Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms@7.6.14
Typecomposer
Namespacetypo3
Namecms
Version7.6.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.4.35
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-28fn-ncj5-2ufk
vulnerability_id VCID-28fn-ncj5-2ufk
summary 
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (`*.youtube` and `*.vimeo` files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c
3
reference_url https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5
4
reference_url https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-006
6
reference_url https://github.com/advisories/GHSA-8m6j-p5jv-v69w
reference_id GHSA-8m6j-p5jv-v69w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8m6j-p5jv-v69w
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-8m6j-p5jv-v69w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28fn-ncj5-2ufk
1
url VCID-2rhr-8vaz-hqfj
vulnerability_id VCID-2rhr-8vaz-hqfj
summary 
Cross-site Scripting
TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.52109
published_at 2026-06-05T12:55:00Z
1
value 0.00284
scoring_system epss
scoring_elements 0.52048
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
reference_id CVE-2021-32768
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
fixed_packages
0
url pkg:composer/typo3/cms@7.6.53
purl pkg:composer/typo3/cms@7.6.53
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.53
1
url pkg:composer/typo3/cms@8.7.42
purl pkg:composer/typo3/cms@8.7.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.42
2
url pkg:composer/typo3/cms@9.5.29
purl pkg:composer/typo3/cms@9.5.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-6a22-c7x5-sqe2
3
vulnerability VCID-hsw8-nbs6-auaa
4
vulnerability VCID-tzpj-j3x1-ekgk
5
vulnerability VCID-un7r-8sah-33cr
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.29
3
url pkg:composer/typo3/cms@10.4.19
purl pkg:composer/typo3/cms@10.4.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-36cz-khgc-6fft
4
vulnerability VCID-6a22-c7x5-sqe2
5
vulnerability VCID-6hnx-p9hv-jbg2
6
vulnerability VCID-6xgm-uan4-u7fu
7
vulnerability VCID-9c49-n1a2-pubu
8
vulnerability VCID-e4zc-fmh2-n7b8
9
vulnerability VCID-fyyr-48a7-8qch
10
vulnerability VCID-gbev-1zs8-8bac
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-tzpj-j3x1-ekgk
13
vulnerability VCID-un7r-8sah-33cr
14
vulnerability VCID-x8qf-w4vq-mfhm
15
vulnerability VCID-x8tq-5na6-gfbj
16
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.19
4
url pkg:composer/typo3/cms@11.3.2
purl pkg:composer/typo3/cms@11.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-36cz-khgc-6fft
4
vulnerability VCID-6a22-c7x5-sqe2
5
vulnerability VCID-6hnx-p9hv-jbg2
6
vulnerability VCID-6xgm-uan4-u7fu
7
vulnerability VCID-9c49-n1a2-pubu
8
vulnerability VCID-b9sw-6tzm-3yhj
9
vulnerability VCID-e4zc-fmh2-n7b8
10
vulnerability VCID-fsx8-7qjz-2ubw
11
vulnerability VCID-fyyr-48a7-8qch
12
vulnerability VCID-gbev-1zs8-8bac
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-tzpj-j3x1-ekgk
15
vulnerability VCID-un7r-8sah-33cr
16
vulnerability VCID-x8qf-w4vq-mfhm
17
vulnerability VCID-x8tq-5na6-gfbj
18
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.2
aliases CVE-2021-32768, GHSA-c5c9-8c6m-727v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rhr-8vaz-hqfj
2
url VCID-2rmv-a83x-9ka8
vulnerability_id VCID-2rmv-a83x-9ka8
summary 
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)

### Problem
It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.72122
published_at 2026-06-04T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.72163
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
5
reference_url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-009
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-009
9
reference_url https://github.com/advisories/GHSA-9c6w-55cp-5w25
reference_id GHSA-9c6w-55cp-5w25
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c6w-55cp-5w25
fixed_packages
0
url pkg:composer/typo3/cms@10.4.32
purl pkg:composer/typo3/cms@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-6a22-c7x5-sqe2
2
vulnerability VCID-6hnx-p9hv-jbg2
3
vulnerability VCID-6xgm-uan4-u7fu
4
vulnerability VCID-un7r-8sah-33cr
5
vulnerability VCID-x8qf-w4vq-mfhm
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.32
1
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-6a22-c7x5-sqe2
2
vulnerability VCID-6hnx-p9hv-jbg2
3
vulnerability VCID-6xgm-uan4-u7fu
4
vulnerability VCID-un7r-8sah-33cr
5
vulnerability VCID-x8qf-w4vq-mfhm
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36107, GHSA-9c6w-55cp-5w25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rmv-a83x-9ka8
3
url VCID-3ugj-6m1e-e3hr
vulnerability_id VCID-3ugj-6m1e-e3hr
summary 
Cross-site Scripting
Cross-Site Scripting in Online Media Asset Rendering.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-97
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugj-6m1e-e3hr
4
url VCID-4wnp-gusy-43b8
vulnerability_id VCID-4wnp-gusy-43b8
summary 
TYPO3 Remote Code Execution in third party library swiftmailer
TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code Execution.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-01-03-1.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-01-03-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-001
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-001
3
reference_url https://github.com/advisories/GHSA-g4pf-3jvq-2gcw
reference_id GHSA-g4pf-3jvq-2gcw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4pf-3jvq-2gcw
fixed_packages
0
url pkg:composer/typo3/cms@7.6.15
purl pkg:composer/typo3/cms@7.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5u2f-5zzf-j3e4
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-66ru-n2df-b3ay
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-9726-hafj-wkay
9
vulnerability VCID-9bep-jsfw-x3gn
10
vulnerability VCID-9saf-w56y-pugz
11
vulnerability VCID-abjx-8v46-d7d8
12
vulnerability VCID-dsqm-9q3e-dudw
13
vulnerability VCID-e564-zdku-9fc6
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fdnw-2tz5-4fdr
16
vulnerability VCID-fqkx-v8t5-q3h6
17
vulnerability VCID-gpv4-4tpd-tbaa
18
vulnerability VCID-h7cg-64er-uya9
19
vulnerability VCID-hp99-ncuh-6ugv
20
vulnerability VCID-hsw8-nbs6-auaa
21
vulnerability VCID-hyx9-8ae6-sba8
22
vulnerability VCID-j8sh-5evd-dkaz
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-jq5y-7h9g-mufa
25
vulnerability VCID-jqe4-8hzb-mfea
26
vulnerability VCID-jwb1-3sbg-kfa5
27
vulnerability VCID-mctp-nf36-7qdn
28
vulnerability VCID-njsj-bwjq-fyap
29
vulnerability VCID-p576-w7dd-p3h7
30
vulnerability VCID-p7gd-anw2-1qbz
31
vulnerability VCID-qcnh-z4zh-myaw
32
vulnerability VCID-sy7r-d6pv-yba9
33
vulnerability VCID-teby-zvvw-zkhv
34
vulnerability VCID-tgyt-axv1-c7ag
35
vulnerability VCID-tzpj-j3x1-ekgk
36
vulnerability VCID-u5he-6tqb-gqaf
37
vulnerability VCID-uq77-aax5-k7d8
38
vulnerability VCID-vq15-t92r-5bhx
39
vulnerability VCID-xh68-defe-f7ce
40
vulnerability VCID-xvyu-2hb8-8ufh
41
vulnerability VCID-xw1s-93bu-wuh9
42
vulnerability VCID-ygw4-jdqu-4fbt
43
vulnerability VCID-yz6t-ge1y-qfgr
44
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.15
1
url pkg:composer/typo3/cms@8.5.1
purl pkg:composer/typo3/cms@8.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-5u2f-5zzf-j3e4
11
vulnerability VCID-66kh-c1dm-8fbf
12
vulnerability VCID-66ru-n2df-b3ay
13
vulnerability VCID-7ch1-q9f4-a7bt
14
vulnerability VCID-7m6u-k5tp-gkhy
15
vulnerability VCID-848u-w88s-5bbe
16
vulnerability VCID-94r9-hh4g-jkej
17
vulnerability VCID-953t-q1cr-zyd6
18
vulnerability VCID-9726-hafj-wkay
19
vulnerability VCID-9saf-w56y-pugz
20
vulnerability VCID-9yu1-z7c2-t3fj
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-am6s-67bm-77dr
23
vulnerability VCID-bn3p-39sv-6fdg
24
vulnerability VCID-buj5-2t53-3kcr
25
vulnerability VCID-d6c2-upx1-e7cd
26
vulnerability VCID-dsqm-9q3e-dudw
27
vulnerability VCID-e564-zdku-9fc6
28
vulnerability VCID-emqq-kwjg-3kfk
29
vulnerability VCID-ev4k-5k1d-2bhu
30
vulnerability VCID-f319-jpf5-hyex
31
vulnerability VCID-f837-rs5d-jbbp
32
vulnerability VCID-fdnw-2tz5-4fdr
33
vulnerability VCID-fpa2-ffg1-fyaa
34
vulnerability VCID-fqkc-utex-3kav
35
vulnerability VCID-fqkx-v8t5-q3h6
36
vulnerability VCID-fut7-bb1f-37g7
37
vulnerability VCID-gpv4-4tpd-tbaa
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-hg2n-xera-jkdh
40
vulnerability VCID-hknp-f88a-kqec
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-hsw8-nbs6-auaa
43
vulnerability VCID-hyx9-8ae6-sba8
44
vulnerability VCID-j8hk-bqnb-gycp
45
vulnerability VCID-j8sh-5evd-dkaz
46
vulnerability VCID-je4q-svfw-hqda
47
vulnerability VCID-jp1p-rfxa-hyd9
48
vulnerability VCID-jq5y-7h9g-mufa
49
vulnerability VCID-jqe4-8hzb-mfea
50
vulnerability VCID-jwb1-3sbg-kfa5
51
vulnerability VCID-k5t3-28es-h3ez
52
vulnerability VCID-khpm-e1xb-hydb
53
vulnerability VCID-mctp-nf36-7qdn
54
vulnerability VCID-njsj-bwjq-fyap
55
vulnerability VCID-nney-azbc-pucg
56
vulnerability VCID-p576-w7dd-p3h7
57
vulnerability VCID-p7gd-anw2-1qbz
58
vulnerability VCID-pmvp-twk2-jqe4
59
vulnerability VCID-q2ym-y2rz-1bdn
60
vulnerability VCID-q52p-xfj8-gygd
61
vulnerability VCID-q7vt-19eb-sqeq
62
vulnerability VCID-qcnh-z4zh-myaw
63
vulnerability VCID-qdxh-arxx-wbcr
64
vulnerability VCID-qv14-m93d-jyd9
65
vulnerability VCID-qxab-9uwr-yqhv
66
vulnerability VCID-rqrw-t2kj-mud8
67
vulnerability VCID-ru6w-m6q6-27gn
68
vulnerability VCID-sdjb-gp4t-vbgt
69
vulnerability VCID-sdsa-mh76-kqch
70
vulnerability VCID-sy7r-d6pv-yba9
71
vulnerability VCID-teby-zvvw-zkhv
72
vulnerability VCID-tzpj-j3x1-ekgk
73
vulnerability VCID-u259-2sxq-tbct
74
vulnerability VCID-u5he-6tqb-gqaf
75
vulnerability VCID-u6as-cwxc-pkhk
76
vulnerability VCID-uq77-aax5-k7d8
77
vulnerability VCID-vq15-t92r-5bhx
78
vulnerability VCID-vw2r-g8yy-eyf4
79
vulnerability VCID-w1wb-mq2y-dfca
80
vulnerability VCID-w483-prq4-rycx
81
vulnerability VCID-wat8-4m83-hken
82
vulnerability VCID-wy45-2gmr-fkfg
83
vulnerability VCID-x5x1-w7yv-eye9
84
vulnerability VCID-xh68-defe-f7ce
85
vulnerability VCID-xvyu-2hb8-8ufh
86
vulnerability VCID-xw1s-93bu-wuh9
87
vulnerability VCID-y7ds-p5r2-yuhq
88
vulnerability VCID-ygw4-jdqu-4fbt
89
vulnerability VCID-yh6b-tc4u-v3bk
90
vulnerability VCID-yz6t-ge1y-qfgr
91
vulnerability VCID-zgfw-pk39-gyg8
92
vulnerability VCID-zmwv-gwq3-fkej
93
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.5.1
aliases GHSA-g4pf-3jvq-2gcw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4wnp-gusy-43b8
5
url VCID-5u2f-5zzf-j3e4
vulnerability_id VCID-5u2f-5zzf-j3e4
summary 
Information Disclosure in TYPO3 CMS
Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-2.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-005
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-005
3
reference_url https://github.com/advisories/GHSA-g46h-v2cc-6c94
reference_id GHSA-g46h-v2cc-6c94
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g46h-v2cc-6c94
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-66kh-c1dm-8fbf
11
vulnerability VCID-6a22-c7x5-sqe2
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9yu1-z7c2-t3fj
18
vulnerability VCID-abjx-8v46-d7d8
19
vulnerability VCID-am6s-67bm-77dr
20
vulnerability VCID-bn3p-39sv-6fdg
21
vulnerability VCID-buj5-2t53-3kcr
22
vulnerability VCID-dsqm-9q3e-dudw
23
vulnerability VCID-emqq-kwjg-3kfk
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-f319-jpf5-hyex
26
vulnerability VCID-fdnw-2tz5-4fdr
27
vulnerability VCID-fpa2-ffg1-fyaa
28
vulnerability VCID-fqkc-utex-3kav
29
vulnerability VCID-fqkx-v8t5-q3h6
30
vulnerability VCID-fut7-bb1f-37g7
31
vulnerability VCID-gpv4-4tpd-tbaa
32
vulnerability VCID-hknp-f88a-kqec
33
vulnerability VCID-hp99-ncuh-6ugv
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-hyx9-8ae6-sba8
36
vulnerability VCID-j8hk-bqnb-gycp
37
vulnerability VCID-je4q-svfw-hqda
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jwb1-3sbg-kfa5
41
vulnerability VCID-k5t3-28es-h3ez
42
vulnerability VCID-khpm-e1xb-hydb
43
vulnerability VCID-njsj-bwjq-fyap
44
vulnerability VCID-nney-azbc-pucg
45
vulnerability VCID-p576-w7dd-p3h7
46
vulnerability VCID-p7gd-anw2-1qbz
47
vulnerability VCID-pmvp-twk2-jqe4
48
vulnerability VCID-q7vt-19eb-sqeq
49
vulnerability VCID-qcnh-z4zh-myaw
50
vulnerability VCID-qdxh-arxx-wbcr
51
vulnerability VCID-qv14-m93d-jyd9
52
vulnerability VCID-qxab-9uwr-yqhv
53
vulnerability VCID-rqrw-t2kj-mud8
54
vulnerability VCID-ru6w-m6q6-27gn
55
vulnerability VCID-sdjb-gp4t-vbgt
56
vulnerability VCID-sdsa-mh76-kqch
57
vulnerability VCID-teby-zvvw-zkhv
58
vulnerability VCID-tgyt-axv1-c7ag
59
vulnerability VCID-tzpj-j3x1-ekgk
60
vulnerability VCID-u259-2sxq-tbct
61
vulnerability VCID-u6as-cwxc-pkhk
62
vulnerability VCID-uq77-aax5-k7d8
63
vulnerability VCID-vq15-t92r-5bhx
64
vulnerability VCID-vw2r-g8yy-eyf4
65
vulnerability VCID-w1wb-mq2y-dfca
66
vulnerability VCID-w483-prq4-rycx
67
vulnerability VCID-wat8-4m83-hken
68
vulnerability VCID-x5x1-w7yv-eye9
69
vulnerability VCID-xvyu-2hb8-8ufh
70
vulnerability VCID-xw1s-93bu-wuh9
71
vulnerability VCID-y7ds-p5r2-yuhq
72
vulnerability VCID-yh6b-tc4u-v3bk
73
vulnerability VCID-yz6t-ge1y-qfgr
74
vulnerability VCID-zgfw-pk39-gyg8
75
vulnerability VCID-zmwv-gwq3-fkej
76
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases GHSA-g46h-v2cc-6c94
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5u2f-5zzf-j3e4
6
url VCID-66kh-c1dm-8fbf
vulnerability_id VCID-66kh-c1dm-8fbf
summary 
Authentication Bypass in TYPO3 CMS
It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-001
3
reference_url https://github.com/advisories/GHSA-6f9m-v7mp-7jjq
reference_id GHSA-6f9m-v7mp-7jjq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6f9m-v7mp-7jjq
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-953t-q1cr-zyd6
5
vulnerability VCID-dsqm-9q3e-dudw
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fdnw-2tz5-4fdr
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-gpv4-4tpd-tbaa
10
vulnerability VCID-hp99-ncuh-6ugv
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-hyx9-8ae6-sba8
13
vulnerability VCID-jp1p-rfxa-hyd9
14
vulnerability VCID-jq5y-7h9g-mufa
15
vulnerability VCID-jwb1-3sbg-kfa5
16
vulnerability VCID-p576-w7dd-p3h7
17
vulnerability VCID-p7gd-anw2-1qbz
18
vulnerability VCID-teby-zvvw-zkhv
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-tzpj-j3x1-ekgk
21
vulnerability VCID-uq77-aax5-k7d8
22
vulnerability VCID-xvyu-2hb8-8ufh
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-yz6t-ge1y-qfgr
25
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-6a22-c7x5-sqe2
11
vulnerability VCID-7ch1-q9f4-a7bt
12
vulnerability VCID-7m6u-k5tp-gkhy
13
vulnerability VCID-848u-w88s-5bbe
14
vulnerability VCID-94r9-hh4g-jkej
15
vulnerability VCID-953t-q1cr-zyd6
16
vulnerability VCID-9yu1-z7c2-t3fj
17
vulnerability VCID-am6s-67bm-77dr
18
vulnerability VCID-bn3p-39sv-6fdg
19
vulnerability VCID-buj5-2t53-3kcr
20
vulnerability VCID-dsqm-9q3e-dudw
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-f319-jpf5-hyex
24
vulnerability VCID-fdnw-2tz5-4fdr
25
vulnerability VCID-fqkc-utex-3kav
26
vulnerability VCID-fqkx-v8t5-q3h6
27
vulnerability VCID-fut7-bb1f-37g7
28
vulnerability VCID-gpv4-4tpd-tbaa
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hsw8-nbs6-auaa
31
vulnerability VCID-hyx9-8ae6-sba8
32
vulnerability VCID-j8hk-bqnb-gycp
33
vulnerability VCID-jp1p-rfxa-hyd9
34
vulnerability VCID-jq5y-7h9g-mufa
35
vulnerability VCID-jwb1-3sbg-kfa5
36
vulnerability VCID-k5t3-28es-h3ez
37
vulnerability VCID-khpm-e1xb-hydb
38
vulnerability VCID-nney-azbc-pucg
39
vulnerability VCID-p576-w7dd-p3h7
40
vulnerability VCID-p7gd-anw2-1qbz
41
vulnerability VCID-pmvp-twk2-jqe4
42
vulnerability VCID-q7vt-19eb-sqeq
43
vulnerability VCID-qdxh-arxx-wbcr
44
vulnerability VCID-qv14-m93d-jyd9
45
vulnerability VCID-qxab-9uwr-yqhv
46
vulnerability VCID-rqrw-t2kj-mud8
47
vulnerability VCID-ru6w-m6q6-27gn
48
vulnerability VCID-sdjb-gp4t-vbgt
49
vulnerability VCID-sdsa-mh76-kqch
50
vulnerability VCID-teby-zvvw-zkhv
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-uq77-aax5-k7d8
56
vulnerability VCID-vw2r-g8yy-eyf4
57
vulnerability VCID-w483-prq4-rycx
58
vulnerability VCID-wat8-4m83-hken
59
vulnerability VCID-x5x1-w7yv-eye9
60
vulnerability VCID-xvyu-2hb8-8ufh
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-yz6t-ge1y-qfgr
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zmwv-gwq3-fkej
67
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-6a22-c7x5-sqe2
16
vulnerability VCID-6mnf-2fcw-dqgp
17
vulnerability VCID-7ch1-q9f4-a7bt
18
vulnerability VCID-7m6u-k5tp-gkhy
19
vulnerability VCID-7xv1-78u7-xufp
20
vulnerability VCID-848u-w88s-5bbe
21
vulnerability VCID-8w4e-d49b-nbg8
22
vulnerability VCID-94r9-hh4g-jkej
23
vulnerability VCID-953t-q1cr-zyd6
24
vulnerability VCID-9adx-p876-kyb5
25
vulnerability VCID-9yu1-z7c2-t3fj
26
vulnerability VCID-a1g9-pyz5-9fca
27
vulnerability VCID-am6s-67bm-77dr
28
vulnerability VCID-bbh5-rss8-bfct
29
vulnerability VCID-buj5-2t53-3kcr
30
vulnerability VCID-cvk2-93hm-gkhx
31
vulnerability VCID-dsqm-9q3e-dudw
32
vulnerability VCID-e6zr-4bgg-kkh5
33
vulnerability VCID-emqq-kwjg-3kfk
34
vulnerability VCID-ev4k-5k1d-2bhu
35
vulnerability VCID-f319-jpf5-hyex
36
vulnerability VCID-f4n7-q72x-3yea
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-hsw8-nbs6-auaa
43
vulnerability VCID-j8hk-bqnb-gycp
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-nney-azbc-pucg
51
vulnerability VCID-p576-w7dd-p3h7
52
vulnerability VCID-p7gd-anw2-1qbz
53
vulnerability VCID-pmvp-twk2-jqe4
54
vulnerability VCID-q2t1-kx56-s3c3
55
vulnerability VCID-q7vt-19eb-sqeq
56
vulnerability VCID-qdxh-arxx-wbcr
57
vulnerability VCID-qv14-m93d-jyd9
58
vulnerability VCID-qxab-9uwr-yqhv
59
vulnerability VCID-rqrw-t2kj-mud8
60
vulnerability VCID-ru6w-m6q6-27gn
61
vulnerability VCID-sdjb-gp4t-vbgt
62
vulnerability VCID-sdsa-mh76-kqch
63
vulnerability VCID-teby-zvvw-zkhv
64
vulnerability VCID-tgyt-axv1-c7ag
65
vulnerability VCID-tzpj-j3x1-ekgk
66
vulnerability VCID-u259-2sxq-tbct
67
vulnerability VCID-u6as-cwxc-pkhk
68
vulnerability VCID-un7r-8sah-33cr
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vw2r-g8yy-eyf4
71
vulnerability VCID-w7z1-aw31-vugx
72
vulnerability VCID-wat8-4m83-hken
73
vulnerability VCID-x5x1-w7yv-eye9
74
vulnerability VCID-xvyu-2hb8-8ufh
75
vulnerability VCID-xw1s-93bu-wuh9
76
vulnerability VCID-y7ds-p5r2-yuhq
77
vulnerability VCID-yh6b-tc4u-v3bk
78
vulnerability VCID-yz6t-ge1y-qfgr
79
vulnerability VCID-zeut-9wfp-q7et
80
vulnerability VCID-zgfw-pk39-gyg8
81
vulnerability VCID-zkvq-bms4-gfcv
82
vulnerability VCID-zmwv-gwq3-fkej
83
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-6f9m-v7mp-7jjq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66kh-c1dm-8fbf
7
url VCID-66ru-n2df-b3ay
vulnerability_id VCID-66ru-n2df-b3ay
summary 
Cross-site Scripting
XSS in TYPO3 CMS.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.16
purl pkg:composer/typo3/cms@7.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5u2f-5zzf-j3e4
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-953t-q1cr-zyd6
7
vulnerability VCID-9726-hafj-wkay
8
vulnerability VCID-9saf-w56y-pugz
9
vulnerability VCID-abjx-8v46-d7d8
10
vulnerability VCID-dsqm-9q3e-dudw
11
vulnerability VCID-e564-zdku-9fc6
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fdnw-2tz5-4fdr
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-gpv4-4tpd-tbaa
16
vulnerability VCID-h7cg-64er-uya9
17
vulnerability VCID-hp99-ncuh-6ugv
18
vulnerability VCID-hsw8-nbs6-auaa
19
vulnerability VCID-hyx9-8ae6-sba8
20
vulnerability VCID-j8sh-5evd-dkaz
21
vulnerability VCID-jp1p-rfxa-hyd9
22
vulnerability VCID-jq5y-7h9g-mufa
23
vulnerability VCID-jqe4-8hzb-mfea
24
vulnerability VCID-jwb1-3sbg-kfa5
25
vulnerability VCID-mctp-nf36-7qdn
26
vulnerability VCID-njsj-bwjq-fyap
27
vulnerability VCID-p576-w7dd-p3h7
28
vulnerability VCID-p7gd-anw2-1qbz
29
vulnerability VCID-qcnh-z4zh-myaw
30
vulnerability VCID-sy7r-d6pv-yba9
31
vulnerability VCID-teby-zvvw-zkhv
32
vulnerability VCID-tgyt-axv1-c7ag
33
vulnerability VCID-tzpj-j3x1-ekgk
34
vulnerability VCID-uq77-aax5-k7d8
35
vulnerability VCID-vq15-t92r-5bhx
36
vulnerability VCID-xvyu-2hb8-8ufh
37
vulnerability VCID-xw1s-93bu-wuh9
38
vulnerability VCID-ygw4-jdqu-4fbt
39
vulnerability VCID-yz6t-ge1y-qfgr
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16
1
url pkg:composer/typo3/cms@8.6.1
purl pkg:composer/typo3/cms@8.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-5u2f-5zzf-j3e4
11
vulnerability VCID-66kh-c1dm-8fbf
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9726-hafj-wkay
18
vulnerability VCID-9saf-w56y-pugz
19
vulnerability VCID-9yu1-z7c2-t3fj
20
vulnerability VCID-abjx-8v46-d7d8
21
vulnerability VCID-am6s-67bm-77dr
22
vulnerability VCID-bn3p-39sv-6fdg
23
vulnerability VCID-buj5-2t53-3kcr
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-emqq-kwjg-3kfk
27
vulnerability VCID-ev4k-5k1d-2bhu
28
vulnerability VCID-f319-jpf5-hyex
29
vulnerability VCID-fdnw-2tz5-4fdr
30
vulnerability VCID-fpa2-ffg1-fyaa
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-gpv4-4tpd-tbaa
35
vulnerability VCID-h7cg-64er-uya9
36
vulnerability VCID-hknp-f88a-kqec
37
vulnerability VCID-hp99-ncuh-6ugv
38
vulnerability VCID-hsw8-nbs6-auaa
39
vulnerability VCID-hyx9-8ae6-sba8
40
vulnerability VCID-j8hk-bqnb-gycp
41
vulnerability VCID-j8sh-5evd-dkaz
42
vulnerability VCID-je4q-svfw-hqda
43
vulnerability VCID-jp1p-rfxa-hyd9
44
vulnerability VCID-jq5y-7h9g-mufa
45
vulnerability VCID-jqe4-8hzb-mfea
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-mctp-nf36-7qdn
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2ym-y2rz-1bdn
56
vulnerability VCID-q52p-xfj8-gygd
57
vulnerability VCID-q7vt-19eb-sqeq
58
vulnerability VCID-qcnh-z4zh-myaw
59
vulnerability VCID-qdxh-arxx-wbcr
60
vulnerability VCID-qv14-m93d-jyd9
61
vulnerability VCID-qxab-9uwr-yqhv
62
vulnerability VCID-rqrw-t2kj-mud8
63
vulnerability VCID-ru6w-m6q6-27gn
64
vulnerability VCID-sdjb-gp4t-vbgt
65
vulnerability VCID-sdsa-mh76-kqch
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tzpj-j3x1-ekgk
69
vulnerability VCID-u259-2sxq-tbct
70
vulnerability VCID-u6as-cwxc-pkhk
71
vulnerability VCID-uq77-aax5-k7d8
72
vulnerability VCID-vq15-t92r-5bhx
73
vulnerability VCID-vw2r-g8yy-eyf4
74
vulnerability VCID-w1wb-mq2y-dfca
75
vulnerability VCID-w483-prq4-rycx
76
vulnerability VCID-wat8-4m83-hken
77
vulnerability VCID-wy45-2gmr-fkfg
78
vulnerability VCID-x5x1-w7yv-eye9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y7ds-p5r2-yuhq
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yh6b-tc4u-v3bk
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zgfw-pk39-gyg8
86
vulnerability VCID-zmwv-gwq3-fkej
87
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1
aliases GMS-2017-349
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66ru-n2df-b3ay
8
url VCID-953t-q1cr-zyd6
vulnerability_id VCID-953t-q1cr-zyd6
summary 
Cross-site Scripting
Cross-Site Scripting in Backend Modal Component.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-98
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-953t-q1cr-zyd6
9
url VCID-9726-hafj-wkay
vulnerability_id VCID-9726-hafj-wkay
summary 
Information Disclosure in TYPO3 CMS
HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-3.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-006
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-006
3
reference_url https://github.com/advisories/GHSA-c7p6-3c9c-f88q
reference_id GHSA-c7p6-3c9c-f88q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7p6-3c9c-f88q
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-66kh-c1dm-8fbf
11
vulnerability VCID-6a22-c7x5-sqe2
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9yu1-z7c2-t3fj
18
vulnerability VCID-abjx-8v46-d7d8
19
vulnerability VCID-am6s-67bm-77dr
20
vulnerability VCID-bn3p-39sv-6fdg
21
vulnerability VCID-buj5-2t53-3kcr
22
vulnerability VCID-dsqm-9q3e-dudw
23
vulnerability VCID-emqq-kwjg-3kfk
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-f319-jpf5-hyex
26
vulnerability VCID-fdnw-2tz5-4fdr
27
vulnerability VCID-fpa2-ffg1-fyaa
28
vulnerability VCID-fqkc-utex-3kav
29
vulnerability VCID-fqkx-v8t5-q3h6
30
vulnerability VCID-fut7-bb1f-37g7
31
vulnerability VCID-gpv4-4tpd-tbaa
32
vulnerability VCID-hknp-f88a-kqec
33
vulnerability VCID-hp99-ncuh-6ugv
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-hyx9-8ae6-sba8
36
vulnerability VCID-j8hk-bqnb-gycp
37
vulnerability VCID-je4q-svfw-hqda
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jwb1-3sbg-kfa5
41
vulnerability VCID-k5t3-28es-h3ez
42
vulnerability VCID-khpm-e1xb-hydb
43
vulnerability VCID-njsj-bwjq-fyap
44
vulnerability VCID-nney-azbc-pucg
45
vulnerability VCID-p576-w7dd-p3h7
46
vulnerability VCID-p7gd-anw2-1qbz
47
vulnerability VCID-pmvp-twk2-jqe4
48
vulnerability VCID-q7vt-19eb-sqeq
49
vulnerability VCID-qcnh-z4zh-myaw
50
vulnerability VCID-qdxh-arxx-wbcr
51
vulnerability VCID-qv14-m93d-jyd9
52
vulnerability VCID-qxab-9uwr-yqhv
53
vulnerability VCID-rqrw-t2kj-mud8
54
vulnerability VCID-ru6w-m6q6-27gn
55
vulnerability VCID-sdjb-gp4t-vbgt
56
vulnerability VCID-sdsa-mh76-kqch
57
vulnerability VCID-teby-zvvw-zkhv
58
vulnerability VCID-tgyt-axv1-c7ag
59
vulnerability VCID-tzpj-j3x1-ekgk
60
vulnerability VCID-u259-2sxq-tbct
61
vulnerability VCID-u6as-cwxc-pkhk
62
vulnerability VCID-uq77-aax5-k7d8
63
vulnerability VCID-vq15-t92r-5bhx
64
vulnerability VCID-vw2r-g8yy-eyf4
65
vulnerability VCID-w1wb-mq2y-dfca
66
vulnerability VCID-w483-prq4-rycx
67
vulnerability VCID-wat8-4m83-hken
68
vulnerability VCID-x5x1-w7yv-eye9
69
vulnerability VCID-xvyu-2hb8-8ufh
70
vulnerability VCID-xw1s-93bu-wuh9
71
vulnerability VCID-y7ds-p5r2-yuhq
72
vulnerability VCID-yh6b-tc4u-v3bk
73
vulnerability VCID-yz6t-ge1y-qfgr
74
vulnerability VCID-zgfw-pk39-gyg8
75
vulnerability VCID-zmwv-gwq3-fkej
76
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases GHSA-c7p6-3c9c-f88q
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9726-hafj-wkay
10
url VCID-9saf-w56y-pugz
vulnerability_id VCID-9saf-w56y-pugz
summary Information Disclosure in TYPO3 CMS.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.0
purl pkg:composer/typo3/cms@8.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-5u2f-5zzf-j3e4
11
vulnerability VCID-66kh-c1dm-8fbf
12
vulnerability VCID-6a22-c7x5-sqe2
13
vulnerability VCID-7ch1-q9f4-a7bt
14
vulnerability VCID-7m6u-k5tp-gkhy
15
vulnerability VCID-848u-w88s-5bbe
16
vulnerability VCID-94r9-hh4g-jkej
17
vulnerability VCID-953t-q1cr-zyd6
18
vulnerability VCID-9726-hafj-wkay
19
vulnerability VCID-9yu1-z7c2-t3fj
20
vulnerability VCID-abjx-8v46-d7d8
21
vulnerability VCID-am6s-67bm-77dr
22
vulnerability VCID-bn3p-39sv-6fdg
23
vulnerability VCID-buj5-2t53-3kcr
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-emqq-kwjg-3kfk
27
vulnerability VCID-ev4k-5k1d-2bhu
28
vulnerability VCID-f319-jpf5-hyex
29
vulnerability VCID-fdnw-2tz5-4fdr
30
vulnerability VCID-fpa2-ffg1-fyaa
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-gpv4-4tpd-tbaa
35
vulnerability VCID-h7cg-64er-uya9
36
vulnerability VCID-hknp-f88a-kqec
37
vulnerability VCID-hp99-ncuh-6ugv
38
vulnerability VCID-hsw8-nbs6-auaa
39
vulnerability VCID-hyx9-8ae6-sba8
40
vulnerability VCID-j8hk-bqnb-gycp
41
vulnerability VCID-j8sh-5evd-dkaz
42
vulnerability VCID-je4q-svfw-hqda
43
vulnerability VCID-jp1p-rfxa-hyd9
44
vulnerability VCID-jq5y-7h9g-mufa
45
vulnerability VCID-jqe4-8hzb-mfea
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-mctp-nf36-7qdn
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2ym-y2rz-1bdn
56
vulnerability VCID-q7vt-19eb-sqeq
57
vulnerability VCID-qcnh-z4zh-myaw
58
vulnerability VCID-qdxh-arxx-wbcr
59
vulnerability VCID-qv14-m93d-jyd9
60
vulnerability VCID-qxab-9uwr-yqhv
61
vulnerability VCID-rqrw-t2kj-mud8
62
vulnerability VCID-ru6w-m6q6-27gn
63
vulnerability VCID-sdjb-gp4t-vbgt
64
vulnerability VCID-sdsa-mh76-kqch
65
vulnerability VCID-teby-zvvw-zkhv
66
vulnerability VCID-tgyt-axv1-c7ag
67
vulnerability VCID-tzpj-j3x1-ekgk
68
vulnerability VCID-u259-2sxq-tbct
69
vulnerability VCID-u6as-cwxc-pkhk
70
vulnerability VCID-uq77-aax5-k7d8
71
vulnerability VCID-vq15-t92r-5bhx
72
vulnerability VCID-vw2r-g8yy-eyf4
73
vulnerability VCID-w1wb-mq2y-dfca
74
vulnerability VCID-w483-prq4-rycx
75
vulnerability VCID-wat8-4m83-hken
76
vulnerability VCID-wy45-2gmr-fkfg
77
vulnerability VCID-x5x1-w7yv-eye9
78
vulnerability VCID-xvyu-2hb8-8ufh
79
vulnerability VCID-xw1s-93bu-wuh9
80
vulnerability VCID-y7ds-p5r2-yuhq
81
vulnerability VCID-yh6b-tc4u-v3bk
82
vulnerability VCID-yz6t-ge1y-qfgr
83
vulnerability VCID-zgfw-pk39-gyg8
84
vulnerability VCID-zmwv-gwq3-fkej
85
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0
aliases GMS-2017-351
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9saf-w56y-pugz
11
url VCID-abjx-8v46-d7d8
vulnerability_id VCID-abjx-8v46-d7d8
summary 
Improper Authentication
Authentication Bypass in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-953t-q1cr-zyd6
5
vulnerability VCID-dsqm-9q3e-dudw
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fdnw-2tz5-4fdr
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-gpv4-4tpd-tbaa
10
vulnerability VCID-hp99-ncuh-6ugv
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-hyx9-8ae6-sba8
13
vulnerability VCID-jp1p-rfxa-hyd9
14
vulnerability VCID-jq5y-7h9g-mufa
15
vulnerability VCID-jwb1-3sbg-kfa5
16
vulnerability VCID-p576-w7dd-p3h7
17
vulnerability VCID-p7gd-anw2-1qbz
18
vulnerability VCID-teby-zvvw-zkhv
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-tzpj-j3x1-ekgk
21
vulnerability VCID-uq77-aax5-k7d8
22
vulnerability VCID-xvyu-2hb8-8ufh
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-yz6t-ge1y-qfgr
25
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-6a22-c7x5-sqe2
11
vulnerability VCID-7ch1-q9f4-a7bt
12
vulnerability VCID-7m6u-k5tp-gkhy
13
vulnerability VCID-848u-w88s-5bbe
14
vulnerability VCID-94r9-hh4g-jkej
15
vulnerability VCID-953t-q1cr-zyd6
16
vulnerability VCID-9yu1-z7c2-t3fj
17
vulnerability VCID-am6s-67bm-77dr
18
vulnerability VCID-bn3p-39sv-6fdg
19
vulnerability VCID-buj5-2t53-3kcr
20
vulnerability VCID-dsqm-9q3e-dudw
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-f319-jpf5-hyex
24
vulnerability VCID-fdnw-2tz5-4fdr
25
vulnerability VCID-fqkc-utex-3kav
26
vulnerability VCID-fqkx-v8t5-q3h6
27
vulnerability VCID-fut7-bb1f-37g7
28
vulnerability VCID-gpv4-4tpd-tbaa
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hsw8-nbs6-auaa
31
vulnerability VCID-hyx9-8ae6-sba8
32
vulnerability VCID-j8hk-bqnb-gycp
33
vulnerability VCID-jp1p-rfxa-hyd9
34
vulnerability VCID-jq5y-7h9g-mufa
35
vulnerability VCID-jwb1-3sbg-kfa5
36
vulnerability VCID-k5t3-28es-h3ez
37
vulnerability VCID-khpm-e1xb-hydb
38
vulnerability VCID-nney-azbc-pucg
39
vulnerability VCID-p576-w7dd-p3h7
40
vulnerability VCID-p7gd-anw2-1qbz
41
vulnerability VCID-pmvp-twk2-jqe4
42
vulnerability VCID-q7vt-19eb-sqeq
43
vulnerability VCID-qdxh-arxx-wbcr
44
vulnerability VCID-qv14-m93d-jyd9
45
vulnerability VCID-qxab-9uwr-yqhv
46
vulnerability VCID-rqrw-t2kj-mud8
47
vulnerability VCID-ru6w-m6q6-27gn
48
vulnerability VCID-sdjb-gp4t-vbgt
49
vulnerability VCID-sdsa-mh76-kqch
50
vulnerability VCID-teby-zvvw-zkhv
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-uq77-aax5-k7d8
56
vulnerability VCID-vw2r-g8yy-eyf4
57
vulnerability VCID-w483-prq4-rycx
58
vulnerability VCID-wat8-4m83-hken
59
vulnerability VCID-x5x1-w7yv-eye9
60
vulnerability VCID-xvyu-2hb8-8ufh
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-yz6t-ge1y-qfgr
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zmwv-gwq3-fkej
67
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-6a22-c7x5-sqe2
16
vulnerability VCID-6mnf-2fcw-dqgp
17
vulnerability VCID-7ch1-q9f4-a7bt
18
vulnerability VCID-7m6u-k5tp-gkhy
19
vulnerability VCID-7xv1-78u7-xufp
20
vulnerability VCID-848u-w88s-5bbe
21
vulnerability VCID-8w4e-d49b-nbg8
22
vulnerability VCID-94r9-hh4g-jkej
23
vulnerability VCID-953t-q1cr-zyd6
24
vulnerability VCID-9adx-p876-kyb5
25
vulnerability VCID-9yu1-z7c2-t3fj
26
vulnerability VCID-a1g9-pyz5-9fca
27
vulnerability VCID-am6s-67bm-77dr
28
vulnerability VCID-bbh5-rss8-bfct
29
vulnerability VCID-buj5-2t53-3kcr
30
vulnerability VCID-cvk2-93hm-gkhx
31
vulnerability VCID-dsqm-9q3e-dudw
32
vulnerability VCID-e6zr-4bgg-kkh5
33
vulnerability VCID-emqq-kwjg-3kfk
34
vulnerability VCID-ev4k-5k1d-2bhu
35
vulnerability VCID-f319-jpf5-hyex
36
vulnerability VCID-f4n7-q72x-3yea
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-hsw8-nbs6-auaa
43
vulnerability VCID-j8hk-bqnb-gycp
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-nney-azbc-pucg
51
vulnerability VCID-p576-w7dd-p3h7
52
vulnerability VCID-p7gd-anw2-1qbz
53
vulnerability VCID-pmvp-twk2-jqe4
54
vulnerability VCID-q2t1-kx56-s3c3
55
vulnerability VCID-q7vt-19eb-sqeq
56
vulnerability VCID-qdxh-arxx-wbcr
57
vulnerability VCID-qv14-m93d-jyd9
58
vulnerability VCID-qxab-9uwr-yqhv
59
vulnerability VCID-rqrw-t2kj-mud8
60
vulnerability VCID-ru6w-m6q6-27gn
61
vulnerability VCID-sdjb-gp4t-vbgt
62
vulnerability VCID-sdsa-mh76-kqch
63
vulnerability VCID-teby-zvvw-zkhv
64
vulnerability VCID-tgyt-axv1-c7ag
65
vulnerability VCID-tzpj-j3x1-ekgk
66
vulnerability VCID-u259-2sxq-tbct
67
vulnerability VCID-u6as-cwxc-pkhk
68
vulnerability VCID-un7r-8sah-33cr
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vw2r-g8yy-eyf4
71
vulnerability VCID-w7z1-aw31-vugx
72
vulnerability VCID-wat8-4m83-hken
73
vulnerability VCID-x5x1-w7yv-eye9
74
vulnerability VCID-xvyu-2hb8-8ufh
75
vulnerability VCID-xw1s-93bu-wuh9
76
vulnerability VCID-y7ds-p5r2-yuhq
77
vulnerability VCID-yh6b-tc4u-v3bk
78
vulnerability VCID-yz6t-ge1y-qfgr
79
vulnerability VCID-zeut-9wfp-q7et
80
vulnerability VCID-zgfw-pk39-gyg8
81
vulnerability VCID-zkvq-bms4-gfcv
82
vulnerability VCID-zmwv-gwq3-fkej
83
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GMS-2018-93
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-abjx-8v46-d7d8
12
url VCID-dsqm-9q3e-dudw
vulnerability_id VCID-dsqm-9q3e-dudw
summary 
Uncontrolled Resource Consumption
Denial of Service in Online Media Asset Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-102
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsqm-9q3e-dudw
13
url VCID-e564-zdku-9fc6
vulnerability_id VCID-e564-zdku-9fc6
summary 
Information Disclosure
HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-66kh-c1dm-8fbf
11
vulnerability VCID-6a22-c7x5-sqe2
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9yu1-z7c2-t3fj
18
vulnerability VCID-abjx-8v46-d7d8
19
vulnerability VCID-am6s-67bm-77dr
20
vulnerability VCID-bn3p-39sv-6fdg
21
vulnerability VCID-buj5-2t53-3kcr
22
vulnerability VCID-dsqm-9q3e-dudw
23
vulnerability VCID-emqq-kwjg-3kfk
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-f319-jpf5-hyex
26
vulnerability VCID-fdnw-2tz5-4fdr
27
vulnerability VCID-fpa2-ffg1-fyaa
28
vulnerability VCID-fqkc-utex-3kav
29
vulnerability VCID-fqkx-v8t5-q3h6
30
vulnerability VCID-fut7-bb1f-37g7
31
vulnerability VCID-gpv4-4tpd-tbaa
32
vulnerability VCID-hknp-f88a-kqec
33
vulnerability VCID-hp99-ncuh-6ugv
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-hyx9-8ae6-sba8
36
vulnerability VCID-j8hk-bqnb-gycp
37
vulnerability VCID-je4q-svfw-hqda
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jwb1-3sbg-kfa5
41
vulnerability VCID-k5t3-28es-h3ez
42
vulnerability VCID-khpm-e1xb-hydb
43
vulnerability VCID-njsj-bwjq-fyap
44
vulnerability VCID-nney-azbc-pucg
45
vulnerability VCID-p576-w7dd-p3h7
46
vulnerability VCID-p7gd-anw2-1qbz
47
vulnerability VCID-pmvp-twk2-jqe4
48
vulnerability VCID-q7vt-19eb-sqeq
49
vulnerability VCID-qcnh-z4zh-myaw
50
vulnerability VCID-qdxh-arxx-wbcr
51
vulnerability VCID-qv14-m93d-jyd9
52
vulnerability VCID-qxab-9uwr-yqhv
53
vulnerability VCID-rqrw-t2kj-mud8
54
vulnerability VCID-ru6w-m6q6-27gn
55
vulnerability VCID-sdjb-gp4t-vbgt
56
vulnerability VCID-sdsa-mh76-kqch
57
vulnerability VCID-teby-zvvw-zkhv
58
vulnerability VCID-tgyt-axv1-c7ag
59
vulnerability VCID-tzpj-j3x1-ekgk
60
vulnerability VCID-u259-2sxq-tbct
61
vulnerability VCID-u6as-cwxc-pkhk
62
vulnerability VCID-uq77-aax5-k7d8
63
vulnerability VCID-vq15-t92r-5bhx
64
vulnerability VCID-vw2r-g8yy-eyf4
65
vulnerability VCID-w1wb-mq2y-dfca
66
vulnerability VCID-w483-prq4-rycx
67
vulnerability VCID-wat8-4m83-hken
68
vulnerability VCID-x5x1-w7yv-eye9
69
vulnerability VCID-xvyu-2hb8-8ufh
70
vulnerability VCID-xw1s-93bu-wuh9
71
vulnerability VCID-y7ds-p5r2-yuhq
72
vulnerability VCID-yh6b-tc4u-v3bk
73
vulnerability VCID-yz6t-ge1y-qfgr
74
vulnerability VCID-zgfw-pk39-gyg8
75
vulnerability VCID-zmwv-gwq3-fkej
76
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-006
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e564-zdku-9fc6
14
url VCID-ev4k-5k1d-2bhu
vulnerability_id VCID-ev4k-5k1d-2bhu
summary 
URL Redirection to Untrusted Site (Open Redirect)
Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48835
published_at 2026-06-05T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48774
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-001
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
reference_id CVE-2021-21338
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
fixed_packages
0
url pkg:composer/typo3/cms@7.6.51
purl pkg:composer/typo3/cms@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51
1
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
2
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-6a22-c7x5-sqe2
4
vulnerability VCID-a1g9-pyz5-9fca
5
vulnerability VCID-hsw8-nbs6-auaa
6
vulnerability VCID-j8hk-bqnb-gycp
7
vulnerability VCID-sdjb-gp4t-vbgt
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-un7r-8sah-33cr
10
vulnerability VCID-uq77-aax5-k7d8
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
3
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fyyr-48a7-8qch
12
vulnerability VCID-gbev-1zs8-8bac
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-j8hk-bqnb-gycp
15
vulnerability VCID-sdjb-gp4t-vbgt
16
vulnerability VCID-tzpj-j3x1-ekgk
17
vulnerability VCID-un7r-8sah-33cr
18
vulnerability VCID-uq77-aax5-k7d8
19
vulnerability VCID-x8qf-w4vq-mfhm
20
vulnerability VCID-x8tq-5na6-gfbj
21
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
4
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fsx8-7qjz-2ubw
12
vulnerability VCID-fyyr-48a7-8qch
13
vulnerability VCID-gbev-1zs8-8bac
14
vulnerability VCID-hsw8-nbs6-auaa
15
vulnerability VCID-j8hk-bqnb-gycp
16
vulnerability VCID-sdjb-gp4t-vbgt
17
vulnerability VCID-tzpj-j3x1-ekgk
18
vulnerability VCID-un7r-8sah-33cr
19
vulnerability VCID-uq77-aax5-k7d8
20
vulnerability VCID-x8qf-w4vq-mfhm
21
vulnerability VCID-x8tq-5na6-gfbj
22
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21338, GHSA-4jhw-2p6j-5wmp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev4k-5k1d-2bhu
15
url VCID-fdnw-2tz5-4fdr
vulnerability_id VCID-fdnw-2tz5-4fdr
summary 
Uncontrolled Resource Consumption
Denial of Service in Frontend Record Registration.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.0.0
purl pkg:composer/typo3/cms@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-66kh-c1dm-8fbf
16
vulnerability VCID-6a22-c7x5-sqe2
17
vulnerability VCID-6mnf-2fcw-dqgp
18
vulnerability VCID-7ch1-q9f4-a7bt
19
vulnerability VCID-7m6u-k5tp-gkhy
20
vulnerability VCID-7xv1-78u7-xufp
21
vulnerability VCID-848u-w88s-5bbe
22
vulnerability VCID-8w4e-d49b-nbg8
23
vulnerability VCID-94r9-hh4g-jkej
24
vulnerability VCID-953t-q1cr-zyd6
25
vulnerability VCID-9adx-p876-kyb5
26
vulnerability VCID-9yu1-z7c2-t3fj
27
vulnerability VCID-a1g9-pyz5-9fca
28
vulnerability VCID-abjx-8v46-d7d8
29
vulnerability VCID-am6s-67bm-77dr
30
vulnerability VCID-bbh5-rss8-bfct
31
vulnerability VCID-bcbd-zzet-mff6
32
vulnerability VCID-buj5-2t53-3kcr
33
vulnerability VCID-cbmm-1b2k-8qaz
34
vulnerability VCID-cvk2-93hm-gkhx
35
vulnerability VCID-dsqm-9q3e-dudw
36
vulnerability VCID-e6zr-4bgg-kkh5
37
vulnerability VCID-emqq-kwjg-3kfk
38
vulnerability VCID-ev4k-5k1d-2bhu
39
vulnerability VCID-f319-jpf5-hyex
40
vulnerability VCID-f4n7-q72x-3yea
41
vulnerability VCID-fpa2-ffg1-fyaa
42
vulnerability VCID-fqkc-utex-3kav
43
vulnerability VCID-fqkx-v8t5-q3h6
44
vulnerability VCID-fut7-bb1f-37g7
45
vulnerability VCID-gpv4-4tpd-tbaa
46
vulnerability VCID-hknp-f88a-kqec
47
vulnerability VCID-hp99-ncuh-6ugv
48
vulnerability VCID-hsw8-nbs6-auaa
49
vulnerability VCID-j8hk-bqnb-gycp
50
vulnerability VCID-je4q-svfw-hqda
51
vulnerability VCID-jp1p-rfxa-hyd9
52
vulnerability VCID-jq5y-7h9g-mufa
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-k5t3-28es-h3ez
55
vulnerability VCID-khpm-e1xb-hydb
56
vulnerability VCID-n1gz-y615-cbbk
57
vulnerability VCID-njsj-bwjq-fyap
58
vulnerability VCID-nney-azbc-pucg
59
vulnerability VCID-p576-w7dd-p3h7
60
vulnerability VCID-p7gd-anw2-1qbz
61
vulnerability VCID-pmvp-twk2-jqe4
62
vulnerability VCID-q2t1-kx56-s3c3
63
vulnerability VCID-q7vt-19eb-sqeq
64
vulnerability VCID-qcnh-z4zh-myaw
65
vulnerability VCID-qdxh-arxx-wbcr
66
vulnerability VCID-qv14-m93d-jyd9
67
vulnerability VCID-qxab-9uwr-yqhv
68
vulnerability VCID-rqrw-t2kj-mud8
69
vulnerability VCID-ru6w-m6q6-27gn
70
vulnerability VCID-sdjb-gp4t-vbgt
71
vulnerability VCID-sdsa-mh76-kqch
72
vulnerability VCID-teby-zvvw-zkhv
73
vulnerability VCID-tgyt-axv1-c7ag
74
vulnerability VCID-tzpj-j3x1-ekgk
75
vulnerability VCID-u259-2sxq-tbct
76
vulnerability VCID-u6as-cwxc-pkhk
77
vulnerability VCID-un7r-8sah-33cr
78
vulnerability VCID-uq77-aax5-k7d8
79
vulnerability VCID-vq15-t92r-5bhx
80
vulnerability VCID-vw2r-g8yy-eyf4
81
vulnerability VCID-w1wb-mq2y-dfca
82
vulnerability VCID-w7z1-aw31-vugx
83
vulnerability VCID-wat8-4m83-hken
84
vulnerability VCID-x5x1-w7yv-eye9
85
vulnerability VCID-xvyu-2hb8-8ufh
86
vulnerability VCID-xw1s-93bu-wuh9
87
vulnerability VCID-y7ds-p5r2-yuhq
88
vulnerability VCID-yh6b-tc4u-v3bk
89
vulnerability VCID-yz6t-ge1y-qfgr
90
vulnerability VCID-zeut-9wfp-q7et
91
vulnerability VCID-zgfw-pk39-gyg8
92
vulnerability VCID-zkvq-bms4-gfcv
93
vulnerability VCID-zmwv-gwq3-fkej
94
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0
aliases GMS-2018-103
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdnw-2tz5-4fdr
16
url VCID-fqkx-v8t5-q3h6
vulnerability_id VCID-fqkx-v8t5-q3h6
summary 
Cleartext Storage of Sensitive Information
User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32296
published_at 2026-06-05T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32224
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-006
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
reference_id CVE-2021-21339
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
fixed_packages
0
url pkg:composer/typo3/cms@7.6.51
purl pkg:composer/typo3/cms@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51
1
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
2
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-6a22-c7x5-sqe2
4
vulnerability VCID-a1g9-pyz5-9fca
5
vulnerability VCID-hsw8-nbs6-auaa
6
vulnerability VCID-j8hk-bqnb-gycp
7
vulnerability VCID-sdjb-gp4t-vbgt
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-un7r-8sah-33cr
10
vulnerability VCID-uq77-aax5-k7d8
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
3
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fyyr-48a7-8qch
12
vulnerability VCID-gbev-1zs8-8bac
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-j8hk-bqnb-gycp
15
vulnerability VCID-sdjb-gp4t-vbgt
16
vulnerability VCID-tzpj-j3x1-ekgk
17
vulnerability VCID-un7r-8sah-33cr
18
vulnerability VCID-uq77-aax5-k7d8
19
vulnerability VCID-x8qf-w4vq-mfhm
20
vulnerability VCID-x8tq-5na6-gfbj
21
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
4
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fsx8-7qjz-2ubw
12
vulnerability VCID-fyyr-48a7-8qch
13
vulnerability VCID-gbev-1zs8-8bac
14
vulnerability VCID-hsw8-nbs6-auaa
15
vulnerability VCID-j8hk-bqnb-gycp
16
vulnerability VCID-sdjb-gp4t-vbgt
17
vulnerability VCID-tzpj-j3x1-ekgk
18
vulnerability VCID-un7r-8sah-33cr
19
vulnerability VCID-uq77-aax5-k7d8
20
vulnerability VCID-x8qf-w4vq-mfhm
21
vulnerability VCID-x8tq-5na6-gfbj
22
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21339, GHSA-qx3w-4864-94ch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkx-v8t5-q3h6
17
url VCID-gpv4-4tpd-tbaa
vulnerability_id VCID-gpv4-4tpd-tbaa
summary 
TYPO3 Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile.

Template patterns that are affected are

- ###FEUSER_[fieldName]### using system extension felogin
- <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78
3
reference_url https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068
4
reference_url https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-008
6
reference_url https://github.com/advisories/GHSA-2rcw-9hrm-8q7q
reference_id GHSA-2rcw-9hrm-8q7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rcw-9hrm-8q7q
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-2rcw-9hrm-8q7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gpv4-4tpd-tbaa
18
url VCID-h7cg-64er-uya9
vulnerability_id VCID-h7cg-64er-uya9
summary 
Unrestricted Upload of File with Dangerous Type
Unrestricted File Upload vulnerability in the `fileDenyPattern` in `sysext/core/Classes/Core/SystemEnvironmentBuilder`.
references
0
reference_url http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14251
reference_id
reference_type
scores
0
value 0.03536
scoring_system epss
scoring_elements 0.87901
published_at 2026-06-05T12:55:00Z
1
value 0.03536
scoring_system epss
scoring_elements 0.8788
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14251
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007
4
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
5
reference_url http://www.securityfocus.com/bid/100620
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/100620
6
reference_url http://www.securitytracker.com/id/1039295
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039295
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14251
reference_id CVE-2017-14251
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14251
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-66kh-c1dm-8fbf
11
vulnerability VCID-6a22-c7x5-sqe2
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9yu1-z7c2-t3fj
18
vulnerability VCID-abjx-8v46-d7d8
19
vulnerability VCID-am6s-67bm-77dr
20
vulnerability VCID-bn3p-39sv-6fdg
21
vulnerability VCID-buj5-2t53-3kcr
22
vulnerability VCID-dsqm-9q3e-dudw
23
vulnerability VCID-emqq-kwjg-3kfk
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-f319-jpf5-hyex
26
vulnerability VCID-fdnw-2tz5-4fdr
27
vulnerability VCID-fpa2-ffg1-fyaa
28
vulnerability VCID-fqkc-utex-3kav
29
vulnerability VCID-fqkx-v8t5-q3h6
30
vulnerability VCID-fut7-bb1f-37g7
31
vulnerability VCID-gpv4-4tpd-tbaa
32
vulnerability VCID-hknp-f88a-kqec
33
vulnerability VCID-hp99-ncuh-6ugv
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-hyx9-8ae6-sba8
36
vulnerability VCID-j8hk-bqnb-gycp
37
vulnerability VCID-je4q-svfw-hqda
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jwb1-3sbg-kfa5
41
vulnerability VCID-k5t3-28es-h3ez
42
vulnerability VCID-khpm-e1xb-hydb
43
vulnerability VCID-njsj-bwjq-fyap
44
vulnerability VCID-nney-azbc-pucg
45
vulnerability VCID-p576-w7dd-p3h7
46
vulnerability VCID-p7gd-anw2-1qbz
47
vulnerability VCID-pmvp-twk2-jqe4
48
vulnerability VCID-q7vt-19eb-sqeq
49
vulnerability VCID-qcnh-z4zh-myaw
50
vulnerability VCID-qdxh-arxx-wbcr
51
vulnerability VCID-qv14-m93d-jyd9
52
vulnerability VCID-qxab-9uwr-yqhv
53
vulnerability VCID-rqrw-t2kj-mud8
54
vulnerability VCID-ru6w-m6q6-27gn
55
vulnerability VCID-sdjb-gp4t-vbgt
56
vulnerability VCID-sdsa-mh76-kqch
57
vulnerability VCID-teby-zvvw-zkhv
58
vulnerability VCID-tgyt-axv1-c7ag
59
vulnerability VCID-tzpj-j3x1-ekgk
60
vulnerability VCID-u259-2sxq-tbct
61
vulnerability VCID-u6as-cwxc-pkhk
62
vulnerability VCID-uq77-aax5-k7d8
63
vulnerability VCID-vq15-t92r-5bhx
64
vulnerability VCID-vw2r-g8yy-eyf4
65
vulnerability VCID-w1wb-mq2y-dfca
66
vulnerability VCID-w483-prq4-rycx
67
vulnerability VCID-wat8-4m83-hken
68
vulnerability VCID-x5x1-w7yv-eye9
69
vulnerability VCID-xvyu-2hb8-8ufh
70
vulnerability VCID-xw1s-93bu-wuh9
71
vulnerability VCID-y7ds-p5r2-yuhq
72
vulnerability VCID-yh6b-tc4u-v3bk
73
vulnerability VCID-yz6t-ge1y-qfgr
74
vulnerability VCID-zgfw-pk39-gyg8
75
vulnerability VCID-zmwv-gwq3-fkej
76
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases CVE-2017-14251, GHSA-fh4q-hxrw-cjqq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h7cg-64er-uya9
19
url VCID-h7hf-sf2q-73ay
vulnerability_id VCID-h7hf-sf2q-73ay
summary 
Code Injection
Remote Code Execution in third party library swiftmailer.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.15
purl pkg:composer/typo3/cms@7.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5u2f-5zzf-j3e4
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-66ru-n2df-b3ay
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-9726-hafj-wkay
9
vulnerability VCID-9bep-jsfw-x3gn
10
vulnerability VCID-9saf-w56y-pugz
11
vulnerability VCID-abjx-8v46-d7d8
12
vulnerability VCID-dsqm-9q3e-dudw
13
vulnerability VCID-e564-zdku-9fc6
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fdnw-2tz5-4fdr
16
vulnerability VCID-fqkx-v8t5-q3h6
17
vulnerability VCID-gpv4-4tpd-tbaa
18
vulnerability VCID-h7cg-64er-uya9
19
vulnerability VCID-hp99-ncuh-6ugv
20
vulnerability VCID-hsw8-nbs6-auaa
21
vulnerability VCID-hyx9-8ae6-sba8
22
vulnerability VCID-j8sh-5evd-dkaz
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-jq5y-7h9g-mufa
25
vulnerability VCID-jqe4-8hzb-mfea
26
vulnerability VCID-jwb1-3sbg-kfa5
27
vulnerability VCID-mctp-nf36-7qdn
28
vulnerability VCID-njsj-bwjq-fyap
29
vulnerability VCID-p576-w7dd-p3h7
30
vulnerability VCID-p7gd-anw2-1qbz
31
vulnerability VCID-qcnh-z4zh-myaw
32
vulnerability VCID-sy7r-d6pv-yba9
33
vulnerability VCID-teby-zvvw-zkhv
34
vulnerability VCID-tgyt-axv1-c7ag
35
vulnerability VCID-tzpj-j3x1-ekgk
36
vulnerability VCID-u5he-6tqb-gqaf
37
vulnerability VCID-uq77-aax5-k7d8
38
vulnerability VCID-vq15-t92r-5bhx
39
vulnerability VCID-xh68-defe-f7ce
40
vulnerability VCID-xvyu-2hb8-8ufh
41
vulnerability VCID-xw1s-93bu-wuh9
42
vulnerability VCID-ygw4-jdqu-4fbt
43
vulnerability VCID-yz6t-ge1y-qfgr
44
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.15
1
url pkg:composer/typo3/cms@8.5.0
purl pkg:composer/typo3/cms@8.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-4wnp-gusy-43b8
10
vulnerability VCID-5k47-9k7t-rqak
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-7ch1-q9f4-a7bt
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-848u-w88s-5bbe
17
vulnerability VCID-94r9-hh4g-jkej
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-abjx-8v46-d7d8
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bn3p-39sv-6fdg
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-d6c2-upx1-e7cd
27
vulnerability VCID-dsqm-9q3e-dudw
28
vulnerability VCID-e564-zdku-9fc6
29
vulnerability VCID-emqq-kwjg-3kfk
30
vulnerability VCID-ev4k-5k1d-2bhu
31
vulnerability VCID-f319-jpf5-hyex
32
vulnerability VCID-f837-rs5d-jbbp
33
vulnerability VCID-fdnw-2tz5-4fdr
34
vulnerability VCID-fpa2-ffg1-fyaa
35
vulnerability VCID-fqkc-utex-3kav
36
vulnerability VCID-fqkx-v8t5-q3h6
37
vulnerability VCID-fut7-bb1f-37g7
38
vulnerability VCID-gpv4-4tpd-tbaa
39
vulnerability VCID-h7cg-64er-uya9
40
vulnerability VCID-hg2n-xera-jkdh
41
vulnerability VCID-hknp-f88a-kqec
42
vulnerability VCID-hp99-ncuh-6ugv
43
vulnerability VCID-hsw8-nbs6-auaa
44
vulnerability VCID-hyx9-8ae6-sba8
45
vulnerability VCID-j8hk-bqnb-gycp
46
vulnerability VCID-j8sh-5evd-dkaz
47
vulnerability VCID-je4q-svfw-hqda
48
vulnerability VCID-jp1p-rfxa-hyd9
49
vulnerability VCID-jq5y-7h9g-mufa
50
vulnerability VCID-jqe4-8hzb-mfea
51
vulnerability VCID-jwb1-3sbg-kfa5
52
vulnerability VCID-k5t3-28es-h3ez
53
vulnerability VCID-khpm-e1xb-hydb
54
vulnerability VCID-mctp-nf36-7qdn
55
vulnerability VCID-njsj-bwjq-fyap
56
vulnerability VCID-nney-azbc-pucg
57
vulnerability VCID-p576-w7dd-p3h7
58
vulnerability VCID-p7gd-anw2-1qbz
59
vulnerability VCID-pmvp-twk2-jqe4
60
vulnerability VCID-q2ym-y2rz-1bdn
61
vulnerability VCID-q52p-xfj8-gygd
62
vulnerability VCID-q7vt-19eb-sqeq
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-qdxh-arxx-wbcr
65
vulnerability VCID-qv14-m93d-jyd9
66
vulnerability VCID-qxab-9uwr-yqhv
67
vulnerability VCID-rqrw-t2kj-mud8
68
vulnerability VCID-ru6w-m6q6-27gn
69
vulnerability VCID-sdjb-gp4t-vbgt
70
vulnerability VCID-sdsa-mh76-kqch
71
vulnerability VCID-sy7r-d6pv-yba9
72
vulnerability VCID-teby-zvvw-zkhv
73
vulnerability VCID-tzpj-j3x1-ekgk
74
vulnerability VCID-u259-2sxq-tbct
75
vulnerability VCID-u5he-6tqb-gqaf
76
vulnerability VCID-u6as-cwxc-pkhk
77
vulnerability VCID-uq77-aax5-k7d8
78
vulnerability VCID-vq15-t92r-5bhx
79
vulnerability VCID-vw2r-g8yy-eyf4
80
vulnerability VCID-w1wb-mq2y-dfca
81
vulnerability VCID-w483-prq4-rycx
82
vulnerability VCID-wat8-4m83-hken
83
vulnerability VCID-wy45-2gmr-fkfg
84
vulnerability VCID-x5x1-w7yv-eye9
85
vulnerability VCID-xh68-defe-f7ce
86
vulnerability VCID-xvyu-2hb8-8ufh
87
vulnerability VCID-xw1s-93bu-wuh9
88
vulnerability VCID-y7ds-p5r2-yuhq
89
vulnerability VCID-ygw4-jdqu-4fbt
90
vulnerability VCID-yh6b-tc4u-v3bk
91
vulnerability VCID-yz6t-ge1y-qfgr
92
vulnerability VCID-zgfw-pk39-gyg8
93
vulnerability VCID-zmwv-gwq3-fkej
94
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.5.0
aliases GMS-2017-347
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h7hf-sf2q-73ay
20
url VCID-hp99-ncuh-6ugv
vulnerability_id VCID-hp99-ncuh-6ugv
summary 
Cross-site Scripting
Cross-Site Scripting in Frontend User Login.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-99
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hp99-ncuh-6ugv
21
url VCID-hsw8-nbs6-auaa
vulnerability_id VCID-hsw8-nbs6-auaa
summary 
Insertion of Sensitive Information into Log File in typo3/cms-core
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace.

### Solution
Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

### Credits
Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
reference_id
reference_type
scores
0
value 0.00391
scoring_system epss
scoring_elements 0.6051
published_at 2026-06-05T12:55:00Z
1
value 0.00391
scoring_system epss
scoring_elements 0.60462
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
2
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
3
reference_url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-002
7
reference_url https://github.com/advisories/GHSA-fh99-4pgr-8j99
reference_id GHSA-fh99-4pgr-8j99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh99-4pgr-8j99
fixed_packages
0
url pkg:composer/typo3/cms@10.4.29
purl pkg:composer/typo3/cms@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-6a22-c7x5-sqe2
3
vulnerability VCID-6hnx-p9hv-jbg2
4
vulnerability VCID-6xgm-uan4-u7fu
5
vulnerability VCID-e4zc-fmh2-n7b8
6
vulnerability VCID-fyyr-48a7-8qch
7
vulnerability VCID-tzpj-j3x1-ekgk
8
vulnerability VCID-un7r-8sah-33cr
9
vulnerability VCID-x8qf-w4vq-mfhm
10
vulnerability VCID-x8tq-5na6-gfbj
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.29
1
url pkg:composer/typo3/cms@11.5.11
purl pkg:composer/typo3/cms@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-6a22-c7x5-sqe2
3
vulnerability VCID-6hnx-p9hv-jbg2
4
vulnerability VCID-6xgm-uan4-u7fu
5
vulnerability VCID-e4zc-fmh2-n7b8
6
vulnerability VCID-fyyr-48a7-8qch
7
vulnerability VCID-prdv-mrtk-gkdc
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-un7r-8sah-33cr
10
vulnerability VCID-x8qf-w4vq-mfhm
11
vulnerability VCID-x8tq-5na6-gfbj
12
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.11
aliases CVE-2022-31047, GHSA-fh99-4pgr-8j99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hsw8-nbs6-auaa
22
url VCID-hyx9-8ae6-sba8
vulnerability_id VCID-hyx9-8ae6-sba8
summary 
TYPO3 Denial of Service in Frontend Record Registration
TYPO3’s built-in record registration functionality (aka `basic shopping cart`) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create  an arbitrary amount of individual session-data records in the database.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-7.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-7.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/05011d1248c54d00960e344fd920a6246da92415
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/05011d1248c54d00960e344fd920a6246da92415
3
reference_url https://github.com/TYPO3/typo3/commit/fc2b4b9fb978088267f83e73cd401d4371dd40e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fc2b4b9fb978088267f83e73cd401d4371dd40e3
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-012
5
reference_url https://github.com/advisories/GHSA-g585-crjf-vhwq
reference_id GHSA-g585-crjf-vhwq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g585-crjf-vhwq
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
aliases GHSA-g585-crjf-vhwq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyx9-8ae6-sba8
23
url VCID-j8sh-5evd-dkaz
vulnerability_id VCID-j8sh-5evd-dkaz
summary 
Arbitrary Code Execution in TYPO3 CMS
Due to a missing file extension in the fileDenyPattern, backend user are allowed to upload *.pht files which can be executed in certain web server setups. The new default fileDenyPattern is the following, which might have been overridden in the TYPO3 Install Tool.
```
\.(php[3-7]?|phpsh|phtml|pht)(\..*)?$|^\.htaccess$
```
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-4.yaml
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-007
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-007
3
reference_url https://github.com/advisories/GHSA-67wg-6j7r-mqh8
reference_id GHSA-67wg-6j7r-mqh8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67wg-6j7r-mqh8
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-66kh-c1dm-8fbf
11
vulnerability VCID-6a22-c7x5-sqe2
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9yu1-z7c2-t3fj
18
vulnerability VCID-abjx-8v46-d7d8
19
vulnerability VCID-am6s-67bm-77dr
20
vulnerability VCID-bn3p-39sv-6fdg
21
vulnerability VCID-buj5-2t53-3kcr
22
vulnerability VCID-dsqm-9q3e-dudw
23
vulnerability VCID-emqq-kwjg-3kfk
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-f319-jpf5-hyex
26
vulnerability VCID-fdnw-2tz5-4fdr
27
vulnerability VCID-fpa2-ffg1-fyaa
28
vulnerability VCID-fqkc-utex-3kav
29
vulnerability VCID-fqkx-v8t5-q3h6
30
vulnerability VCID-fut7-bb1f-37g7
31
vulnerability VCID-gpv4-4tpd-tbaa
32
vulnerability VCID-hknp-f88a-kqec
33
vulnerability VCID-hp99-ncuh-6ugv
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-hyx9-8ae6-sba8
36
vulnerability VCID-j8hk-bqnb-gycp
37
vulnerability VCID-je4q-svfw-hqda
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jwb1-3sbg-kfa5
41
vulnerability VCID-k5t3-28es-h3ez
42
vulnerability VCID-khpm-e1xb-hydb
43
vulnerability VCID-njsj-bwjq-fyap
44
vulnerability VCID-nney-azbc-pucg
45
vulnerability VCID-p576-w7dd-p3h7
46
vulnerability VCID-p7gd-anw2-1qbz
47
vulnerability VCID-pmvp-twk2-jqe4
48
vulnerability VCID-q7vt-19eb-sqeq
49
vulnerability VCID-qcnh-z4zh-myaw
50
vulnerability VCID-qdxh-arxx-wbcr
51
vulnerability VCID-qv14-m93d-jyd9
52
vulnerability VCID-qxab-9uwr-yqhv
53
vulnerability VCID-rqrw-t2kj-mud8
54
vulnerability VCID-ru6w-m6q6-27gn
55
vulnerability VCID-sdjb-gp4t-vbgt
56
vulnerability VCID-sdsa-mh76-kqch
57
vulnerability VCID-teby-zvvw-zkhv
58
vulnerability VCID-tgyt-axv1-c7ag
59
vulnerability VCID-tzpj-j3x1-ekgk
60
vulnerability VCID-u259-2sxq-tbct
61
vulnerability VCID-u6as-cwxc-pkhk
62
vulnerability VCID-uq77-aax5-k7d8
63
vulnerability VCID-vq15-t92r-5bhx
64
vulnerability VCID-vw2r-g8yy-eyf4
65
vulnerability VCID-w1wb-mq2y-dfca
66
vulnerability VCID-w483-prq4-rycx
67
vulnerability VCID-wat8-4m83-hken
68
vulnerability VCID-x5x1-w7yv-eye9
69
vulnerability VCID-xvyu-2hb8-8ufh
70
vulnerability VCID-xw1s-93bu-wuh9
71
vulnerability VCID-y7ds-p5r2-yuhq
72
vulnerability VCID-yh6b-tc4u-v3bk
73
vulnerability VCID-yz6t-ge1y-qfgr
74
vulnerability VCID-zgfw-pk39-gyg8
75
vulnerability VCID-zmwv-gwq3-fkej
76
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases GHSA-67wg-6j7r-mqh8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8sh-5evd-dkaz
24
url VCID-jp1p-rfxa-hyd9
vulnerability_id VCID-jp1p-rfxa-hyd9
summary 
Cross-site Scripting
Content elements of type `_menu_` are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.57164
published_at 2026-06-05T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.57112
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
3
reference_url https://packagist.org/packages/typo3/cms-backend
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-backend
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-008
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
reference_id CVE-2021-21370
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
6
reference_url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
7
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
fixed_packages
0
url pkg:composer/typo3/cms@7.6.51
purl pkg:composer/typo3/cms@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51
1
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
2
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-6a22-c7x5-sqe2
4
vulnerability VCID-a1g9-pyz5-9fca
5
vulnerability VCID-hsw8-nbs6-auaa
6
vulnerability VCID-j8hk-bqnb-gycp
7
vulnerability VCID-sdjb-gp4t-vbgt
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-un7r-8sah-33cr
10
vulnerability VCID-uq77-aax5-k7d8
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
3
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fyyr-48a7-8qch
12
vulnerability VCID-gbev-1zs8-8bac
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-j8hk-bqnb-gycp
15
vulnerability VCID-sdjb-gp4t-vbgt
16
vulnerability VCID-tzpj-j3x1-ekgk
17
vulnerability VCID-un7r-8sah-33cr
18
vulnerability VCID-uq77-aax5-k7d8
19
vulnerability VCID-x8qf-w4vq-mfhm
20
vulnerability VCID-x8tq-5na6-gfbj
21
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
4
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fsx8-7qjz-2ubw
12
vulnerability VCID-fyyr-48a7-8qch
13
vulnerability VCID-gbev-1zs8-8bac
14
vulnerability VCID-hsw8-nbs6-auaa
15
vulnerability VCID-j8hk-bqnb-gycp
16
vulnerability VCID-sdjb-gp4t-vbgt
17
vulnerability VCID-tzpj-j3x1-ekgk
18
vulnerability VCID-un7r-8sah-33cr
19
vulnerability VCID-uq77-aax5-k7d8
20
vulnerability VCID-x8qf-w4vq-mfhm
21
vulnerability VCID-x8tq-5na6-gfbj
22
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21370, GHSA-x7hc-x7fm-f7qh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jp1p-rfxa-hyd9
25
url VCID-jq5y-7h9g-mufa
vulnerability_id VCID-jq5y-7h9g-mufa
summary Information Disclosure in Install Tool.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-101
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jq5y-7h9g-mufa
26
url VCID-jqe4-8hzb-mfea
vulnerability_id VCID-jqe4-8hzb-mfea
summary 
Arbitrary Code Execution
Due to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-66kh-c1dm-8fbf
11
vulnerability VCID-6a22-c7x5-sqe2
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9yu1-z7c2-t3fj
18
vulnerability VCID-abjx-8v46-d7d8
19
vulnerability VCID-am6s-67bm-77dr
20
vulnerability VCID-bn3p-39sv-6fdg
21
vulnerability VCID-buj5-2t53-3kcr
22
vulnerability VCID-dsqm-9q3e-dudw
23
vulnerability VCID-emqq-kwjg-3kfk
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-f319-jpf5-hyex
26
vulnerability VCID-fdnw-2tz5-4fdr
27
vulnerability VCID-fpa2-ffg1-fyaa
28
vulnerability VCID-fqkc-utex-3kav
29
vulnerability VCID-fqkx-v8t5-q3h6
30
vulnerability VCID-fut7-bb1f-37g7
31
vulnerability VCID-gpv4-4tpd-tbaa
32
vulnerability VCID-hknp-f88a-kqec
33
vulnerability VCID-hp99-ncuh-6ugv
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-hyx9-8ae6-sba8
36
vulnerability VCID-j8hk-bqnb-gycp
37
vulnerability VCID-je4q-svfw-hqda
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jwb1-3sbg-kfa5
41
vulnerability VCID-k5t3-28es-h3ez
42
vulnerability VCID-khpm-e1xb-hydb
43
vulnerability VCID-njsj-bwjq-fyap
44
vulnerability VCID-nney-azbc-pucg
45
vulnerability VCID-p576-w7dd-p3h7
46
vulnerability VCID-p7gd-anw2-1qbz
47
vulnerability VCID-pmvp-twk2-jqe4
48
vulnerability VCID-q7vt-19eb-sqeq
49
vulnerability VCID-qcnh-z4zh-myaw
50
vulnerability VCID-qdxh-arxx-wbcr
51
vulnerability VCID-qv14-m93d-jyd9
52
vulnerability VCID-qxab-9uwr-yqhv
53
vulnerability VCID-rqrw-t2kj-mud8
54
vulnerability VCID-ru6w-m6q6-27gn
55
vulnerability VCID-sdjb-gp4t-vbgt
56
vulnerability VCID-sdsa-mh76-kqch
57
vulnerability VCID-teby-zvvw-zkhv
58
vulnerability VCID-tgyt-axv1-c7ag
59
vulnerability VCID-tzpj-j3x1-ekgk
60
vulnerability VCID-u259-2sxq-tbct
61
vulnerability VCID-u6as-cwxc-pkhk
62
vulnerability VCID-uq77-aax5-k7d8
63
vulnerability VCID-vq15-t92r-5bhx
64
vulnerability VCID-vw2r-g8yy-eyf4
65
vulnerability VCID-w1wb-mq2y-dfca
66
vulnerability VCID-w483-prq4-rycx
67
vulnerability VCID-wat8-4m83-hken
68
vulnerability VCID-x5x1-w7yv-eye9
69
vulnerability VCID-xvyu-2hb8-8ufh
70
vulnerability VCID-xw1s-93bu-wuh9
71
vulnerability VCID-y7ds-p5r2-yuhq
72
vulnerability VCID-yh6b-tc4u-v3bk
73
vulnerability VCID-yz6t-ge1y-qfgr
74
vulnerability VCID-zgfw-pk39-gyg8
75
vulnerability VCID-zmwv-gwq3-fkej
76
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-007
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqe4-8hzb-mfea
27
url VCID-jwb1-3sbg-kfa5
vulnerability_id VCID-jwb1-3sbg-kfa5
summary 
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (*`.youtube` and *`.vimeo` files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509
3
reference_url https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b
4
reference_url https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-011
6
reference_url https://github.com/advisories/GHSA-f3wf-q4fj-3gxf
reference_id GHSA-f3wf-q4fj-3gxf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3wf-q4fj-3gxf
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-f3wf-q4fj-3gxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwb1-3sbg-kfa5
28
url VCID-mctp-nf36-7qdn
vulnerability_id VCID-mctp-nf36-7qdn
summary 
Information Disclosure
Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-66kh-c1dm-8fbf
11
vulnerability VCID-6a22-c7x5-sqe2
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9yu1-z7c2-t3fj
18
vulnerability VCID-abjx-8v46-d7d8
19
vulnerability VCID-am6s-67bm-77dr
20
vulnerability VCID-bn3p-39sv-6fdg
21
vulnerability VCID-buj5-2t53-3kcr
22
vulnerability VCID-dsqm-9q3e-dudw
23
vulnerability VCID-emqq-kwjg-3kfk
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-f319-jpf5-hyex
26
vulnerability VCID-fdnw-2tz5-4fdr
27
vulnerability VCID-fpa2-ffg1-fyaa
28
vulnerability VCID-fqkc-utex-3kav
29
vulnerability VCID-fqkx-v8t5-q3h6
30
vulnerability VCID-fut7-bb1f-37g7
31
vulnerability VCID-gpv4-4tpd-tbaa
32
vulnerability VCID-hknp-f88a-kqec
33
vulnerability VCID-hp99-ncuh-6ugv
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-hyx9-8ae6-sba8
36
vulnerability VCID-j8hk-bqnb-gycp
37
vulnerability VCID-je4q-svfw-hqda
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jwb1-3sbg-kfa5
41
vulnerability VCID-k5t3-28es-h3ez
42
vulnerability VCID-khpm-e1xb-hydb
43
vulnerability VCID-njsj-bwjq-fyap
44
vulnerability VCID-nney-azbc-pucg
45
vulnerability VCID-p576-w7dd-p3h7
46
vulnerability VCID-p7gd-anw2-1qbz
47
vulnerability VCID-pmvp-twk2-jqe4
48
vulnerability VCID-q7vt-19eb-sqeq
49
vulnerability VCID-qcnh-z4zh-myaw
50
vulnerability VCID-qdxh-arxx-wbcr
51
vulnerability VCID-qv14-m93d-jyd9
52
vulnerability VCID-qxab-9uwr-yqhv
53
vulnerability VCID-rqrw-t2kj-mud8
54
vulnerability VCID-ru6w-m6q6-27gn
55
vulnerability VCID-sdjb-gp4t-vbgt
56
vulnerability VCID-sdsa-mh76-kqch
57
vulnerability VCID-teby-zvvw-zkhv
58
vulnerability VCID-tgyt-axv1-c7ag
59
vulnerability VCID-tzpj-j3x1-ekgk
60
vulnerability VCID-u259-2sxq-tbct
61
vulnerability VCID-u6as-cwxc-pkhk
62
vulnerability VCID-uq77-aax5-k7d8
63
vulnerability VCID-vq15-t92r-5bhx
64
vulnerability VCID-vw2r-g8yy-eyf4
65
vulnerability VCID-w1wb-mq2y-dfca
66
vulnerability VCID-w483-prq4-rycx
67
vulnerability VCID-wat8-4m83-hken
68
vulnerability VCID-x5x1-w7yv-eye9
69
vulnerability VCID-xvyu-2hb8-8ufh
70
vulnerability VCID-xw1s-93bu-wuh9
71
vulnerability VCID-y7ds-p5r2-yuhq
72
vulnerability VCID-yh6b-tc4u-v3bk
73
vulnerability VCID-yz6t-ge1y-qfgr
74
vulnerability VCID-zgfw-pk39-gyg8
75
vulnerability VCID-zmwv-gwq3-fkej
76
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-005
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mctp-nf36-7qdn
29
url VCID-njsj-bwjq-fyap
vulnerability_id VCID-njsj-bwjq-fyap
summary Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-953t-q1cr-zyd6
5
vulnerability VCID-dsqm-9q3e-dudw
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fdnw-2tz5-4fdr
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-gpv4-4tpd-tbaa
10
vulnerability VCID-hp99-ncuh-6ugv
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-hyx9-8ae6-sba8
13
vulnerability VCID-jp1p-rfxa-hyd9
14
vulnerability VCID-jq5y-7h9g-mufa
15
vulnerability VCID-jwb1-3sbg-kfa5
16
vulnerability VCID-p576-w7dd-p3h7
17
vulnerability VCID-p7gd-anw2-1qbz
18
vulnerability VCID-teby-zvvw-zkhv
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-tzpj-j3x1-ekgk
21
vulnerability VCID-uq77-aax5-k7d8
22
vulnerability VCID-xvyu-2hb8-8ufh
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-yz6t-ge1y-qfgr
25
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-6a22-c7x5-sqe2
11
vulnerability VCID-7ch1-q9f4-a7bt
12
vulnerability VCID-7m6u-k5tp-gkhy
13
vulnerability VCID-848u-w88s-5bbe
14
vulnerability VCID-94r9-hh4g-jkej
15
vulnerability VCID-953t-q1cr-zyd6
16
vulnerability VCID-9yu1-z7c2-t3fj
17
vulnerability VCID-am6s-67bm-77dr
18
vulnerability VCID-bn3p-39sv-6fdg
19
vulnerability VCID-buj5-2t53-3kcr
20
vulnerability VCID-dsqm-9q3e-dudw
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-f319-jpf5-hyex
24
vulnerability VCID-fdnw-2tz5-4fdr
25
vulnerability VCID-fqkc-utex-3kav
26
vulnerability VCID-fqkx-v8t5-q3h6
27
vulnerability VCID-fut7-bb1f-37g7
28
vulnerability VCID-gpv4-4tpd-tbaa
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hsw8-nbs6-auaa
31
vulnerability VCID-hyx9-8ae6-sba8
32
vulnerability VCID-j8hk-bqnb-gycp
33
vulnerability VCID-jp1p-rfxa-hyd9
34
vulnerability VCID-jq5y-7h9g-mufa
35
vulnerability VCID-jwb1-3sbg-kfa5
36
vulnerability VCID-k5t3-28es-h3ez
37
vulnerability VCID-khpm-e1xb-hydb
38
vulnerability VCID-nney-azbc-pucg
39
vulnerability VCID-p576-w7dd-p3h7
40
vulnerability VCID-p7gd-anw2-1qbz
41
vulnerability VCID-pmvp-twk2-jqe4
42
vulnerability VCID-q7vt-19eb-sqeq
43
vulnerability VCID-qdxh-arxx-wbcr
44
vulnerability VCID-qv14-m93d-jyd9
45
vulnerability VCID-qxab-9uwr-yqhv
46
vulnerability VCID-rqrw-t2kj-mud8
47
vulnerability VCID-ru6w-m6q6-27gn
48
vulnerability VCID-sdjb-gp4t-vbgt
49
vulnerability VCID-sdsa-mh76-kqch
50
vulnerability VCID-teby-zvvw-zkhv
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-uq77-aax5-k7d8
56
vulnerability VCID-vw2r-g8yy-eyf4
57
vulnerability VCID-w483-prq4-rycx
58
vulnerability VCID-wat8-4m83-hken
59
vulnerability VCID-x5x1-w7yv-eye9
60
vulnerability VCID-xvyu-2hb8-8ufh
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-yz6t-ge1y-qfgr
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zmwv-gwq3-fkej
67
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-6a22-c7x5-sqe2
16
vulnerability VCID-6mnf-2fcw-dqgp
17
vulnerability VCID-7ch1-q9f4-a7bt
18
vulnerability VCID-7m6u-k5tp-gkhy
19
vulnerability VCID-7xv1-78u7-xufp
20
vulnerability VCID-848u-w88s-5bbe
21
vulnerability VCID-8w4e-d49b-nbg8
22
vulnerability VCID-94r9-hh4g-jkej
23
vulnerability VCID-953t-q1cr-zyd6
24
vulnerability VCID-9adx-p876-kyb5
25
vulnerability VCID-9yu1-z7c2-t3fj
26
vulnerability VCID-a1g9-pyz5-9fca
27
vulnerability VCID-am6s-67bm-77dr
28
vulnerability VCID-bbh5-rss8-bfct
29
vulnerability VCID-buj5-2t53-3kcr
30
vulnerability VCID-cvk2-93hm-gkhx
31
vulnerability VCID-dsqm-9q3e-dudw
32
vulnerability VCID-e6zr-4bgg-kkh5
33
vulnerability VCID-emqq-kwjg-3kfk
34
vulnerability VCID-ev4k-5k1d-2bhu
35
vulnerability VCID-f319-jpf5-hyex
36
vulnerability VCID-f4n7-q72x-3yea
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-hsw8-nbs6-auaa
43
vulnerability VCID-j8hk-bqnb-gycp
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-nney-azbc-pucg
51
vulnerability VCID-p576-w7dd-p3h7
52
vulnerability VCID-p7gd-anw2-1qbz
53
vulnerability VCID-pmvp-twk2-jqe4
54
vulnerability VCID-q2t1-kx56-s3c3
55
vulnerability VCID-q7vt-19eb-sqeq
56
vulnerability VCID-qdxh-arxx-wbcr
57
vulnerability VCID-qv14-m93d-jyd9
58
vulnerability VCID-qxab-9uwr-yqhv
59
vulnerability VCID-rqrw-t2kj-mud8
60
vulnerability VCID-ru6w-m6q6-27gn
61
vulnerability VCID-sdjb-gp4t-vbgt
62
vulnerability VCID-sdsa-mh76-kqch
63
vulnerability VCID-teby-zvvw-zkhv
64
vulnerability VCID-tgyt-axv1-c7ag
65
vulnerability VCID-tzpj-j3x1-ekgk
66
vulnerability VCID-u259-2sxq-tbct
67
vulnerability VCID-u6as-cwxc-pkhk
68
vulnerability VCID-un7r-8sah-33cr
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vw2r-g8yy-eyf4
71
vulnerability VCID-w7z1-aw31-vugx
72
vulnerability VCID-wat8-4m83-hken
73
vulnerability VCID-x5x1-w7yv-eye9
74
vulnerability VCID-xvyu-2hb8-8ufh
75
vulnerability VCID-xw1s-93bu-wuh9
76
vulnerability VCID-y7ds-p5r2-yuhq
77
vulnerability VCID-yh6b-tc4u-v3bk
78
vulnerability VCID-yz6t-ge1y-qfgr
79
vulnerability VCID-zeut-9wfp-q7et
80
vulnerability VCID-zgfw-pk39-gyg8
81
vulnerability VCID-zkvq-bms4-gfcv
82
vulnerability VCID-zmwv-gwq3-fkej
83
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GMS-2018-94
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njsj-bwjq-fyap
30
url VCID-p576-w7dd-p3h7
vulnerability_id VCID-p576-w7dd-p3h7
summary 
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a
3
reference_url https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1
4
reference_url https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-009
6
reference_url https://github.com/advisories/GHSA-f777-f784-36gm
reference_id GHSA-f777-f784-36gm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f777-f784-36gm
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-f777-f784-36gm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p576-w7dd-p3h7
31
url VCID-p7gd-anw2-1qbz
vulnerability_id VCID-p7gd-anw2-1qbz
summary 
Deserialization of Untrusted Data
It has been discovered that the classes `QueryGenerator` and `QueryView` are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension `ext:lowlevel` (Backend Module `DB Check`) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension `ext:sys_action` installed, with a valid backend user who has limited privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
reference_id
reference_type
scores
0
value 0.00746
scoring_system epss
scoring_elements 0.7342
published_at 2026-06-04T12:55:00Z
1
value 0.00746
scoring_system epss
scoring_elements 0.73456
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
3
reference_url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-026
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
reference_id CVE-2019-19849
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
7
reference_url https://github.com/advisories/GHSA-rcgc-4xfc-564v
reference_id GHSA-rcgc-4xfc-564v
reference_type
scores
url https://github.com/advisories/GHSA-rcgc-4xfc-564v
fixed_packages
0
url pkg:composer/typo3/cms@8.7.30
purl pkg:composer/typo3/cms@8.7.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-6a22-c7x5-sqe2
5
vulnerability VCID-848u-w88s-5bbe
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-hsw8-nbs6-auaa
9
vulnerability VCID-j8hk-bqnb-gycp
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-sdjb-gp4t-vbgt
12
vulnerability VCID-tgyt-axv1-c7ag
13
vulnerability VCID-tzpj-j3x1-ekgk
14
vulnerability VCID-uq77-aax5-k7d8
15
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30
1
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-1sfk-z8py-ykb8
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-4an7-9ph4-mkd4
6
vulnerability VCID-6a22-c7x5-sqe2
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-a1g9-pyz5-9fca
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-bcbd-zzet-mff6
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-hsw8-nbs6-auaa
17
vulnerability VCID-j8hk-bqnb-gycp
18
vulnerability VCID-jp1p-rfxa-hyd9
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-sdjb-gp4t-vbgt
21
vulnerability VCID-tgyt-axv1-c7ag
22
vulnerability VCID-tzpj-j3x1-ekgk
23
vulnerability VCID-un7r-8sah-33cr
24
vulnerability VCID-uq77-aax5-k7d8
25
vulnerability VCID-zkvq-bms4-gfcv
26
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
2
url pkg:composer/typo3/cms@10.2.1
purl pkg:composer/typo3/cms@10.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-2tz2-8qdm-2kcv
7
vulnerability VCID-36cz-khgc-6fft
8
vulnerability VCID-4an7-9ph4-mkd4
9
vulnerability VCID-6a22-c7x5-sqe2
10
vulnerability VCID-6hnx-p9hv-jbg2
11
vulnerability VCID-6mnf-2fcw-dqgp
12
vulnerability VCID-6urp-p9mn-cffv
13
vulnerability VCID-6xgm-uan4-u7fu
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-8w4e-d49b-nbg8
16
vulnerability VCID-9c49-n1a2-pubu
17
vulnerability VCID-a1g9-pyz5-9fca
18
vulnerability VCID-bbh5-rss8-bfct
19
vulnerability VCID-bcbd-zzet-mff6
20
vulnerability VCID-c46m-ht19-ybc4
21
vulnerability VCID-e4zc-fmh2-n7b8
22
vulnerability VCID-e6zr-4bgg-kkh5
23
vulnerability VCID-ev4k-5k1d-2bhu
24
vulnerability VCID-fqkx-v8t5-q3h6
25
vulnerability VCID-fyyr-48a7-8qch
26
vulnerability VCID-gbev-1zs8-8bac
27
vulnerability VCID-hsw8-nbs6-auaa
28
vulnerability VCID-j8hk-bqnb-gycp
29
vulnerability VCID-jp1p-rfxa-hyd9
30
vulnerability VCID-n1gz-y615-cbbk
31
vulnerability VCID-r3az-g422-gqf9
32
vulnerability VCID-sdjb-gp4t-vbgt
33
vulnerability VCID-tgyt-axv1-c7ag
34
vulnerability VCID-tzpj-j3x1-ekgk
35
vulnerability VCID-un7r-8sah-33cr
36
vulnerability VCID-uq77-aax5-k7d8
37
vulnerability VCID-x8qf-w4vq-mfhm
38
vulnerability VCID-x8tq-5na6-gfbj
39
vulnerability VCID-zkvq-bms4-gfcv
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1
3
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-2tz2-8qdm-2kcv
7
vulnerability VCID-36cz-khgc-6fft
8
vulnerability VCID-4an7-9ph4-mkd4
9
vulnerability VCID-6a22-c7x5-sqe2
10
vulnerability VCID-6hnx-p9hv-jbg2
11
vulnerability VCID-6mnf-2fcw-dqgp
12
vulnerability VCID-6urp-p9mn-cffv
13
vulnerability VCID-6xgm-uan4-u7fu
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-8w4e-d49b-nbg8
16
vulnerability VCID-9c49-n1a2-pubu
17
vulnerability VCID-a1g9-pyz5-9fca
18
vulnerability VCID-bbh5-rss8-bfct
19
vulnerability VCID-bcbd-zzet-mff6
20
vulnerability VCID-c46m-ht19-ybc4
21
vulnerability VCID-e4zc-fmh2-n7b8
22
vulnerability VCID-e6zr-4bgg-kkh5
23
vulnerability VCID-ev4k-5k1d-2bhu
24
vulnerability VCID-fqkx-v8t5-q3h6
25
vulnerability VCID-fyyr-48a7-8qch
26
vulnerability VCID-gbev-1zs8-8bac
27
vulnerability VCID-hsw8-nbs6-auaa
28
vulnerability VCID-j8hk-bqnb-gycp
29
vulnerability VCID-jp1p-rfxa-hyd9
30
vulnerability VCID-n1gz-y615-cbbk
31
vulnerability VCID-r3az-g422-gqf9
32
vulnerability VCID-sdjb-gp4t-vbgt
33
vulnerability VCID-tgyt-axv1-c7ag
34
vulnerability VCID-tzpj-j3x1-ekgk
35
vulnerability VCID-un7r-8sah-33cr
36
vulnerability VCID-uq77-aax5-k7d8
37
vulnerability VCID-x8qf-w4vq-mfhm
38
vulnerability VCID-x8tq-5na6-gfbj
39
vulnerability VCID-zkvq-bms4-gfcv
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19849, GHSA-rcgc-4xfc-564v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p7gd-anw2-1qbz
32
url VCID-qcnh-z4zh-myaw
vulnerability_id VCID-qcnh-z4zh-myaw
summary 
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml
1
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-002
2
reference_url https://github.com/advisories/GHSA-ppgf-8745-8pgx
reference_id GHSA-ppgf-8745-8pgx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ppgf-8745-8pgx
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-953t-q1cr-zyd6
5
vulnerability VCID-dsqm-9q3e-dudw
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fdnw-2tz5-4fdr
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-gpv4-4tpd-tbaa
10
vulnerability VCID-hp99-ncuh-6ugv
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-hyx9-8ae6-sba8
13
vulnerability VCID-jp1p-rfxa-hyd9
14
vulnerability VCID-jq5y-7h9g-mufa
15
vulnerability VCID-jwb1-3sbg-kfa5
16
vulnerability VCID-p576-w7dd-p3h7
17
vulnerability VCID-p7gd-anw2-1qbz
18
vulnerability VCID-teby-zvvw-zkhv
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-tzpj-j3x1-ekgk
21
vulnerability VCID-uq77-aax5-k7d8
22
vulnerability VCID-xvyu-2hb8-8ufh
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-yz6t-ge1y-qfgr
25
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-6a22-c7x5-sqe2
11
vulnerability VCID-7ch1-q9f4-a7bt
12
vulnerability VCID-7m6u-k5tp-gkhy
13
vulnerability VCID-848u-w88s-5bbe
14
vulnerability VCID-94r9-hh4g-jkej
15
vulnerability VCID-953t-q1cr-zyd6
16
vulnerability VCID-9yu1-z7c2-t3fj
17
vulnerability VCID-am6s-67bm-77dr
18
vulnerability VCID-bn3p-39sv-6fdg
19
vulnerability VCID-buj5-2t53-3kcr
20
vulnerability VCID-dsqm-9q3e-dudw
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-f319-jpf5-hyex
24
vulnerability VCID-fdnw-2tz5-4fdr
25
vulnerability VCID-fqkc-utex-3kav
26
vulnerability VCID-fqkx-v8t5-q3h6
27
vulnerability VCID-fut7-bb1f-37g7
28
vulnerability VCID-gpv4-4tpd-tbaa
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hsw8-nbs6-auaa
31
vulnerability VCID-hyx9-8ae6-sba8
32
vulnerability VCID-j8hk-bqnb-gycp
33
vulnerability VCID-jp1p-rfxa-hyd9
34
vulnerability VCID-jq5y-7h9g-mufa
35
vulnerability VCID-jwb1-3sbg-kfa5
36
vulnerability VCID-k5t3-28es-h3ez
37
vulnerability VCID-khpm-e1xb-hydb
38
vulnerability VCID-nney-azbc-pucg
39
vulnerability VCID-p576-w7dd-p3h7
40
vulnerability VCID-p7gd-anw2-1qbz
41
vulnerability VCID-pmvp-twk2-jqe4
42
vulnerability VCID-q7vt-19eb-sqeq
43
vulnerability VCID-qdxh-arxx-wbcr
44
vulnerability VCID-qv14-m93d-jyd9
45
vulnerability VCID-qxab-9uwr-yqhv
46
vulnerability VCID-rqrw-t2kj-mud8
47
vulnerability VCID-ru6w-m6q6-27gn
48
vulnerability VCID-sdjb-gp4t-vbgt
49
vulnerability VCID-sdsa-mh76-kqch
50
vulnerability VCID-teby-zvvw-zkhv
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-uq77-aax5-k7d8
56
vulnerability VCID-vw2r-g8yy-eyf4
57
vulnerability VCID-w483-prq4-rycx
58
vulnerability VCID-wat8-4m83-hken
59
vulnerability VCID-x5x1-w7yv-eye9
60
vulnerability VCID-xvyu-2hb8-8ufh
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-yz6t-ge1y-qfgr
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zmwv-gwq3-fkej
67
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-6a22-c7x5-sqe2
16
vulnerability VCID-6mnf-2fcw-dqgp
17
vulnerability VCID-7ch1-q9f4-a7bt
18
vulnerability VCID-7m6u-k5tp-gkhy
19
vulnerability VCID-7xv1-78u7-xufp
20
vulnerability VCID-848u-w88s-5bbe
21
vulnerability VCID-8w4e-d49b-nbg8
22
vulnerability VCID-94r9-hh4g-jkej
23
vulnerability VCID-953t-q1cr-zyd6
24
vulnerability VCID-9adx-p876-kyb5
25
vulnerability VCID-9yu1-z7c2-t3fj
26
vulnerability VCID-a1g9-pyz5-9fca
27
vulnerability VCID-am6s-67bm-77dr
28
vulnerability VCID-bbh5-rss8-bfct
29
vulnerability VCID-buj5-2t53-3kcr
30
vulnerability VCID-cvk2-93hm-gkhx
31
vulnerability VCID-dsqm-9q3e-dudw
32
vulnerability VCID-e6zr-4bgg-kkh5
33
vulnerability VCID-emqq-kwjg-3kfk
34
vulnerability VCID-ev4k-5k1d-2bhu
35
vulnerability VCID-f319-jpf5-hyex
36
vulnerability VCID-f4n7-q72x-3yea
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-hsw8-nbs6-auaa
43
vulnerability VCID-j8hk-bqnb-gycp
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-nney-azbc-pucg
51
vulnerability VCID-p576-w7dd-p3h7
52
vulnerability VCID-p7gd-anw2-1qbz
53
vulnerability VCID-pmvp-twk2-jqe4
54
vulnerability VCID-q2t1-kx56-s3c3
55
vulnerability VCID-q7vt-19eb-sqeq
56
vulnerability VCID-qdxh-arxx-wbcr
57
vulnerability VCID-qv14-m93d-jyd9
58
vulnerability VCID-qxab-9uwr-yqhv
59
vulnerability VCID-rqrw-t2kj-mud8
60
vulnerability VCID-ru6w-m6q6-27gn
61
vulnerability VCID-sdjb-gp4t-vbgt
62
vulnerability VCID-sdsa-mh76-kqch
63
vulnerability VCID-teby-zvvw-zkhv
64
vulnerability VCID-tgyt-axv1-c7ag
65
vulnerability VCID-tzpj-j3x1-ekgk
66
vulnerability VCID-u259-2sxq-tbct
67
vulnerability VCID-u6as-cwxc-pkhk
68
vulnerability VCID-un7r-8sah-33cr
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vw2r-g8yy-eyf4
71
vulnerability VCID-w7z1-aw31-vugx
72
vulnerability VCID-wat8-4m83-hken
73
vulnerability VCID-x5x1-w7yv-eye9
74
vulnerability VCID-xvyu-2hb8-8ufh
75
vulnerability VCID-xw1s-93bu-wuh9
76
vulnerability VCID-y7ds-p5r2-yuhq
77
vulnerability VCID-yh6b-tc4u-v3bk
78
vulnerability VCID-yz6t-ge1y-qfgr
79
vulnerability VCID-zeut-9wfp-q7et
80
vulnerability VCID-zgfw-pk39-gyg8
81
vulnerability VCID-zkvq-bms4-gfcv
82
vulnerability VCID-zmwv-gwq3-fkej
83
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-ppgf-8745-8pgx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcnh-z4zh-myaw
33
url VCID-sy7r-d6pv-yba9
vulnerability_id VCID-sy7r-d6pv-yba9
summary 
Code Injection
Arbitrary Code Execution in TYPO3 CMS.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.0
purl pkg:composer/typo3/cms@8.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-5u2f-5zzf-j3e4
11
vulnerability VCID-66kh-c1dm-8fbf
12
vulnerability VCID-6a22-c7x5-sqe2
13
vulnerability VCID-7ch1-q9f4-a7bt
14
vulnerability VCID-7m6u-k5tp-gkhy
15
vulnerability VCID-848u-w88s-5bbe
16
vulnerability VCID-94r9-hh4g-jkej
17
vulnerability VCID-953t-q1cr-zyd6
18
vulnerability VCID-9726-hafj-wkay
19
vulnerability VCID-9yu1-z7c2-t3fj
20
vulnerability VCID-abjx-8v46-d7d8
21
vulnerability VCID-am6s-67bm-77dr
22
vulnerability VCID-bn3p-39sv-6fdg
23
vulnerability VCID-buj5-2t53-3kcr
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-emqq-kwjg-3kfk
27
vulnerability VCID-ev4k-5k1d-2bhu
28
vulnerability VCID-f319-jpf5-hyex
29
vulnerability VCID-fdnw-2tz5-4fdr
30
vulnerability VCID-fpa2-ffg1-fyaa
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-gpv4-4tpd-tbaa
35
vulnerability VCID-h7cg-64er-uya9
36
vulnerability VCID-hknp-f88a-kqec
37
vulnerability VCID-hp99-ncuh-6ugv
38
vulnerability VCID-hsw8-nbs6-auaa
39
vulnerability VCID-hyx9-8ae6-sba8
40
vulnerability VCID-j8hk-bqnb-gycp
41
vulnerability VCID-j8sh-5evd-dkaz
42
vulnerability VCID-je4q-svfw-hqda
43
vulnerability VCID-jp1p-rfxa-hyd9
44
vulnerability VCID-jq5y-7h9g-mufa
45
vulnerability VCID-jqe4-8hzb-mfea
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-mctp-nf36-7qdn
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2ym-y2rz-1bdn
56
vulnerability VCID-q7vt-19eb-sqeq
57
vulnerability VCID-qcnh-z4zh-myaw
58
vulnerability VCID-qdxh-arxx-wbcr
59
vulnerability VCID-qv14-m93d-jyd9
60
vulnerability VCID-qxab-9uwr-yqhv
61
vulnerability VCID-rqrw-t2kj-mud8
62
vulnerability VCID-ru6w-m6q6-27gn
63
vulnerability VCID-sdjb-gp4t-vbgt
64
vulnerability VCID-sdsa-mh76-kqch
65
vulnerability VCID-teby-zvvw-zkhv
66
vulnerability VCID-tgyt-axv1-c7ag
67
vulnerability VCID-tzpj-j3x1-ekgk
68
vulnerability VCID-u259-2sxq-tbct
69
vulnerability VCID-u6as-cwxc-pkhk
70
vulnerability VCID-uq77-aax5-k7d8
71
vulnerability VCID-vq15-t92r-5bhx
72
vulnerability VCID-vw2r-g8yy-eyf4
73
vulnerability VCID-w1wb-mq2y-dfca
74
vulnerability VCID-w483-prq4-rycx
75
vulnerability VCID-wat8-4m83-hken
76
vulnerability VCID-wy45-2gmr-fkfg
77
vulnerability VCID-x5x1-w7yv-eye9
78
vulnerability VCID-xvyu-2hb8-8ufh
79
vulnerability VCID-xw1s-93bu-wuh9
80
vulnerability VCID-y7ds-p5r2-yuhq
81
vulnerability VCID-yh6b-tc4u-v3bk
82
vulnerability VCID-yz6t-ge1y-qfgr
83
vulnerability VCID-zgfw-pk39-gyg8
84
vulnerability VCID-zmwv-gwq3-fkej
85
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0
aliases GMS-2017-353
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sy7r-d6pv-yba9
34
url VCID-teby-zvvw-zkhv
vulnerability_id VCID-teby-zvvw-zkhv
summary 
TYPO3 Cross-Site Scripting in Backend Modal Component
Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9
3
reference_url https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32
4
reference_url https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-007
6
reference_url https://github.com/advisories/GHSA-7q33-hxwj-7p8v
reference_id GHSA-7q33-hxwj-7p8v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7q33-hxwj-7p8v
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-7q33-hxwj-7p8v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-teby-zvvw-zkhv
35
url VCID-tgyt-axv1-c7ag
vulnerability_id VCID-tgyt-axv1-c7ag
summary 
Cross-site Scripting
TYPO3 is an open source PHP based web content management system. In TYPO3 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 that fix the problem described.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26227
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.58427
published_at 2026-06-05T12:55:00Z
1
value 0.00359
scoring_system epss
scoring_elements 0.5838
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26227
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-010
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26227
reference_id CVE-2020-26227
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26227
fixed_packages
0
url pkg:composer/typo3/cms@8.0.0
purl pkg:composer/typo3/cms@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2r7u-mc45-8yhe
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-2vpx-fqb6-aqfa
8
vulnerability VCID-39jx-muqb-nkfq
9
vulnerability VCID-39vn-73mc-jqav
10
vulnerability VCID-3ugj-6m1e-e3hr
11
vulnerability VCID-4eym-e6vt-8fbs
12
vulnerability VCID-4wnp-gusy-43b8
13
vulnerability VCID-5dxs-cdht-27hw
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-5u2f-5zzf-j3e4
16
vulnerability VCID-66kh-c1dm-8fbf
17
vulnerability VCID-66ru-n2df-b3ay
18
vulnerability VCID-6su8-bbrw-hbhp
19
vulnerability VCID-727q-h3ey-6yc9
20
vulnerability VCID-7ch1-q9f4-a7bt
21
vulnerability VCID-7m6u-k5tp-gkhy
22
vulnerability VCID-848u-w88s-5bbe
23
vulnerability VCID-8p64-6zpt-t3av
24
vulnerability VCID-94r9-hh4g-jkej
25
vulnerability VCID-953t-q1cr-zyd6
26
vulnerability VCID-9726-hafj-wkay
27
vulnerability VCID-9saf-w56y-pugz
28
vulnerability VCID-9yu1-z7c2-t3fj
29
vulnerability VCID-abjx-8v46-d7d8
30
vulnerability VCID-am6s-67bm-77dr
31
vulnerability VCID-bn3p-39sv-6fdg
32
vulnerability VCID-bq2j-t19h-zyad
33
vulnerability VCID-bstt-ybrs-5ua3
34
vulnerability VCID-buj5-2t53-3kcr
35
vulnerability VCID-cbmm-1b2k-8qaz
36
vulnerability VCID-d6c2-upx1-e7cd
37
vulnerability VCID-dsqm-9q3e-dudw
38
vulnerability VCID-e564-zdku-9fc6
39
vulnerability VCID-emqq-kwjg-3kfk
40
vulnerability VCID-eutz-mj58-audb
41
vulnerability VCID-ev4k-5k1d-2bhu
42
vulnerability VCID-f319-jpf5-hyex
43
vulnerability VCID-fdnw-2tz5-4fdr
44
vulnerability VCID-fgqa-5fx9-nkaz
45
vulnerability VCID-fh61-7rfy-s3hg
46
vulnerability VCID-fqkc-utex-3kav
47
vulnerability VCID-fqkx-v8t5-q3h6
48
vulnerability VCID-fut7-bb1f-37g7
49
vulnerability VCID-g7mm-vjbw-bbhd
50
vulnerability VCID-gk79-jtuz-myh6
51
vulnerability VCID-gpv4-4tpd-tbaa
52
vulnerability VCID-h217-xe8x-nua3
53
vulnerability VCID-h7cg-64er-uya9
54
vulnerability VCID-h7hf-sf2q-73ay
55
vulnerability VCID-hp99-ncuh-6ugv
56
vulnerability VCID-hsw8-nbs6-auaa
57
vulnerability VCID-hyx9-8ae6-sba8
58
vulnerability VCID-hzma-cduk-3uhp
59
vulnerability VCID-j8hk-bqnb-gycp
60
vulnerability VCID-j8sh-5evd-dkaz
61
vulnerability VCID-jeqr-9tfu-f7b2
62
vulnerability VCID-jf28-91be-6kbr
63
vulnerability VCID-jmea-qzsr-wkf4
64
vulnerability VCID-jn38-wfec-7bb2
65
vulnerability VCID-jp1p-rfxa-hyd9
66
vulnerability VCID-jq5y-7h9g-mufa
67
vulnerability VCID-jqe4-8hzb-mfea
68
vulnerability VCID-jwb1-3sbg-kfa5
69
vulnerability VCID-k5t3-28es-h3ez
70
vulnerability VCID-khpm-e1xb-hydb
71
vulnerability VCID-ks1q-a8x2-uqht
72
vulnerability VCID-m3nc-xbb4-yubr
73
vulnerability VCID-mctp-nf36-7qdn
74
vulnerability VCID-nhjv-nke2-2kf8
75
vulnerability VCID-njsj-bwjq-fyap
76
vulnerability VCID-nney-azbc-pucg
77
vulnerability VCID-nvbp-pbjw-3qgx
78
vulnerability VCID-p576-w7dd-p3h7
79
vulnerability VCID-p7gd-anw2-1qbz
80
vulnerability VCID-pmvp-twk2-jqe4
81
vulnerability VCID-q2ym-y2rz-1bdn
82
vulnerability VCID-q52p-xfj8-gygd
83
vulnerability VCID-q7vt-19eb-sqeq
84
vulnerability VCID-qcnh-z4zh-myaw
85
vulnerability VCID-qdxh-arxx-wbcr
86
vulnerability VCID-qv14-m93d-jyd9
87
vulnerability VCID-qxab-9uwr-yqhv
88
vulnerability VCID-rqrw-t2kj-mud8
89
vulnerability VCID-ru6w-m6q6-27gn
90
vulnerability VCID-sdjb-gp4t-vbgt
91
vulnerability VCID-sdsa-mh76-kqch
92
vulnerability VCID-sdz8-hju8-4bcb
93
vulnerability VCID-sy7r-d6pv-yba9
94
vulnerability VCID-teby-zvvw-zkhv
95
vulnerability VCID-tzpj-j3x1-ekgk
96
vulnerability VCID-u259-2sxq-tbct
97
vulnerability VCID-u4tq-8qnk-5fd7
98
vulnerability VCID-u5he-6tqb-gqaf
99
vulnerability VCID-u6as-cwxc-pkhk
100
vulnerability VCID-uq77-aax5-k7d8
101
vulnerability VCID-vq15-t92r-5bhx
102
vulnerability VCID-vw2r-g8yy-eyf4
103
vulnerability VCID-w483-prq4-rycx
104
vulnerability VCID-w58p-3wg1-7ycr
105
vulnerability VCID-wat8-4m83-hken
106
vulnerability VCID-wy45-2gmr-fkfg
107
vulnerability VCID-x175-xjek-97ds
108
vulnerability VCID-x5x1-w7yv-eye9
109
vulnerability VCID-xh68-defe-f7ce
110
vulnerability VCID-xpxg-qq49-b7fd
111
vulnerability VCID-xvyu-2hb8-8ufh
112
vulnerability VCID-xw1s-93bu-wuh9
113
vulnerability VCID-y7ds-p5r2-yuhq
114
vulnerability VCID-ygw4-jdqu-4fbt
115
vulnerability VCID-yh6b-tc4u-v3bk
116
vulnerability VCID-yn6z-9v7k-x7br
117
vulnerability VCID-yz6t-ge1y-qfgr
118
vulnerability VCID-zgfw-pk39-gyg8
119
vulnerability VCID-zmwv-gwq3-fkej
120
vulnerability VCID-zrz3-3dnf-tbay
121
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0
1
url pkg:composer/typo3/cms@8.7.38
purl pkg:composer/typo3/cms@8.7.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.38
2
url pkg:composer/typo3/cms@9.5.23
purl pkg:composer/typo3/cms@9.5.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-6a22-c7x5-sqe2
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-a1g9-pyz5-9fca
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-hsw8-nbs6-auaa
11
vulnerability VCID-j8hk-bqnb-gycp
12
vulnerability VCID-jp1p-rfxa-hyd9
13
vulnerability VCID-sdjb-gp4t-vbgt
14
vulnerability VCID-tzpj-j3x1-ekgk
15
vulnerability VCID-un7r-8sah-33cr
16
vulnerability VCID-uq77-aax5-k7d8
17
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.23
3
url pkg:composer/typo3/cms@10.4.10
purl pkg:composer/typo3/cms@10.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-36cz-khgc-6fft
6
vulnerability VCID-6a22-c7x5-sqe2
7
vulnerability VCID-6hnx-p9hv-jbg2
8
vulnerability VCID-6mnf-2fcw-dqgp
9
vulnerability VCID-6urp-p9mn-cffv
10
vulnerability VCID-6xgm-uan4-u7fu
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-9c49-n1a2-pubu
13
vulnerability VCID-a1g9-pyz5-9fca
14
vulnerability VCID-c46m-ht19-ybc4
15
vulnerability VCID-e4zc-fmh2-n7b8
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fyyr-48a7-8qch
19
vulnerability VCID-gbev-1zs8-8bac
20
vulnerability VCID-hsw8-nbs6-auaa
21
vulnerability VCID-j8hk-bqnb-gycp
22
vulnerability VCID-jp1p-rfxa-hyd9
23
vulnerability VCID-sdjb-gp4t-vbgt
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-un7r-8sah-33cr
26
vulnerability VCID-uq77-aax5-k7d8
27
vulnerability VCID-x8qf-w4vq-mfhm
28
vulnerability VCID-x8tq-5na6-gfbj
29
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.10
aliases CVE-2020-26227, GHSA-vqqx-jw6p-q3rf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyt-axv1-c7ag
36
url VCID-tzpj-j3x1-ekgk
vulnerability_id VCID-tzpj-j3x1-ekgk
summary 
TYPO3 CMS vulnerable to User Enumeration via Response Timing
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts.

Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.51991
published_at 2026-06-05T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.5193
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
5
reference_url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-007
9
reference_url https://github.com/advisories/GHSA-m392-235j-9r7r
reference_id GHSA-m392-235j-9r7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m392-235j-9r7r
fixed_packages
0
url pkg:composer/typo3/cms@10.4.32
purl pkg:composer/typo3/cms@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-6a22-c7x5-sqe2
2
vulnerability VCID-6hnx-p9hv-jbg2
3
vulnerability VCID-6xgm-uan4-u7fu
4
vulnerability VCID-un7r-8sah-33cr
5
vulnerability VCID-x8qf-w4vq-mfhm
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.32
1
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-6a22-c7x5-sqe2
2
vulnerability VCID-6hnx-p9hv-jbg2
3
vulnerability VCID-6xgm-uan4-u7fu
4
vulnerability VCID-un7r-8sah-33cr
5
vulnerability VCID-x8qf-w4vq-mfhm
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36105, GHSA-m392-235j-9r7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzpj-j3x1-ekgk
37
url VCID-u5he-6tqb-gqaf
vulnerability_id VCID-u5he-6tqb-gqaf
summary 
Cross-Site Scripting in TYPO3 CMS
Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-02-28-2.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-02-28-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-003
3
reference_url https://github.com/advisories/GHSA-5gr6-97fv-52cc
reference_id GHSA-5gr6-97fv-52cc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gr6-97fv-52cc
fixed_packages
0
url pkg:composer/typo3/cms@7.6.16
purl pkg:composer/typo3/cms@7.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5u2f-5zzf-j3e4
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-953t-q1cr-zyd6
7
vulnerability VCID-9726-hafj-wkay
8
vulnerability VCID-9saf-w56y-pugz
9
vulnerability VCID-abjx-8v46-d7d8
10
vulnerability VCID-dsqm-9q3e-dudw
11
vulnerability VCID-e564-zdku-9fc6
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fdnw-2tz5-4fdr
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-gpv4-4tpd-tbaa
16
vulnerability VCID-h7cg-64er-uya9
17
vulnerability VCID-hp99-ncuh-6ugv
18
vulnerability VCID-hsw8-nbs6-auaa
19
vulnerability VCID-hyx9-8ae6-sba8
20
vulnerability VCID-j8sh-5evd-dkaz
21
vulnerability VCID-jp1p-rfxa-hyd9
22
vulnerability VCID-jq5y-7h9g-mufa
23
vulnerability VCID-jqe4-8hzb-mfea
24
vulnerability VCID-jwb1-3sbg-kfa5
25
vulnerability VCID-mctp-nf36-7qdn
26
vulnerability VCID-njsj-bwjq-fyap
27
vulnerability VCID-p576-w7dd-p3h7
28
vulnerability VCID-p7gd-anw2-1qbz
29
vulnerability VCID-qcnh-z4zh-myaw
30
vulnerability VCID-sy7r-d6pv-yba9
31
vulnerability VCID-teby-zvvw-zkhv
32
vulnerability VCID-tgyt-axv1-c7ag
33
vulnerability VCID-tzpj-j3x1-ekgk
34
vulnerability VCID-uq77-aax5-k7d8
35
vulnerability VCID-vq15-t92r-5bhx
36
vulnerability VCID-xvyu-2hb8-8ufh
37
vulnerability VCID-xw1s-93bu-wuh9
38
vulnerability VCID-ygw4-jdqu-4fbt
39
vulnerability VCID-yz6t-ge1y-qfgr
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16
1
url pkg:composer/typo3/cms@8.6.1
purl pkg:composer/typo3/cms@8.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-5u2f-5zzf-j3e4
11
vulnerability VCID-66kh-c1dm-8fbf
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9726-hafj-wkay
18
vulnerability VCID-9saf-w56y-pugz
19
vulnerability VCID-9yu1-z7c2-t3fj
20
vulnerability VCID-abjx-8v46-d7d8
21
vulnerability VCID-am6s-67bm-77dr
22
vulnerability VCID-bn3p-39sv-6fdg
23
vulnerability VCID-buj5-2t53-3kcr
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-emqq-kwjg-3kfk
27
vulnerability VCID-ev4k-5k1d-2bhu
28
vulnerability VCID-f319-jpf5-hyex
29
vulnerability VCID-fdnw-2tz5-4fdr
30
vulnerability VCID-fpa2-ffg1-fyaa
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-gpv4-4tpd-tbaa
35
vulnerability VCID-h7cg-64er-uya9
36
vulnerability VCID-hknp-f88a-kqec
37
vulnerability VCID-hp99-ncuh-6ugv
38
vulnerability VCID-hsw8-nbs6-auaa
39
vulnerability VCID-hyx9-8ae6-sba8
40
vulnerability VCID-j8hk-bqnb-gycp
41
vulnerability VCID-j8sh-5evd-dkaz
42
vulnerability VCID-je4q-svfw-hqda
43
vulnerability VCID-jp1p-rfxa-hyd9
44
vulnerability VCID-jq5y-7h9g-mufa
45
vulnerability VCID-jqe4-8hzb-mfea
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-mctp-nf36-7qdn
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2ym-y2rz-1bdn
56
vulnerability VCID-q52p-xfj8-gygd
57
vulnerability VCID-q7vt-19eb-sqeq
58
vulnerability VCID-qcnh-z4zh-myaw
59
vulnerability VCID-qdxh-arxx-wbcr
60
vulnerability VCID-qv14-m93d-jyd9
61
vulnerability VCID-qxab-9uwr-yqhv
62
vulnerability VCID-rqrw-t2kj-mud8
63
vulnerability VCID-ru6w-m6q6-27gn
64
vulnerability VCID-sdjb-gp4t-vbgt
65
vulnerability VCID-sdsa-mh76-kqch
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tzpj-j3x1-ekgk
69
vulnerability VCID-u259-2sxq-tbct
70
vulnerability VCID-u6as-cwxc-pkhk
71
vulnerability VCID-uq77-aax5-k7d8
72
vulnerability VCID-vq15-t92r-5bhx
73
vulnerability VCID-vw2r-g8yy-eyf4
74
vulnerability VCID-w1wb-mq2y-dfca
75
vulnerability VCID-w483-prq4-rycx
76
vulnerability VCID-wat8-4m83-hken
77
vulnerability VCID-wy45-2gmr-fkfg
78
vulnerability VCID-x5x1-w7yv-eye9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y7ds-p5r2-yuhq
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yh6b-tc4u-v3bk
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zgfw-pk39-gyg8
86
vulnerability VCID-zmwv-gwq3-fkej
87
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1
aliases GHSA-5gr6-97fv-52cc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5he-6tqb-gqaf
38
url VCID-uq77-aax5-k7d8
vulnerability_id VCID-uq77-aax5-k7d8
summary 
Inclusion of Sensitive Information in Log Files
TYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.55909
published_at 2026-06-04T12:55:00Z
1
value 0.00327
scoring_system epss
scoring_elements 0.55964
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
5
reference_url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-012
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-012
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
reference_id CVE-2021-32767
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
fixed_packages
0
url pkg:composer/typo3/cms@9.5.28
purl pkg:composer/typo3/cms@9.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-6a22-c7x5-sqe2
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-j8hk-bqnb-gycp
6
vulnerability VCID-sdjb-gp4t-vbgt
7
vulnerability VCID-tzpj-j3x1-ekgk
8
vulnerability VCID-un7r-8sah-33cr
9
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.28
1
url pkg:composer/typo3/cms@10.4.18
purl pkg:composer/typo3/cms@10.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-e4zc-fmh2-n7b8
10
vulnerability VCID-fyyr-48a7-8qch
11
vulnerability VCID-gbev-1zs8-8bac
12
vulnerability VCID-hsw8-nbs6-auaa
13
vulnerability VCID-tzpj-j3x1-ekgk
14
vulnerability VCID-un7r-8sah-33cr
15
vulnerability VCID-x8qf-w4vq-mfhm
16
vulnerability VCID-x8tq-5na6-gfbj
17
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.18
2
url pkg:composer/typo3/cms@11.3.1
purl pkg:composer/typo3/cms@11.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-b9sw-6tzm-3yhj
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fsx8-7qjz-2ubw
12
vulnerability VCID-fyyr-48a7-8qch
13
vulnerability VCID-gbev-1zs8-8bac
14
vulnerability VCID-hsw8-nbs6-auaa
15
vulnerability VCID-tzpj-j3x1-ekgk
16
vulnerability VCID-un7r-8sah-33cr
17
vulnerability VCID-x8qf-w4vq-mfhm
18
vulnerability VCID-x8tq-5na6-gfbj
19
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.1
aliases CVE-2021-32767, GHSA-34fr-fhqr-7235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uq77-aax5-k7d8
39
url VCID-vq15-t92r-5bhx
vulnerability_id VCID-vq15-t92r-5bhx
summary 
Cross-site Scripting
The page module in TYPO3 is vulnerable to XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6905
reference_id
reference_type
scores
0
value 0.02274
scoring_system epss
scoring_elements 0.84984
published_at 2026-06-05T12:55:00Z
1
value 0.02274
scoring_system epss
scoring_elements 0.8496
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6905
1
reference_url https://forge.typo3.org/issues/84191
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forge.typo3.org/issues/84191
2
reference_url https://github.com/pradeepjairamani/TYPO3-XSS-POC
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pradeepjairamani/TYPO3-XSS-POC
3
reference_url https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35
4
reference_url http://www.securitytracker.com/id/1040755
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1040755
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
reference_id CVE-2018-6905
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
fixed_packages
0
url pkg:composer/typo3/cms@8.7.11
purl pkg:composer/typo3/cms@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-66kh-c1dm-8fbf
11
vulnerability VCID-6a22-c7x5-sqe2
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9yu1-z7c2-t3fj
18
vulnerability VCID-abjx-8v46-d7d8
19
vulnerability VCID-am6s-67bm-77dr
20
vulnerability VCID-bn3p-39sv-6fdg
21
vulnerability VCID-buj5-2t53-3kcr
22
vulnerability VCID-dsqm-9q3e-dudw
23
vulnerability VCID-emqq-kwjg-3kfk
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-f319-jpf5-hyex
26
vulnerability VCID-fdnw-2tz5-4fdr
27
vulnerability VCID-fpa2-ffg1-fyaa
28
vulnerability VCID-fqkc-utex-3kav
29
vulnerability VCID-fqkx-v8t5-q3h6
30
vulnerability VCID-fut7-bb1f-37g7
31
vulnerability VCID-gpv4-4tpd-tbaa
32
vulnerability VCID-hknp-f88a-kqec
33
vulnerability VCID-hp99-ncuh-6ugv
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-hyx9-8ae6-sba8
36
vulnerability VCID-j8hk-bqnb-gycp
37
vulnerability VCID-je4q-svfw-hqda
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jwb1-3sbg-kfa5
41
vulnerability VCID-k5t3-28es-h3ez
42
vulnerability VCID-khpm-e1xb-hydb
43
vulnerability VCID-njsj-bwjq-fyap
44
vulnerability VCID-nney-azbc-pucg
45
vulnerability VCID-p576-w7dd-p3h7
46
vulnerability VCID-p7gd-anw2-1qbz
47
vulnerability VCID-pmvp-twk2-jqe4
48
vulnerability VCID-q7vt-19eb-sqeq
49
vulnerability VCID-qcnh-z4zh-myaw
50
vulnerability VCID-qdxh-arxx-wbcr
51
vulnerability VCID-qv14-m93d-jyd9
52
vulnerability VCID-qxab-9uwr-yqhv
53
vulnerability VCID-rqrw-t2kj-mud8
54
vulnerability VCID-ru6w-m6q6-27gn
55
vulnerability VCID-sdjb-gp4t-vbgt
56
vulnerability VCID-sdsa-mh76-kqch
57
vulnerability VCID-teby-zvvw-zkhv
58
vulnerability VCID-tgyt-axv1-c7ag
59
vulnerability VCID-tzpj-j3x1-ekgk
60
vulnerability VCID-u259-2sxq-tbct
61
vulnerability VCID-u6as-cwxc-pkhk
62
vulnerability VCID-uq77-aax5-k7d8
63
vulnerability VCID-vw2r-g8yy-eyf4
64
vulnerability VCID-w1wb-mq2y-dfca
65
vulnerability VCID-w483-prq4-rycx
66
vulnerability VCID-wat8-4m83-hken
67
vulnerability VCID-x5x1-w7yv-eye9
68
vulnerability VCID-xvyu-2hb8-8ufh
69
vulnerability VCID-xw1s-93bu-wuh9
70
vulnerability VCID-y7ds-p5r2-yuhq
71
vulnerability VCID-yh6b-tc4u-v3bk
72
vulnerability VCID-yz6t-ge1y-qfgr
73
vulnerability VCID-zgfw-pk39-gyg8
74
vulnerability VCID-zmwv-gwq3-fkej
75
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.11
1
url pkg:composer/typo3/cms@9.1.0
purl pkg:composer/typo3/cms@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-66kh-c1dm-8fbf
16
vulnerability VCID-6a22-c7x5-sqe2
17
vulnerability VCID-6mnf-2fcw-dqgp
18
vulnerability VCID-7ch1-q9f4-a7bt
19
vulnerability VCID-7m6u-k5tp-gkhy
20
vulnerability VCID-7xv1-78u7-xufp
21
vulnerability VCID-848u-w88s-5bbe
22
vulnerability VCID-8w4e-d49b-nbg8
23
vulnerability VCID-94r9-hh4g-jkej
24
vulnerability VCID-953t-q1cr-zyd6
25
vulnerability VCID-9adx-p876-kyb5
26
vulnerability VCID-9yu1-z7c2-t3fj
27
vulnerability VCID-a1g9-pyz5-9fca
28
vulnerability VCID-abjx-8v46-d7d8
29
vulnerability VCID-am6s-67bm-77dr
30
vulnerability VCID-bbh5-rss8-bfct
31
vulnerability VCID-buj5-2t53-3kcr
32
vulnerability VCID-cvk2-93hm-gkhx
33
vulnerability VCID-dsqm-9q3e-dudw
34
vulnerability VCID-e6zr-4bgg-kkh5
35
vulnerability VCID-emqq-kwjg-3kfk
36
vulnerability VCID-ev4k-5k1d-2bhu
37
vulnerability VCID-f319-jpf5-hyex
38
vulnerability VCID-f4n7-q72x-3yea
39
vulnerability VCID-fpa2-ffg1-fyaa
40
vulnerability VCID-fqkc-utex-3kav
41
vulnerability VCID-fqkx-v8t5-q3h6
42
vulnerability VCID-fut7-bb1f-37g7
43
vulnerability VCID-gpv4-4tpd-tbaa
44
vulnerability VCID-hknp-f88a-kqec
45
vulnerability VCID-hp99-ncuh-6ugv
46
vulnerability VCID-hsw8-nbs6-auaa
47
vulnerability VCID-j8hk-bqnb-gycp
48
vulnerability VCID-je4q-svfw-hqda
49
vulnerability VCID-jp1p-rfxa-hyd9
50
vulnerability VCID-jq5y-7h9g-mufa
51
vulnerability VCID-jwb1-3sbg-kfa5
52
vulnerability VCID-k5t3-28es-h3ez
53
vulnerability VCID-khpm-e1xb-hydb
54
vulnerability VCID-n1gz-y615-cbbk
55
vulnerability VCID-njsj-bwjq-fyap
56
vulnerability VCID-nney-azbc-pucg
57
vulnerability VCID-p576-w7dd-p3h7
58
vulnerability VCID-p7gd-anw2-1qbz
59
vulnerability VCID-pmvp-twk2-jqe4
60
vulnerability VCID-q2t1-kx56-s3c3
61
vulnerability VCID-q7vt-19eb-sqeq
62
vulnerability VCID-qcnh-z4zh-myaw
63
vulnerability VCID-qdxh-arxx-wbcr
64
vulnerability VCID-qv14-m93d-jyd9
65
vulnerability VCID-qxab-9uwr-yqhv
66
vulnerability VCID-rqrw-t2kj-mud8
67
vulnerability VCID-ru6w-m6q6-27gn
68
vulnerability VCID-sdjb-gp4t-vbgt
69
vulnerability VCID-sdsa-mh76-kqch
70
vulnerability VCID-teby-zvvw-zkhv
71
vulnerability VCID-tgyt-axv1-c7ag
72
vulnerability VCID-tzpj-j3x1-ekgk
73
vulnerability VCID-u259-2sxq-tbct
74
vulnerability VCID-u6as-cwxc-pkhk
75
vulnerability VCID-un7r-8sah-33cr
76
vulnerability VCID-uq77-aax5-k7d8
77
vulnerability VCID-vw2r-g8yy-eyf4
78
vulnerability VCID-w1wb-mq2y-dfca
79
vulnerability VCID-w7z1-aw31-vugx
80
vulnerability VCID-wat8-4m83-hken
81
vulnerability VCID-x5x1-w7yv-eye9
82
vulnerability VCID-xvyu-2hb8-8ufh
83
vulnerability VCID-xw1s-93bu-wuh9
84
vulnerability VCID-y7ds-p5r2-yuhq
85
vulnerability VCID-yh6b-tc4u-v3bk
86
vulnerability VCID-yz6t-ge1y-qfgr
87
vulnerability VCID-zeut-9wfp-q7et
88
vulnerability VCID-zgfw-pk39-gyg8
89
vulnerability VCID-zkvq-bms4-gfcv
90
vulnerability VCID-zmwv-gwq3-fkej
91
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.1.0
2
url pkg:composer/typo3/cms@9.2.0
purl pkg:composer/typo3/cms@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-66kh-c1dm-8fbf
16
vulnerability VCID-6a22-c7x5-sqe2
17
vulnerability VCID-6mnf-2fcw-dqgp
18
vulnerability VCID-7ch1-q9f4-a7bt
19
vulnerability VCID-7m6u-k5tp-gkhy
20
vulnerability VCID-7xv1-78u7-xufp
21
vulnerability VCID-848u-w88s-5bbe
22
vulnerability VCID-8w4e-d49b-nbg8
23
vulnerability VCID-94r9-hh4g-jkej
24
vulnerability VCID-953t-q1cr-zyd6
25
vulnerability VCID-9adx-p876-kyb5
26
vulnerability VCID-9yu1-z7c2-t3fj
27
vulnerability VCID-a1g9-pyz5-9fca
28
vulnerability VCID-abjx-8v46-d7d8
29
vulnerability VCID-am6s-67bm-77dr
30
vulnerability VCID-bbh5-rss8-bfct
31
vulnerability VCID-buj5-2t53-3kcr
32
vulnerability VCID-cvk2-93hm-gkhx
33
vulnerability VCID-dsqm-9q3e-dudw
34
vulnerability VCID-e6zr-4bgg-kkh5
35
vulnerability VCID-emqq-kwjg-3kfk
36
vulnerability VCID-ev4k-5k1d-2bhu
37
vulnerability VCID-f319-jpf5-hyex
38
vulnerability VCID-f4n7-q72x-3yea
39
vulnerability VCID-fpa2-ffg1-fyaa
40
vulnerability VCID-fqkc-utex-3kav
41
vulnerability VCID-fqkx-v8t5-q3h6
42
vulnerability VCID-fut7-bb1f-37g7
43
vulnerability VCID-gpv4-4tpd-tbaa
44
vulnerability VCID-hknp-f88a-kqec
45
vulnerability VCID-hp99-ncuh-6ugv
46
vulnerability VCID-hsw8-nbs6-auaa
47
vulnerability VCID-j8hk-bqnb-gycp
48
vulnerability VCID-je4q-svfw-hqda
49
vulnerability VCID-jp1p-rfxa-hyd9
50
vulnerability VCID-jq5y-7h9g-mufa
51
vulnerability VCID-jwb1-3sbg-kfa5
52
vulnerability VCID-k5t3-28es-h3ez
53
vulnerability VCID-khpm-e1xb-hydb
54
vulnerability VCID-n1gz-y615-cbbk
55
vulnerability VCID-njsj-bwjq-fyap
56
vulnerability VCID-nney-azbc-pucg
57
vulnerability VCID-p576-w7dd-p3h7
58
vulnerability VCID-p7gd-anw2-1qbz
59
vulnerability VCID-pmvp-twk2-jqe4
60
vulnerability VCID-q2t1-kx56-s3c3
61
vulnerability VCID-q7vt-19eb-sqeq
62
vulnerability VCID-qcnh-z4zh-myaw
63
vulnerability VCID-qdxh-arxx-wbcr
64
vulnerability VCID-qv14-m93d-jyd9
65
vulnerability VCID-qxab-9uwr-yqhv
66
vulnerability VCID-rqrw-t2kj-mud8
67
vulnerability VCID-ru6w-m6q6-27gn
68
vulnerability VCID-sdjb-gp4t-vbgt
69
vulnerability VCID-sdsa-mh76-kqch
70
vulnerability VCID-teby-zvvw-zkhv
71
vulnerability VCID-tgyt-axv1-c7ag
72
vulnerability VCID-tzpj-j3x1-ekgk
73
vulnerability VCID-u259-2sxq-tbct
74
vulnerability VCID-u6as-cwxc-pkhk
75
vulnerability VCID-un7r-8sah-33cr
76
vulnerability VCID-uq77-aax5-k7d8
77
vulnerability VCID-vw2r-g8yy-eyf4
78
vulnerability VCID-w1wb-mq2y-dfca
79
vulnerability VCID-w7z1-aw31-vugx
80
vulnerability VCID-wat8-4m83-hken
81
vulnerability VCID-x5x1-w7yv-eye9
82
vulnerability VCID-xvyu-2hb8-8ufh
83
vulnerability VCID-xw1s-93bu-wuh9
84
vulnerability VCID-y7ds-p5r2-yuhq
85
vulnerability VCID-yh6b-tc4u-v3bk
86
vulnerability VCID-yz6t-ge1y-qfgr
87
vulnerability VCID-zeut-9wfp-q7et
88
vulnerability VCID-zgfw-pk39-gyg8
89
vulnerability VCID-zkvq-bms4-gfcv
90
vulnerability VCID-zmwv-gwq3-fkej
91
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.2.0
aliases CVE-2018-6905, GHSA-3w22-wrwx-2r75
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq15-t92r-5bhx
40
url VCID-xh68-defe-f7ce
vulnerability_id VCID-xh68-defe-f7ce
summary 
XSS Vulnerability
TYPO3 is vulnerable to Cross-Site Scripting.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.16
purl pkg:composer/typo3/cms@7.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5u2f-5zzf-j3e4
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-953t-q1cr-zyd6
7
vulnerability VCID-9726-hafj-wkay
8
vulnerability VCID-9saf-w56y-pugz
9
vulnerability VCID-abjx-8v46-d7d8
10
vulnerability VCID-dsqm-9q3e-dudw
11
vulnerability VCID-e564-zdku-9fc6
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fdnw-2tz5-4fdr
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-gpv4-4tpd-tbaa
16
vulnerability VCID-h7cg-64er-uya9
17
vulnerability VCID-hp99-ncuh-6ugv
18
vulnerability VCID-hsw8-nbs6-auaa
19
vulnerability VCID-hyx9-8ae6-sba8
20
vulnerability VCID-j8sh-5evd-dkaz
21
vulnerability VCID-jp1p-rfxa-hyd9
22
vulnerability VCID-jq5y-7h9g-mufa
23
vulnerability VCID-jqe4-8hzb-mfea
24
vulnerability VCID-jwb1-3sbg-kfa5
25
vulnerability VCID-mctp-nf36-7qdn
26
vulnerability VCID-njsj-bwjq-fyap
27
vulnerability VCID-p576-w7dd-p3h7
28
vulnerability VCID-p7gd-anw2-1qbz
29
vulnerability VCID-qcnh-z4zh-myaw
30
vulnerability VCID-sy7r-d6pv-yba9
31
vulnerability VCID-teby-zvvw-zkhv
32
vulnerability VCID-tgyt-axv1-c7ag
33
vulnerability VCID-tzpj-j3x1-ekgk
34
vulnerability VCID-uq77-aax5-k7d8
35
vulnerability VCID-vq15-t92r-5bhx
36
vulnerability VCID-xvyu-2hb8-8ufh
37
vulnerability VCID-xw1s-93bu-wuh9
38
vulnerability VCID-ygw4-jdqu-4fbt
39
vulnerability VCID-yz6t-ge1y-qfgr
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16
1
url pkg:composer/typo3/cms@8.6.1
purl pkg:composer/typo3/cms@8.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-5u2f-5zzf-j3e4
11
vulnerability VCID-66kh-c1dm-8fbf
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9726-hafj-wkay
18
vulnerability VCID-9saf-w56y-pugz
19
vulnerability VCID-9yu1-z7c2-t3fj
20
vulnerability VCID-abjx-8v46-d7d8
21
vulnerability VCID-am6s-67bm-77dr
22
vulnerability VCID-bn3p-39sv-6fdg
23
vulnerability VCID-buj5-2t53-3kcr
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-emqq-kwjg-3kfk
27
vulnerability VCID-ev4k-5k1d-2bhu
28
vulnerability VCID-f319-jpf5-hyex
29
vulnerability VCID-fdnw-2tz5-4fdr
30
vulnerability VCID-fpa2-ffg1-fyaa
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-gpv4-4tpd-tbaa
35
vulnerability VCID-h7cg-64er-uya9
36
vulnerability VCID-hknp-f88a-kqec
37
vulnerability VCID-hp99-ncuh-6ugv
38
vulnerability VCID-hsw8-nbs6-auaa
39
vulnerability VCID-hyx9-8ae6-sba8
40
vulnerability VCID-j8hk-bqnb-gycp
41
vulnerability VCID-j8sh-5evd-dkaz
42
vulnerability VCID-je4q-svfw-hqda
43
vulnerability VCID-jp1p-rfxa-hyd9
44
vulnerability VCID-jq5y-7h9g-mufa
45
vulnerability VCID-jqe4-8hzb-mfea
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-mctp-nf36-7qdn
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2ym-y2rz-1bdn
56
vulnerability VCID-q52p-xfj8-gygd
57
vulnerability VCID-q7vt-19eb-sqeq
58
vulnerability VCID-qcnh-z4zh-myaw
59
vulnerability VCID-qdxh-arxx-wbcr
60
vulnerability VCID-qv14-m93d-jyd9
61
vulnerability VCID-qxab-9uwr-yqhv
62
vulnerability VCID-rqrw-t2kj-mud8
63
vulnerability VCID-ru6w-m6q6-27gn
64
vulnerability VCID-sdjb-gp4t-vbgt
65
vulnerability VCID-sdsa-mh76-kqch
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tzpj-j3x1-ekgk
69
vulnerability VCID-u259-2sxq-tbct
70
vulnerability VCID-u6as-cwxc-pkhk
71
vulnerability VCID-uq77-aax5-k7d8
72
vulnerability VCID-vq15-t92r-5bhx
73
vulnerability VCID-vw2r-g8yy-eyf4
74
vulnerability VCID-w1wb-mq2y-dfca
75
vulnerability VCID-w483-prq4-rycx
76
vulnerability VCID-wat8-4m83-hken
77
vulnerability VCID-wy45-2gmr-fkfg
78
vulnerability VCID-x5x1-w7yv-eye9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y7ds-p5r2-yuhq
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yh6b-tc4u-v3bk
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zgfw-pk39-gyg8
86
vulnerability VCID-zmwv-gwq3-fkej
87
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1
aliases TYPO3-CORE-SA-2017-003
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xh68-defe-f7ce
41
url VCID-xvyu-2hb8-8ufh
vulnerability_id VCID-xvyu-2hb8-8ufh
summary 
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated users.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3
3
reference_url https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92
4
reference_url https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-010
6
reference_url https://github.com/advisories/GHSA-6487-3qvg-8px9
reference_id GHSA-6487-3qvg-8px9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6487-3qvg-8px9
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-6487-3qvg-8px9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvyu-2hb8-8ufh
42
url VCID-xw1s-93bu-wuh9
vulnerability_id VCID-xw1s-93bu-wuh9
summary 
Path Traversal
It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59393
published_at 2026-06-04T12:55:00Z
1
value 0.00374
scoring_system epss
scoring_elements 0.59443
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
3
reference_url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-024
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
reference_id CVE-2019-19848
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
7
reference_url https://github.com/advisories/GHSA-77p4-wfr8-977w
reference_id GHSA-77p4-wfr8-977w
reference_type
scores
url https://github.com/advisories/GHSA-77p4-wfr8-977w
fixed_packages
0
url pkg:composer/typo3/cms@8.7.30
purl pkg:composer/typo3/cms@8.7.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-6a22-c7x5-sqe2
5
vulnerability VCID-848u-w88s-5bbe
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-hsw8-nbs6-auaa
9
vulnerability VCID-j8hk-bqnb-gycp
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-sdjb-gp4t-vbgt
12
vulnerability VCID-tgyt-axv1-c7ag
13
vulnerability VCID-tzpj-j3x1-ekgk
14
vulnerability VCID-uq77-aax5-k7d8
15
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30
1
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-1sfk-z8py-ykb8
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-4an7-9ph4-mkd4
6
vulnerability VCID-6a22-c7x5-sqe2
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-a1g9-pyz5-9fca
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-bcbd-zzet-mff6
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-hsw8-nbs6-auaa
17
vulnerability VCID-j8hk-bqnb-gycp
18
vulnerability VCID-jp1p-rfxa-hyd9
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-sdjb-gp4t-vbgt
21
vulnerability VCID-tgyt-axv1-c7ag
22
vulnerability VCID-tzpj-j3x1-ekgk
23
vulnerability VCID-un7r-8sah-33cr
24
vulnerability VCID-uq77-aax5-k7d8
25
vulnerability VCID-zkvq-bms4-gfcv
26
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
2
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-2tz2-8qdm-2kcv
7
vulnerability VCID-36cz-khgc-6fft
8
vulnerability VCID-4an7-9ph4-mkd4
9
vulnerability VCID-6a22-c7x5-sqe2
10
vulnerability VCID-6hnx-p9hv-jbg2
11
vulnerability VCID-6mnf-2fcw-dqgp
12
vulnerability VCID-6urp-p9mn-cffv
13
vulnerability VCID-6xgm-uan4-u7fu
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-8w4e-d49b-nbg8
16
vulnerability VCID-9c49-n1a2-pubu
17
vulnerability VCID-a1g9-pyz5-9fca
18
vulnerability VCID-bbh5-rss8-bfct
19
vulnerability VCID-bcbd-zzet-mff6
20
vulnerability VCID-c46m-ht19-ybc4
21
vulnerability VCID-e4zc-fmh2-n7b8
22
vulnerability VCID-e6zr-4bgg-kkh5
23
vulnerability VCID-ev4k-5k1d-2bhu
24
vulnerability VCID-fqkx-v8t5-q3h6
25
vulnerability VCID-fyyr-48a7-8qch
26
vulnerability VCID-gbev-1zs8-8bac
27
vulnerability VCID-hsw8-nbs6-auaa
28
vulnerability VCID-j8hk-bqnb-gycp
29
vulnerability VCID-jp1p-rfxa-hyd9
30
vulnerability VCID-n1gz-y615-cbbk
31
vulnerability VCID-r3az-g422-gqf9
32
vulnerability VCID-sdjb-gp4t-vbgt
33
vulnerability VCID-tgyt-axv1-c7ag
34
vulnerability VCID-tzpj-j3x1-ekgk
35
vulnerability VCID-un7r-8sah-33cr
36
vulnerability VCID-uq77-aax5-k7d8
37
vulnerability VCID-x8qf-w4vq-mfhm
38
vulnerability VCID-x8tq-5na6-gfbj
39
vulnerability VCID-zkvq-bms4-gfcv
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19848, GHSA-77p4-wfr8-977w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw1s-93bu-wuh9
43
url VCID-ygw4-jdqu-4fbt
vulnerability_id VCID-ygw4-jdqu-4fbt
summary Information Disclosure in TYPO3 CMS.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-66kh-c1dm-8fbf
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-dsqm-9q3e-dudw
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fdnw-2tz5-4fdr
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-gpv4-4tpd-tbaa
12
vulnerability VCID-hp99-ncuh-6ugv
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-hyx9-8ae6-sba8
15
vulnerability VCID-jp1p-rfxa-hyd9
16
vulnerability VCID-jq5y-7h9g-mufa
17
vulnerability VCID-jwb1-3sbg-kfa5
18
vulnerability VCID-njsj-bwjq-fyap
19
vulnerability VCID-p576-w7dd-p3h7
20
vulnerability VCID-p7gd-anw2-1qbz
21
vulnerability VCID-qcnh-z4zh-myaw
22
vulnerability VCID-teby-zvvw-zkhv
23
vulnerability VCID-tgyt-axv1-c7ag
24
vulnerability VCID-tzpj-j3x1-ekgk
25
vulnerability VCID-uq77-aax5-k7d8
26
vulnerability VCID-vq15-t92r-5bhx
27
vulnerability VCID-xvyu-2hb8-8ufh
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-yz6t-ge1y-qfgr
30
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.0
purl pkg:composer/typo3/cms@8.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-5u2f-5zzf-j3e4
11
vulnerability VCID-66kh-c1dm-8fbf
12
vulnerability VCID-6a22-c7x5-sqe2
13
vulnerability VCID-7ch1-q9f4-a7bt
14
vulnerability VCID-7m6u-k5tp-gkhy
15
vulnerability VCID-848u-w88s-5bbe
16
vulnerability VCID-94r9-hh4g-jkej
17
vulnerability VCID-953t-q1cr-zyd6
18
vulnerability VCID-9726-hafj-wkay
19
vulnerability VCID-9yu1-z7c2-t3fj
20
vulnerability VCID-abjx-8v46-d7d8
21
vulnerability VCID-am6s-67bm-77dr
22
vulnerability VCID-bn3p-39sv-6fdg
23
vulnerability VCID-buj5-2t53-3kcr
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-emqq-kwjg-3kfk
27
vulnerability VCID-ev4k-5k1d-2bhu
28
vulnerability VCID-f319-jpf5-hyex
29
vulnerability VCID-fdnw-2tz5-4fdr
30
vulnerability VCID-fpa2-ffg1-fyaa
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-gpv4-4tpd-tbaa
35
vulnerability VCID-h7cg-64er-uya9
36
vulnerability VCID-hknp-f88a-kqec
37
vulnerability VCID-hp99-ncuh-6ugv
38
vulnerability VCID-hsw8-nbs6-auaa
39
vulnerability VCID-hyx9-8ae6-sba8
40
vulnerability VCID-j8hk-bqnb-gycp
41
vulnerability VCID-j8sh-5evd-dkaz
42
vulnerability VCID-je4q-svfw-hqda
43
vulnerability VCID-jp1p-rfxa-hyd9
44
vulnerability VCID-jq5y-7h9g-mufa
45
vulnerability VCID-jqe4-8hzb-mfea
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-mctp-nf36-7qdn
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2ym-y2rz-1bdn
56
vulnerability VCID-q7vt-19eb-sqeq
57
vulnerability VCID-qcnh-z4zh-myaw
58
vulnerability VCID-qdxh-arxx-wbcr
59
vulnerability VCID-qv14-m93d-jyd9
60
vulnerability VCID-qxab-9uwr-yqhv
61
vulnerability VCID-rqrw-t2kj-mud8
62
vulnerability VCID-ru6w-m6q6-27gn
63
vulnerability VCID-sdjb-gp4t-vbgt
64
vulnerability VCID-sdsa-mh76-kqch
65
vulnerability VCID-teby-zvvw-zkhv
66
vulnerability VCID-tgyt-axv1-c7ag
67
vulnerability VCID-tzpj-j3x1-ekgk
68
vulnerability VCID-u259-2sxq-tbct
69
vulnerability VCID-u6as-cwxc-pkhk
70
vulnerability VCID-uq77-aax5-k7d8
71
vulnerability VCID-vq15-t92r-5bhx
72
vulnerability VCID-vw2r-g8yy-eyf4
73
vulnerability VCID-w1wb-mq2y-dfca
74
vulnerability VCID-w483-prq4-rycx
75
vulnerability VCID-wat8-4m83-hken
76
vulnerability VCID-wy45-2gmr-fkfg
77
vulnerability VCID-x5x1-w7yv-eye9
78
vulnerability VCID-xvyu-2hb8-8ufh
79
vulnerability VCID-xw1s-93bu-wuh9
80
vulnerability VCID-y7ds-p5r2-yuhq
81
vulnerability VCID-yh6b-tc4u-v3bk
82
vulnerability VCID-yz6t-ge1y-qfgr
83
vulnerability VCID-zgfw-pk39-gyg8
84
vulnerability VCID-zmwv-gwq3-fkej
85
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0
aliases GMS-2017-352
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygw4-jdqu-4fbt
44
url VCID-yz6t-ge1y-qfgr
vulnerability_id VCID-yz6t-ge1y-qfgr
summary Security Misconfiguration in Install Tool Cookie.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-100
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz6t-ge1y-qfgr
45
url VCID-zybp-mb3d-jyee
vulnerability_id VCID-zybp-mb3d-jyee
summary 
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
### Problem
Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary.

### Solution
Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

### References
* [TYPO3-CORE-SA-2022-013](https://typo3.org/security/advisory/typo3-core-sa-2022-013)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40434
published_at 2026-06-05T12:55:00Z
1
value 0.00187
scoring_system epss
scoring_elements 0.40354
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T18:48:00Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-013
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-013
8
reference_url https://github.com/advisories/GHSA-jfp7-79g7-89rf
reference_id GHSA-jfp7-79g7-89rf
reference_type
scores
url https://github.com/advisories/GHSA-jfp7-79g7-89rf
fixed_packages
0
url pkg:composer/typo3/cms@10.4.33
purl pkg:composer/typo3/cms@10.4.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6a22-c7x5-sqe2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.33
1
url pkg:composer/typo3/cms@11.5.20
purl pkg:composer/typo3/cms@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6a22-c7x5-sqe2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.20
2
url pkg:composer/typo3/cms@12.1.1
purl pkg:composer/typo3/cms@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6a22-c7x5-sqe2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@12.1.1
aliases CVE-2022-23501, GHSA-jfp7-79g7-89rf, GMS-2022-8134
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zybp-mb3d-jyee
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.14