Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms@8.7.18
Typecomposer
Namespacetypo3
Namecms
Version8.7.18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.5.25
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-1ffs-9vj5-27hk
vulnerability_id VCID-1ffs-9vj5-27hk
summary 
Path Traversal
Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21357
reference_id
reference_type
scores
0
value 0.01121
scoring_system epss
scoring_elements 0.78584
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21357
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml
3
reference_url https://packagist.org/packages/typo3/cms-form
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-form
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-003
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-003
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21357
reference_id CVE-2021-21357
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21357
6
reference_url https://github.com/advisories/GHSA-3vg7-jw9m-pc3f
reference_id GHSA-3vg7-jw9m-pc3f
reference_type
scores
url https://github.com/advisories/GHSA-3vg7-jw9m-pc3f
7
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f
reference_id GHSA-3vg7-jw9m-pc3f
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f
fixed_packages
0
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
1
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
2
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
3
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21357, GHSA-3vg7-jw9m-pc3f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ffs-9vj5-27hk
1
url VCID-3ugj-6m1e-e3hr
vulnerability_id VCID-3ugj-6m1e-e3hr
summary 
Cross-site Scripting
Cross-Site Scripting in Online Media Asset Rendering.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
1
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-97
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugj-6m1e-e3hr
2
url VCID-4eym-e6vt-8fbs
vulnerability_id VCID-4eym-e6vt-8fbs
summary 
Code Injection
Arbitrary Code Execution and Cross-Site Scripting in Backend API.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-019/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-019/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.27
purl pkg:composer/typo3/cms@8.7.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-848u-w88s-5bbe
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-jp1p-rfxa-hyd9
5
vulnerability VCID-p7gd-anw2-1qbz
6
vulnerability VCID-rqrw-t2kj-mud8
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-xw1s-93bu-wuh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27
1
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-188
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4eym-e6vt-8fbs
3
url VCID-7ch1-q9f4-a7bt
vulnerability_id VCID-7ch1-q9f4-a7bt
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the data-target property of scrollspy.
references
0
reference_url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
1
reference_url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1456
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14041
reference_id
reference_type
scores
0
value 0.07723
scoring_system epss
scoring_elements 0.92076
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14041
5
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
6
reference_url http://seclists.org/fulldisclosure/2019/May/10
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/May/10
7
reference_url http://seclists.org/fulldisclosure/2019/May/11
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/May/11
8
reference_url http://seclists.org/fulldisclosure/2019/May/13
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/May/13
9
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap
10
reference_url https://github.com/twbs/bootstrap/issues/26423
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/26423
11
reference_url https://github.com/twbs/bootstrap/issues/26627
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/26627
12
reference_url https://github.com/twbs/bootstrap/pull/26630
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/pull/26630
13
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
18
reference_url https://seclists.org/bugtraq/2019/May/18
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/18
19
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-006
20
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1601616
reference_id 1601616
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1601616
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14041
reference_id CVE-2018-14041
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14041
23
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml
reference_id CVE-2018-14041.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml
24
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml
reference_id CVE-2018-14041.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml
25
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml
reference_id CVE-2018-14041.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml
26
reference_url https://github.com/advisories/GHSA-pj7m-g53m-7638
reference_id GHSA-pj7m-g53m-7638
reference_type
scores
url https://github.com/advisories/GHSA-pj7m-g53m-7638
27
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
28
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
29
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
30
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
31
reference_url https://access.redhat.com/errata/RHSA-2023:5693
reference_id RHSA-2023:5693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5693
fixed_packages
0
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-fut7-bb1f-37g7
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-k5t3-28es-h3ez
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-ru6w-m6q6-27gn
14
vulnerability VCID-sdsa-mh76-kqch
15
vulnerability VCID-tgyt-axv1-c7ag
16
vulnerability VCID-x5x1-w7yv-eye9
17
vulnerability VCID-xw1s-93bu-wuh9
18
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
1
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases CVE-2018-14041, GHSA-pj7m-g53m-7638
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ch1-q9f4-a7bt
4
url VCID-7m6u-k5tp-gkhy
vulnerability_id VCID-7m6u-k5tp-gkhy
summary Insecure Deserialization in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-020/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-020/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.27
purl pkg:composer/typo3/cms@8.7.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-848u-w88s-5bbe
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-jp1p-rfxa-hyd9
5
vulnerability VCID-p7gd-anw2-1qbz
6
vulnerability VCID-rqrw-t2kj-mud8
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-xw1s-93bu-wuh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27
1
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-189
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m6u-k5tp-gkhy
5
url VCID-848u-w88s-5bbe
vulnerability_id VCID-848u-w88s-5bbe
summary 
Unrestricted Upload of File with Dangerous Type
Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Additionally, `_UploadedFileReferenceConverter_` transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, `_UploadedFileReferenceConverter_` accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location `_/fileadmin/user_upload/_`, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21355
reference_id
reference_type
scores
0
value 0.00416
scoring_system epss
scoring_elements 0.62059
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21355
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml
3
reference_url https://packagist.org/packages/typo3/cms-form
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-form
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-002
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-002
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21355
reference_id CVE-2021-21355
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21355
6
reference_url https://github.com/advisories/GHSA-2r6j-862c-m2v2
reference_id GHSA-2r6j-862c-m2v2
reference_type
scores
url https://github.com/advisories/GHSA-2r6j-862c-m2v2
7
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2
reference_id GHSA-2r6j-862c-m2v2
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2
fixed_packages
0
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
1
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
2
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
3
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21355, GHSA-2r6j-862c-m2v2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-848u-w88s-5bbe
6
url VCID-953t-q1cr-zyd6
vulnerability_id VCID-953t-q1cr-zyd6
summary 
Cross-site Scripting
Cross-Site Scripting in Backend Modal Component.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
1
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-98
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-953t-q1cr-zyd6
7
url VCID-am6s-67bm-77dr
vulnerability_id VCID-am6s-67bm-77dr
summary 
Cross-site Scripting
Cross-Site Scripting in Bootstrap CSS toolkit.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-006/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-006/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-fut7-bb1f-37g7
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-k5t3-28es-h3ez
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-ru6w-m6q6-27gn
14
vulnerability VCID-sdsa-mh76-kqch
15
vulnerability VCID-tgyt-axv1-c7ag
16
vulnerability VCID-x5x1-w7yv-eye9
17
vulnerability VCID-xw1s-93bu-wuh9
18
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
1
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-176
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am6s-67bm-77dr
8
url VCID-bn3p-39sv-6fdg
vulnerability_id VCID-bn3p-39sv-6fdg
summary 
Improper Access Control
Broken Access Control in Localization Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-003/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-003/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-fut7-bb1f-37g7
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-k5t3-28es-h3ez
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-ru6w-m6q6-27gn
14
vulnerability VCID-sdsa-mh76-kqch
15
vulnerability VCID-tgyt-axv1-c7ag
16
vulnerability VCID-x5x1-w7yv-eye9
17
vulnerability VCID-xw1s-93bu-wuh9
18
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
1
url pkg:composer/typo3/cms@9.0.0
purl pkg:composer/typo3/cms@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11u3-8xzy-jfhh
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-1sfk-z8py-ykb8
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-3k2k-a3gb-n3ba
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-6mnf-2fcw-dqgp
14
vulnerability VCID-7ch1-q9f4-a7bt
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-953t-q1cr-zyd6
21
vulnerability VCID-9adx-p876-kyb5
22
vulnerability VCID-9yu1-z7c2-t3fj
23
vulnerability VCID-a1g9-pyz5-9fca
24
vulnerability VCID-abjx-8v46-d7d8
25
vulnerability VCID-am6s-67bm-77dr
26
vulnerability VCID-bbh5-rss8-bfct
27
vulnerability VCID-buj5-2t53-3kcr
28
vulnerability VCID-cvk2-93hm-gkhx
29
vulnerability VCID-dsqm-9q3e-dudw
30
vulnerability VCID-e6zr-4bgg-kkh5
31
vulnerability VCID-emqq-kwjg-3kfk
32
vulnerability VCID-ev4k-5k1d-2bhu
33
vulnerability VCID-f319-jpf5-hyex
34
vulnerability VCID-f4n7-q72x-3yea
35
vulnerability VCID-fpa2-ffg1-fyaa
36
vulnerability VCID-fqkc-utex-3kav
37
vulnerability VCID-fqkx-v8t5-q3h6
38
vulnerability VCID-fut7-bb1f-37g7
39
vulnerability VCID-gpv4-4tpd-tbaa
40
vulnerability VCID-hknp-f88a-kqec
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-j8hk-bqnb-gycp
43
vulnerability VCID-je4q-svfw-hqda
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2t1-kx56-s3c3
56
vulnerability VCID-q7vt-19eb-sqeq
57
vulnerability VCID-qcnh-z4zh-myaw
58
vulnerability VCID-qdxh-arxx-wbcr
59
vulnerability VCID-qv14-m93d-jyd9
60
vulnerability VCID-qxab-9uwr-yqhv
61
vulnerability VCID-rqrw-t2kj-mud8
62
vulnerability VCID-ru6w-m6q6-27gn
63
vulnerability VCID-sdjb-gp4t-vbgt
64
vulnerability VCID-sdsa-mh76-kqch
65
vulnerability VCID-teby-zvvw-zkhv
66
vulnerability VCID-tgyt-axv1-c7ag
67
vulnerability VCID-u259-2sxq-tbct
68
vulnerability VCID-u6as-cwxc-pkhk
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vq15-t92r-5bhx
71
vulnerability VCID-vw2r-g8yy-eyf4
72
vulnerability VCID-w1wb-mq2y-dfca
73
vulnerability VCID-w7z1-aw31-vugx
74
vulnerability VCID-wat8-4m83-hken
75
vulnerability VCID-x5x1-w7yv-eye9
76
vulnerability VCID-xvyu-2hb8-8ufh
77
vulnerability VCID-xw1s-93bu-wuh9
78
vulnerability VCID-y7ds-p5r2-yuhq
79
vulnerability VCID-yh6b-tc4u-v3bk
80
vulnerability VCID-yz6t-ge1y-qfgr
81
vulnerability VCID-zeut-9wfp-q7et
82
vulnerability VCID-zgfw-pk39-gyg8
83
vulnerability VCID-zkvq-bms4-gfcv
84
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0
aliases GMS-2019-174
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bn3p-39sv-6fdg
9
url VCID-dsqm-9q3e-dudw
vulnerability_id VCID-dsqm-9q3e-dudw
summary 
Uncontrolled Resource Consumption
Denial of Service in Online Media Asset Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
1
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-102
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsqm-9q3e-dudw
10
url VCID-emqq-kwjg-3kfk
vulnerability_id VCID-emqq-kwjg-3kfk
summary 
Cross-site Scripting
Cross-Site Scripting in CKEditor.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-005/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-005/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
1
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-104
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emqq-kwjg-3kfk
11
url VCID-ev4k-5k1d-2bhu
vulnerability_id VCID-ev4k-5k1d-2bhu
summary 
URL Redirection to Untrusted Site (Open Redirect)
Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48774
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-001
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
reference_id CVE-2021-21338
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
fixed_packages
0
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
1
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
2
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
3
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21338, GHSA-4jhw-2p6j-5wmp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev4k-5k1d-2bhu
12
url VCID-fdnw-2tz5-4fdr
vulnerability_id VCID-fdnw-2tz5-4fdr
summary 
Uncontrolled Resource Consumption
Denial of Service in Frontend Record Registration.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
1
url pkg:composer/typo3/cms@9.0.0
purl pkg:composer/typo3/cms@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11u3-8xzy-jfhh
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-1sfk-z8py-ykb8
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-3k2k-a3gb-n3ba
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-6mnf-2fcw-dqgp
14
vulnerability VCID-7ch1-q9f4-a7bt
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-953t-q1cr-zyd6
21
vulnerability VCID-9adx-p876-kyb5
22
vulnerability VCID-9yu1-z7c2-t3fj
23
vulnerability VCID-a1g9-pyz5-9fca
24
vulnerability VCID-abjx-8v46-d7d8
25
vulnerability VCID-am6s-67bm-77dr
26
vulnerability VCID-bbh5-rss8-bfct
27
vulnerability VCID-buj5-2t53-3kcr
28
vulnerability VCID-cvk2-93hm-gkhx
29
vulnerability VCID-dsqm-9q3e-dudw
30
vulnerability VCID-e6zr-4bgg-kkh5
31
vulnerability VCID-emqq-kwjg-3kfk
32
vulnerability VCID-ev4k-5k1d-2bhu
33
vulnerability VCID-f319-jpf5-hyex
34
vulnerability VCID-f4n7-q72x-3yea
35
vulnerability VCID-fpa2-ffg1-fyaa
36
vulnerability VCID-fqkc-utex-3kav
37
vulnerability VCID-fqkx-v8t5-q3h6
38
vulnerability VCID-fut7-bb1f-37g7
39
vulnerability VCID-gpv4-4tpd-tbaa
40
vulnerability VCID-hknp-f88a-kqec
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-j8hk-bqnb-gycp
43
vulnerability VCID-je4q-svfw-hqda
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2t1-kx56-s3c3
56
vulnerability VCID-q7vt-19eb-sqeq
57
vulnerability VCID-qcnh-z4zh-myaw
58
vulnerability VCID-qdxh-arxx-wbcr
59
vulnerability VCID-qv14-m93d-jyd9
60
vulnerability VCID-qxab-9uwr-yqhv
61
vulnerability VCID-rqrw-t2kj-mud8
62
vulnerability VCID-ru6w-m6q6-27gn
63
vulnerability VCID-sdjb-gp4t-vbgt
64
vulnerability VCID-sdsa-mh76-kqch
65
vulnerability VCID-teby-zvvw-zkhv
66
vulnerability VCID-tgyt-axv1-c7ag
67
vulnerability VCID-u259-2sxq-tbct
68
vulnerability VCID-u6as-cwxc-pkhk
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vq15-t92r-5bhx
71
vulnerability VCID-vw2r-g8yy-eyf4
72
vulnerability VCID-w1wb-mq2y-dfca
73
vulnerability VCID-w7z1-aw31-vugx
74
vulnerability VCID-wat8-4m83-hken
75
vulnerability VCID-x5x1-w7yv-eye9
76
vulnerability VCID-xvyu-2hb8-8ufh
77
vulnerability VCID-xw1s-93bu-wuh9
78
vulnerability VCID-y7ds-p5r2-yuhq
79
vulnerability VCID-yh6b-tc4u-v3bk
80
vulnerability VCID-yz6t-ge1y-qfgr
81
vulnerability VCID-zeut-9wfp-q7et
82
vulnerability VCID-zgfw-pk39-gyg8
83
vulnerability VCID-zkvq-bms4-gfcv
84
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0
aliases GMS-2018-103
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdnw-2tz5-4fdr
13
url VCID-fqkx-v8t5-q3h6
vulnerability_id VCID-fqkx-v8t5-q3h6
summary 
Cleartext Storage of Sensitive Information
User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32224
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-006
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
reference_id CVE-2021-21339
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
fixed_packages
0
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
1
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
2
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
3
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21339, GHSA-qx3w-4864-94ch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkx-v8t5-q3h6
14
url VCID-fut7-bb1f-37g7
vulnerability_id VCID-fut7-bb1f-37g7
summary 
Cross-site Scripting
Cross-Site Scripting in Link Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-015/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-015/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.27
purl pkg:composer/typo3/cms@8.7.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-848u-w88s-5bbe
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-jp1p-rfxa-hyd9
5
vulnerability VCID-p7gd-anw2-1qbz
6
vulnerability VCID-rqrw-t2kj-mud8
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-xw1s-93bu-wuh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27
1
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-186
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fut7-bb1f-37g7
15
url VCID-hp99-ncuh-6ugv
vulnerability_id VCID-hp99-ncuh-6ugv
summary 
Cross-site Scripting
Cross-Site Scripting in Frontend User Login.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
1
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-99
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hp99-ncuh-6ugv
16
url VCID-jp1p-rfxa-hyd9
vulnerability_id VCID-jp1p-rfxa-hyd9
summary 
Cross-site Scripting
Content elements of type `_menu_` are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.57112
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
3
reference_url https://packagist.org/packages/typo3/cms-backend
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-backend
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-008
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
reference_id CVE-2021-21370
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
6
reference_url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
7
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
fixed_packages
0
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
1
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
2
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
3
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21370, GHSA-x7hc-x7fm-f7qh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jp1p-rfxa-hyd9
17
url VCID-jq5y-7h9g-mufa
vulnerability_id VCID-jq5y-7h9g-mufa
summary Information Disclosure in Install Tool.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
1
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-101
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jq5y-7h9g-mufa
18
url VCID-k5t3-28es-h3ez
vulnerability_id VCID-k5t3-28es-h3ez
summary 
Improper Input Validation
TYPO3 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by `ImageMagick` or `GraphicsMagick`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11832
reference_id
reference_type
scores
0
value 0.00898
scoring_system epss
scoring_elements 0.76028
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11832
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml
3
reference_url https://github.com/github/advisory-database/pull/3530
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/3530
4
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
5
reference_url https://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79
6
reference_url https://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e
7
reference_url https://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-012
9
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-012/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11832
reference_id CVE-2019-11832
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11832
fixed_packages
0
url pkg:composer/typo3/cms@8.7.25
purl pkg:composer/typo3/cms@8.7.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-cbmm-1b2k-8qaz
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-fut7-bb1f-37g7
8
vulnerability VCID-jp1p-rfxa-hyd9
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-xw1s-93bu-wuh9
15
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25
1
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases CVE-2019-11832, GHSA-3w4h-r27h-4r2w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k5t3-28es-h3ez
19
url VCID-khpm-e1xb-hydb
vulnerability_id VCID-khpm-e1xb-hydb
summary Information Disclosure of Installed Extensions.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-001/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-001/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-fut7-bb1f-37g7
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-k5t3-28es-h3ez
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-ru6w-m6q6-27gn
14
vulnerability VCID-sdsa-mh76-kqch
15
vulnerability VCID-tgyt-axv1-c7ag
16
vulnerability VCID-x5x1-w7yv-eye9
17
vulnerability VCID-xw1s-93bu-wuh9
18
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
1
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-172
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khpm-e1xb-hydb
20
url VCID-nney-azbc-pucg
vulnerability_id VCID-nney-azbc-pucg
summary Information Disclosure in Backend User Interface.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-014/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-014/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.27
purl pkg:composer/typo3/cms@8.7.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-848u-w88s-5bbe
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-jp1p-rfxa-hyd9
5
vulnerability VCID-p7gd-anw2-1qbz
6
vulnerability VCID-rqrw-t2kj-mud8
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-xw1s-93bu-wuh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27
1
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-185
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nney-azbc-pucg
21
url VCID-p7gd-anw2-1qbz
vulnerability_id VCID-p7gd-anw2-1qbz
summary 
Deserialization of Untrusted Data
It has been discovered that the classes `QueryGenerator` and `QueryView` are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension `ext:lowlevel` (Backend Module `DB Check`) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension `ext:sys_action` installed, with a valid backend user who has limited privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
reference_id
reference_type
scores
0
value 0.00746
scoring_system epss
scoring_elements 0.7342
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
3
reference_url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-026
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
reference_id CVE-2019-19849
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
fixed_packages
0
url pkg:composer/typo3/cms@8.7.30
purl pkg:composer/typo3/cms@8.7.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-848u-w88s-5bbe
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-jp1p-rfxa-hyd9
5
vulnerability VCID-tgyt-axv1-c7ag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30
1
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
2
url pkg:composer/typo3/cms@10.2.1
purl pkg:composer/typo3/cms@10.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1
3
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19849, GHSA-rcgc-4xfc-564v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p7gd-anw2-1qbz
22
url VCID-pmvp-twk2-jqe4
vulnerability_id VCID-pmvp-twk2-jqe4
summary Security Misconfiguration for Backend User Accounts.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-002/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-002/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-fut7-bb1f-37g7
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-k5t3-28es-h3ez
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-ru6w-m6q6-27gn
14
vulnerability VCID-sdsa-mh76-kqch
15
vulnerability VCID-tgyt-axv1-c7ag
16
vulnerability VCID-x5x1-w7yv-eye9
17
vulnerability VCID-xw1s-93bu-wuh9
18
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
1
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-173
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmvp-twk2-jqe4
23
url VCID-qv14-m93d-jyd9
vulnerability_id VCID-qv14-m93d-jyd9
summary 
Cross-site Scripting
TYPO3 allows XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12748
reference_id
reference_type
scores
0
value 0.00301
scoring_system epss
scoring_elements 0.53716
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12748
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-12748.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-12748.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-12748.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-12748.yaml
3
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
4
reference_url https://typo3.org/cms/release-news/typo3-8-release-notes
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/cms/release-news/typo3-8-release-notes
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-015
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-015
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12748
reference_id CVE-2019-12748
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12748
fixed_packages
0
url pkg:composer/typo3/cms@8.7.27
purl pkg:composer/typo3/cms@8.7.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-848u-w88s-5bbe
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-jp1p-rfxa-hyd9
5
vulnerability VCID-p7gd-anw2-1qbz
6
vulnerability VCID-rqrw-t2kj-mud8
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-xw1s-93bu-wuh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27
1
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases CVE-2019-12748, GHSA-r6fv-56gp-j3r4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qv14-m93d-jyd9
24
url VCID-qxab-9uwr-yqhv
vulnerability_id VCID-qxab-9uwr-yqhv
summary 
Cross-site Scripting
CKEditor allows user-assisted XSS involving a source-mode paste.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17960
reference_id
reference_type
scores
0
value 0.02024
scoring_system epss
scoring_elements 0.84092
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17960
1
reference_url https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released
2
reference_url https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/
reference_id
reference_type
scores
url https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/
3
reference_url https://ckeditor.com/cke4/release/CKEditor-4.11.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ckeditor.com/cke4/release/CKEditor-4.11.0
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-005
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-005
5
reference_url https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205
6
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17960
reference_id CVE-2018-17960
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17960
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml
reference_id CVE-2018-17960.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml
reference_id CVE-2018-17960.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml
11
reference_url https://github.com/advisories/GHSA-g68x-vvqq-pvw3
reference_id GHSA-g68x-vvqq-pvw3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g68x-vvqq-pvw3
fixed_packages
0
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
1
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases CVE-2018-17960, GHSA-g68x-vvqq-pvw3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv
25
url VCID-rqrw-t2kj-mud8
vulnerability_id VCID-rqrw-t2kj-mud8
summary 
SQL Injection
Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension `ext:lowlevel` installed, and a valid backend user who has administrator privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19850
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.52069
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19850
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-025
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-025
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-025/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-025/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19850
reference_id CVE-2019-19850
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19850
fixed_packages
0
url pkg:composer/typo3/cms@8.7.30
purl pkg:composer/typo3/cms@8.7.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-848u-w88s-5bbe
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-jp1p-rfxa-hyd9
5
vulnerability VCID-tgyt-axv1-c7ag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30
1
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
2
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19850, GHSA-59pj-7mjh-4465
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqrw-t2kj-mud8
26
url VCID-ru6w-m6q6-27gn
vulnerability_id VCID-ru6w-m6q6-27gn
summary 
Cross-site Scripting
Cross-Site Scripting in Fluid Engine.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-013/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-013/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.25
purl pkg:composer/typo3/cms@8.7.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-cbmm-1b2k-8qaz
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-fut7-bb1f-37g7
8
vulnerability VCID-jp1p-rfxa-hyd9
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-xw1s-93bu-wuh9
15
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25
1
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GMS-2019-180
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ru6w-m6q6-27gn
27
url VCID-sdsa-mh76-kqch
vulnerability_id VCID-sdsa-mh76-kqch
summary Security Misconfiguration in User Session Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-011/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-011/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.25
purl pkg:composer/typo3/cms@8.7.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-cbmm-1b2k-8qaz
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-fut7-bb1f-37g7
8
vulnerability VCID-jp1p-rfxa-hyd9
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-xw1s-93bu-wuh9
15
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25
1
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GMS-2019-181
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sdsa-mh76-kqch
28
url VCID-tgyt-axv1-c7ag
vulnerability_id VCID-tgyt-axv1-c7ag
summary 
Cross-site Scripting
TYPO3 is an open source PHP based web content management system. In TYPO3 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 that fix the problem described.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26227
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.5838
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26227
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-010
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26227
reference_id CVE-2020-26227
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26227
fixed_packages
0
url pkg:composer/typo3/cms@8.7.38
purl pkg:composer/typo3/cms@8.7.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.38
1
url pkg:composer/typo3/cms@9.5.23
purl pkg:composer/typo3/cms@9.5.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-6mnf-2fcw-dqgp
2
vulnerability VCID-848u-w88s-5bbe
3
vulnerability VCID-ev4k-5k1d-2bhu
4
vulnerability VCID-fqkx-v8t5-q3h6
5
vulnerability VCID-jp1p-rfxa-hyd9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.23
2
url pkg:composer/typo3/cms@10.4.10
purl pkg:composer/typo3/cms@10.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-6mnf-2fcw-dqgp
2
vulnerability VCID-6urp-p9mn-cffv
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-c46m-ht19-ybc4
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-jp1p-rfxa-hyd9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.10
aliases CVE-2020-26227, GHSA-vqqx-jw6p-q3rf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyt-axv1-c7ag
29
url VCID-u259-2sxq-tbct
vulnerability_id VCID-u259-2sxq-tbct
summary 
Cross-site Scripting
Cross-Site Scripting in Fluid `ViewHelpers`.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-005/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-005/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-fut7-bb1f-37g7
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-k5t3-28es-h3ez
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-ru6w-m6q6-27gn
14
vulnerability VCID-sdsa-mh76-kqch
15
vulnerability VCID-tgyt-axv1-c7ag
16
vulnerability VCID-x5x1-w7yv-eye9
17
vulnerability VCID-xw1s-93bu-wuh9
18
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
1
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-175
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u259-2sxq-tbct
30
url VCID-vw2r-g8yy-eyf4
vulnerability_id VCID-vw2r-g8yy-eyf4
summary 
Code Injection
Arbitrary Code Execution via File List Module.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-008/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-008/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-fut7-bb1f-37g7
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-k5t3-28es-h3ez
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-ru6w-m6q6-27gn
14
vulnerability VCID-sdsa-mh76-kqch
15
vulnerability VCID-tgyt-axv1-c7ag
16
vulnerability VCID-x5x1-w7yv-eye9
17
vulnerability VCID-xw1s-93bu-wuh9
18
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
1
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-178
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vw2r-g8yy-eyf4
31
url VCID-x5x1-w7yv-eye9
vulnerability_id VCID-x5x1-w7yv-eye9
summary 
Code Injection
Possible Arbitrary Code Execution in Image Processing.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-012/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.25
purl pkg:composer/typo3/cms@8.7.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-cbmm-1b2k-8qaz
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-fut7-bb1f-37g7
8
vulnerability VCID-jp1p-rfxa-hyd9
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-xw1s-93bu-wuh9
15
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25
1
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GMS-2019-182
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5x1-w7yv-eye9
32
url VCID-xw1s-93bu-wuh9
vulnerability_id VCID-xw1s-93bu-wuh9
summary 
Path Traversal
It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59393
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
3
reference_url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-024
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
reference_id CVE-2019-19848
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
fixed_packages
0
url pkg:composer/typo3/cms@8.7.30
purl pkg:composer/typo3/cms@8.7.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-848u-w88s-5bbe
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-jp1p-rfxa-hyd9
5
vulnerability VCID-tgyt-axv1-c7ag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30
1
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
2
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19848, GHSA-77p4-wfr8-977w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw1s-93bu-wuh9
33
url VCID-y7ds-p5r2-yuhq
vulnerability_id VCID-y7ds-p5r2-yuhq
summary Security Misconfiguration in Frontend Session Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-018/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-018/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.27
purl pkg:composer/typo3/cms@8.7.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-848u-w88s-5bbe
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-jp1p-rfxa-hyd9
5
vulnerability VCID-p7gd-anw2-1qbz
6
vulnerability VCID-rqrw-t2kj-mud8
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-xw1s-93bu-wuh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27
1
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-187
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y7ds-p5r2-yuhq
34
url VCID-yz6t-ge1y-qfgr
vulnerability_id VCID-yz6t-ge1y-qfgr
summary Security Misconfiguration in Install Tool Cookie.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
1
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-100
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz6t-ge1y-qfgr
35
url VCID-zmwv-gwq3-fkej
vulnerability_id VCID-zmwv-gwq3-fkej
summary 
Cross-site Scripting
Cross-Site Scripting in Form Framework.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-007/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-fut7-bb1f-37g7
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-k5t3-28es-h3ez
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-ru6w-m6q6-27gn
14
vulnerability VCID-sdsa-mh76-kqch
15
vulnerability VCID-tgyt-axv1-c7ag
16
vulnerability VCID-x5x1-w7yv-eye9
17
vulnerability VCID-xw1s-93bu-wuh9
18
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
1
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-177
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmwv-gwq3-fkej
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.18