
purl	pkg:composer/typo3/cms@11.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1

aliases CVE-2021-21339, GHSA-qx3w-4864-94ch

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkx-v8t5-q3h6

url VCID-hp99-ncuh-6ugv

vulnerability_id VCID-hp99-ncuh-6ugv

summary

Cross-site Scripting
Cross-Site Scripting in Frontend User Login.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-008/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-008/

fixed_packages

url pkg:composer/typo3/cms@7.6.32

purl pkg:composer/typo3/cms@7.6.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-xw1s-93bu-wuh9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32

url pkg:composer/typo3/cms@8.7.21

purl pkg:composer/typo3/cms@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21

url pkg:composer/typo3/cms@9.5.2

purl pkg:composer/typo3/cms@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2

aliases GMS-2018-99

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hp99-ncuh-6ugv

url VCID-j6x1-dfre-2bdq

vulnerability_id VCID-j6x1-dfre-2bdq

summary

Unauthenticated Path Disclosure
It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation.

references

reference_url	https://review.typo3.org/#/c/43120/
reference_id
reference_type
scores
url	https://review.typo3.org/#/c/43120/

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/

fixed_packages

url pkg:composer/typo3/cms@7.4.0

purl pkg:composer/typo3/cms@7.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.4.0

aliases GMS-2015-25

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6x1-dfre-2bdq

url VCID-jp1p-rfxa-hyd9

vulnerability_id VCID-jp1p-rfxa-hyd9

summary

Cross-site Scripting
Content elements of type `_menu_` are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21370

reference_id

reference_type

scores

value	0.00342
scoring_system	epss
scoring_elements	0.57112
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21370

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml

reference_url

https://packagist.org/packages/typo3/cms-backend

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-backend

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-008

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-008

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21370

reference_id

CVE-2021-21370

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21370

reference_url	https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
reference_id	GHSA-x7hc-x7fm-f7qh
reference_type
scores
url	https://github.com/advisories/GHSA-x7hc-x7fm-f7qh

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh

reference_id

GHSA-x7hc-x7fm-f7qh

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh

fixed_packages

url pkg:composer/typo3/cms@7.6.51

purl pkg:composer/typo3/cms@7.6.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51

url pkg:composer/typo3/cms@8.7.40

purl pkg:composer/typo3/cms@8.7.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40

url	pkg:composer/typo3/cms@9.5.25
purl	pkg:composer/typo3/cms@9.5.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25

url	pkg:composer/typo3/cms@10.4.14
purl	pkg:composer/typo3/cms@10.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14

url	pkg:composer/typo3/cms@11.1.1
purl	pkg:composer/typo3/cms@11.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1

aliases CVE-2021-21370, GHSA-x7hc-x7fm-f7qh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jp1p-rfxa-hyd9

url VCID-jq5y-7h9g-mufa

vulnerability_id VCID-jq5y-7h9g-mufa

summary Information Disclosure in Install Tool.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-010/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-010/

fixed_packages

url pkg:composer/typo3/cms@7.6.32

purl pkg:composer/typo3/cms@7.6.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-xw1s-93bu-wuh9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32

url pkg:composer/typo3/cms@8.7.21

purl pkg:composer/typo3/cms@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21

url pkg:composer/typo3/cms@9.5.2

purl pkg:composer/typo3/cms@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2

aliases GMS-2018-101

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jq5y-7h9g-mufa

url VCID-n18b-qe5x-z7cj

vulnerability_id VCID-n18b-qe5x-z7cj

summary

Cross-Site Scripting vulnerability in typolinks
All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme "javascript:".

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/

fixed_packages

url pkg:composer/typo3/cms@7.6.1

purl pkg:composer/typo3/cms@7.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-dd9u-w2y2-87h9

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-exjy-5cyn-zfg1

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-g9ns-sxkx-aqh1

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-s97a-nmk8-y3ay

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y1ap-y4az-x7ec

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1

aliases TYPO3-CORE-SA-2015-012

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n18b-qe5x-z7cj

url VCID-nhjv-nke2-2kf8

vulnerability_id VCID-nhjv-nke2-2kf8

summary

Missing Access Check
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.

references

reference_url	https://github.com/TYPO3/TYPO3.CMS/commit/21ed4054212babb7ec75d80a24f95c6ba25bd2fb
reference_id
reference_type
scores
url	https://github.com/TYPO3/TYPO3.CMS/commit/21ed4054212babb7ec75d80a24f95c6ba25bd2fb

reference_url	https://github.com/TYPO3/TYPO3.CMS/commit/404f09d491c96b294ded5e2741277dfbeba92807
reference_id
reference_type
scores
url	https://github.com/TYPO3/TYPO3.CMS/commit/404f09d491c96b294ded5e2741277dfbeba92807

reference_url	https://github.com/TYPO3/TYPO3.CMS/commit/c10db60dfc87c33542c418fa316754a5309c3e26
reference_id
reference_type
scores
url	https://github.com/TYPO3/TYPO3.CMS/commit/c10db60dfc87c33542c418fa316754a5309c3e26

reference_url	https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/
reference_id
reference_type
scores
url	https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/

fixed_packages

url pkg:composer/typo3/cms@7.6.8

purl pkg:composer/typo3/cms@7.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-dd9u-w2y2-87h9

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.8

url pkg:composer/typo3/cms@8.1.1

purl pkg:composer/typo3/cms@8.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-d6c2-upx1-e7cd

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-gk79-jtuz-myh6

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q52p-xfj8-gygd

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-wy45-2gmr-fkfg

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zmwv-gwq3-fkej

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.1.1

aliases TYPO3-CORE-SA-2016-013

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhjv-nke2-2kf8

url VCID-njsj-bwjq-fyap

vulnerability_id VCID-njsj-bwjq-fyap

summary Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-002/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-002/

fixed_packages

url pkg:composer/typo3/cms@7.6.30

purl pkg:composer/typo3/cms@7.6.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30

url pkg:composer/typo3/cms@8.7.17

purl pkg:composer/typo3/cms@8.7.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17

url pkg:composer/typo3/cms@9.3.2

purl pkg:composer/typo3/cms@9.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2

aliases GMS-2018-94

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njsj-bwjq-fyap

url VCID-nqqc-nkwq-rqhx

vulnerability_id VCID-nqqc-nkwq-rqhx

summary

Cross-site Scripting
`svg.swf` in TYPO3 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a `contrib/websvg/svg.swf` pathname.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8091

reference_id

reference_type

scores

value	0.20517
scoring_system	epss
scoring_elements	0.95671
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8091

reference_url

https://github.com/TYPO3/typo3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3

reference_url

https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst

reference_url

https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c

reference_url

https://typo3.org/security/advisory/typo3-psa-2019-003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-psa-2019-003

reference_url

https://www.purplemet.com/blog/typo3-xss-vulnerability

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.purplemet.com/blog/typo3-xss-vulnerability

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8091

reference_id

CVE-2020-8091

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8091

fixed_packages

url pkg:composer/typo3/cms@7.2.0

purl pkg:composer/typo3/cms@7.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u4r-r97q-3yfk

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-7n9x-c9gs-9yb3

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-c57c-akce-xufq

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-dwjk-7sqh-hqa8

vulnerability	VCID-e1gr-txgg-fqa6

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ec17-eauu-67d3

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-j6x1-dfre-2bdq

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-q5f3-nhjn-hyb4

vulnerability	VCID-rae3-cugy-hbh5

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.2.0

aliases CVE-2020-8091, GHSA-qvhv-pwww-53jj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqqc-nkwq-rqhx

url VCID-p7gd-anw2-1qbz

vulnerability_id VCID-p7gd-anw2-1qbz

summary

Deserialization of Untrusted Data
It has been discovered that the classes `QueryGenerator` and `QueryView` are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension `ext:lowlevel` (Backend Module `DB Check`) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension `ext:sys_action` installed, with a valid backend user who has limited privileges.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19849

reference_id

reference_type

scores

value	0.00746
scoring_system	epss
scoring_elements	0.7342
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19849

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml

reference_url

https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2019-026

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2019-026

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-026/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-026/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-19849

reference_id

CVE-2019-19849

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19849

fixed_packages

url pkg:composer/typo3/cms@8.7.30

purl pkg:composer/typo3/cms@8.7.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30

url pkg:composer/typo3/cms@9.5.12

purl pkg:composer/typo3/cms@9.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-bcbd-zzet-mff6

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12

url pkg:composer/typo3/cms@10.2.1

purl pkg:composer/typo3/cms@10.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-2tz2-8qdm-2kcv

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6urp-p9mn-cffv

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-bcbd-zzet-mff6

vulnerability	VCID-c46m-ht19-ybc4

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-r3az-g422-gqf9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1

url pkg:composer/typo3/cms@10.2.2

purl pkg:composer/typo3/cms@10.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-2tz2-8qdm-2kcv

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6urp-p9mn-cffv

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-bcbd-zzet-mff6

vulnerability	VCID-c46m-ht19-ybc4

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-r3az-g422-gqf9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2

aliases CVE-2019-19849, GHSA-rcgc-4xfc-564v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p7gd-anw2-1qbz

url VCID-q5f3-nhjn-hyb4

vulnerability_id VCID-q5f3-nhjn-hyb4

summary

Cross-site Scripting
Cross-Site Scripting exploitable by Editors.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004/

fixed_packages

url pkg:composer/typo3/cms@7.3.0

purl pkg:composer/typo3/cms@7.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-c57c-akce-xufq

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-j6x1-dfre-2bdq

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0

aliases GMS-2015-82

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q5f3-nhjn-hyb4

url VCID-rae3-cugy-hbh5

vulnerability_id VCID-rae3-cugy-hbh5

summary

Improper Access Control
Access bypass when editing file metadata.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/

fixed_packages

url pkg:composer/typo3/cms@7.3.0

purl pkg:composer/typo3/cms@7.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-ansr-8m5j-pya6

vulnerability	VCID-c57c-akce-xufq

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e82x-2cdb-7fgn

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-j6x1-dfre-2bdq

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-n18b-qe5x-z7cj

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-u6h1-ccgw-jqds

vulnerability	VCID-ub3e-hrb1-wqac

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-wms8-dnuz-b3hc

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-yz6t-ge1y-qfgr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0

aliases GMS-2015-80

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rae3-cugy-hbh5

url VCID-u6h1-ccgw-jqds

vulnerability_id VCID-u6h1-ccgw-jqds

summary

Cross-site Scripting
Multiple Cross-Site Scripting vulnerabilities in frontend.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/

fixed_packages

url pkg:composer/typo3/cms@7.6.1

purl pkg:composer/typo3/cms@7.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-dd9u-w2y2-87h9

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-exjy-5cyn-zfg1

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-g9ns-sxkx-aqh1

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-s97a-nmk8-y3ay

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y1ap-y4az-x7ec

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1

aliases GMS-2015-89

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u6h1-ccgw-jqds

url VCID-ub3e-hrb1-wqac

vulnerability_id VCID-ub3e-hrb1-wqac

summary

Multiple Cross-Site Scripting vulnerabilities in frontend
Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/

fixed_packages

url pkg:composer/typo3/cms@7.6.1

purl pkg:composer/typo3/cms@7.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-dd9u-w2y2-87h9

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-exjy-5cyn-zfg1

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-g9ns-sxkx-aqh1

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-s97a-nmk8-y3ay

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y1ap-y4az-x7ec

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1

aliases TYPO3-CORE-SA-2015-013

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ub3e-hrb1-wqac

url VCID-vq15-t92r-5bhx

vulnerability_id VCID-vq15-t92r-5bhx

summary

Cross-site Scripting
The page module in TYPO3 is vulnerable to XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-6905

reference_id

reference_type

scores

value	0.02274
scoring_system	epss
scoring_elements	0.8496
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-6905

reference_url

https://forge.typo3.org/issues/84191

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forge.typo3.org/issues/84191

reference_url

https://github.com/pradeepjairamani/TYPO3-XSS-POC

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pradeepjairamani/TYPO3-XSS-POC

reference_url

https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35

reference_url

http://www.securitytracker.com/id/1040755

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1040755

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-6905

reference_id

CVE-2018-6905

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-6905

fixed_packages

url pkg:composer/typo3/cms@8.7.11

purl pkg:composer/typo3/cms@8.7.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-je4q-svfw-hqda

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-w1wb-mq2y-dfca

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.11

url pkg:composer/typo3/cms@9.1.0

purl pkg:composer/typo3/cms@9.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-je4q-svfw-hqda

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-w1wb-mq2y-dfca

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.1.0

url pkg:composer/typo3/cms@9.2.0

purl pkg:composer/typo3/cms@9.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-je4q-svfw-hqda

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-w1wb-mq2y-dfca

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.2.0

aliases CVE-2018-6905, GHSA-3w22-wrwx-2r75

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq15-t92r-5bhx

url VCID-wms8-dnuz-b3hc

vulnerability_id VCID-wms8-dnuz-b3hc

summary

Multiple Cross-Site Scripting vulnerabilities in backend
Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.

references

reference_url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
reference_id
reference_type
scores
url	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/

fixed_packages

url pkg:composer/typo3/cms@7.6.1

purl pkg:composer/typo3/cms@7.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-dd9u-w2y2-87h9

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-exjy-5cyn-zfg1

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-g9ns-sxkx-aqh1

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-s97a-nmk8-y3ay

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y1ap-y4az-x7ec

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1

aliases TYPO3-CORE-SA-2015-011

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wms8-dnuz-b3hc

url VCID-xw1s-93bu-wuh9

vulnerability_id VCID-xw1s-93bu-wuh9

summary

Path Traversal
It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19848

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59393
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19848

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml

reference_url

https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2019-024

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2019-024

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-024/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-024/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-19848

reference_id

CVE-2019-19848

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19848

fixed_packages

url pkg:composer/typo3/cms@8.7.30

purl pkg:composer/typo3/cms@8.7.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30

url pkg:composer/typo3/cms@9.5.12

purl pkg:composer/typo3/cms@9.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-bcbd-zzet-mff6

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12

url pkg:composer/typo3/cms@10.2.2

purl pkg:composer/typo3/cms@10.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-2tz2-8qdm-2kcv

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6urp-p9mn-cffv

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-bcbd-zzet-mff6

vulnerability	VCID-c46m-ht19-ybc4

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-r3az-g422-gqf9

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2

aliases CVE-2019-19848, GHSA-77p4-wfr8-977w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw1s-93bu-wuh9

url VCID-yz6t-ge1y-qfgr

vulnerability_id VCID-yz6t-ge1y-qfgr

summary Security Misconfiguration in Install Tool Cookie.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-009/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-009/

fixed_packages

url pkg:composer/typo3/cms@7.6.32

purl pkg:composer/typo3/cms@7.6.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-xw1s-93bu-wuh9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32

url pkg:composer/typo3/cms@8.7.21

purl pkg:composer/typo3/cms@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21

url pkg:composer/typo3/cms@9.5.2

purl pkg:composer/typo3/cms@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-3ye6-vqje-abh4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4jck-w9ct-budk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-7xv1-78u7-xufp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-9adx-p876-kyb5

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cvk2-93hm-gkhx

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2

aliases GMS-2018-100

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz6t-ge1y-qfgr

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.1

Package Instance