Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/224582?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/224582?format=api", "purl": "pkg:composer/typo3/cms@8.7.18", "type": "composer", "namespace": "typo3", "name": "cms", "version": "8.7.18", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.5.25", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54229?format=api", "vulnerability_id": "VCID-1ffs-9vj5-27hk", "summary": "Path Traversal\nDue to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78584", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21357" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml" }, { "reference_url": "https://packagist.org/packages/typo3/cms-form", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-form" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21357", "reference_id": "CVE-2021-21357", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21357" }, { "reference_url": "https://github.com/advisories/GHSA-3vg7-jw9m-pc3f", "reference_id": "GHSA-3vg7-jw9m-pc3f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3vg7-jw9m-pc3f" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f", "reference_id": "GHSA-3vg7-jw9m-pc3f", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58450?format=api", "purl": "pkg:composer/typo3/cms@8.7.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/80032?format=api", "purl": "pkg:composer/typo3/cms@9.5.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/80033?format=api", "purl": "pkg:composer/typo3/cms@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80034?format=api", "purl": "pkg:composer/typo3/cms@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1" } ], "aliases": [ "CVE-2021-21357", "GHSA-3vg7-jw9m-pc3f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ffs-9vj5-27hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40509?format=api", "vulnerability_id": "VCID-3ugj-6m1e-e3hr", "summary": "Cross-site Scripting\nCross-Site Scripting in Online Media Asset Rendering.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-006/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-97" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugj-6m1e-e3hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41129?format=api", "vulnerability_id": "VCID-4eym-e6vt-8fbs", "summary": "Code Injection\nArbitrary Code Execution and Cross-Site Scripting in Backend API.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-019/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-019/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58251?format=api", "purl": "pkg:composer/typo3/cms@8.7.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/58252?format=api", "purl": "pkg:composer/typo3/cms@9.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8" } ], "aliases": [ "GMS-2019-188" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4eym-e6vt-8fbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40095?format=api", "vulnerability_id": "VCID-7ch1-q9f4-a7bt", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn Bootstrap, XSS is possible in the data-target property of scrollspy.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "reference_url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1456", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.92076", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14041" }, { "reference_url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "reference_url": "https://github.com/twbs/bootstrap", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/26423", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/26423" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/26627", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/26627" }, { "reference_url": "https://github.com/twbs/bootstrap/pull/26630", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/pull/26630" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-006" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", "reference_id": "1601616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", "reference_id": "CVE-2018-14041", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml", "reference_id": "CVE-2018-14041.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml", "reference_id": "CVE-2018-14041.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml", "reference_id": "CVE-2018-14041.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml" }, { "reference_url": "https://github.com/advisories/GHSA-pj7m-g53m-7638", "reference_id": "GHSA-pj7m-g53m-7638", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pj7m-g53m-7638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5693", "reference_id": "RHSA-2023:5693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5693" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56435?format=api", "purl": "pkg:composer/typo3/cms@8.7.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/56436?format=api", "purl": "pkg:composer/typo3/cms@9.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4" } ], "aliases": [ "CVE-2018-14041", "GHSA-pj7m-g53m-7638" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ch1-q9f4-a7bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41118?format=api", "vulnerability_id": "VCID-7m6u-k5tp-gkhy", "summary": "Insecure Deserialization in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-020/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-020/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58251?format=api", "purl": "pkg:composer/typo3/cms@8.7.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/58252?format=api", "purl": "pkg:composer/typo3/cms@9.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8" } ], "aliases": [ "GMS-2019-189" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m6u-k5tp-gkhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54219?format=api", "vulnerability_id": "VCID-848u-w88s-5bbe", "summary": "Unrestricted Upload of File with Dangerous Type\nDue to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Additionally, `_UploadedFileReferenceConverter_` transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, `_UploadedFileReferenceConverter_` accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location `_/fileadmin/user_upload/_`, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.62059", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21355" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml" }, { "reference_url": "https://packagist.org/packages/typo3/cms-form", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-form" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-002" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21355", "reference_id": "CVE-2021-21355", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21355" }, { "reference_url": "https://github.com/advisories/GHSA-2r6j-862c-m2v2", "reference_id": "GHSA-2r6j-862c-m2v2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2r6j-862c-m2v2" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2", "reference_id": "GHSA-2r6j-862c-m2v2", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58450?format=api", "purl": "pkg:composer/typo3/cms@8.7.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/80032?format=api", "purl": "pkg:composer/typo3/cms@9.5.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/80033?format=api", "purl": "pkg:composer/typo3/cms@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80034?format=api", "purl": "pkg:composer/typo3/cms@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1" } ], "aliases": [ "CVE-2021-21355", "GHSA-2r6j-862c-m2v2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-848u-w88s-5bbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40505?format=api", "vulnerability_id": "VCID-953t-q1cr-zyd6", "summary": "Cross-site Scripting\nCross-Site Scripting in Backend Modal Component.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-98" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-953t-q1cr-zyd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40634?format=api", "vulnerability_id": "VCID-am6s-67bm-77dr", "summary": "Cross-site Scripting\nCross-Site Scripting in Bootstrap CSS toolkit.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-006/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56435?format=api", "purl": "pkg:composer/typo3/cms@8.7.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/56436?format=api", "purl": "pkg:composer/typo3/cms@9.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4" } ], "aliases": [ "GMS-2019-176" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am6s-67bm-77dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40629?format=api", "vulnerability_id": "VCID-bn3p-39sv-6fdg", "summary": "Improper Access Control\nBroken Access Control in Localization Handling.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56435?format=api", "purl": "pkg:composer/typo3/cms@8.7.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/55352?format=api", "purl": "pkg:composer/typo3/cms@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sw-6x9k-vued" }, { "vulnerability": "VCID-11u3-8xzy-jfhh" }, { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-28fn-ncj5-2ufk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2rmv-a83x-9ka8" }, { "vulnerability": "VCID-39vn-73mc-jqav" }, { "vulnerability": "VCID-3k2k-a3gb-n3ba" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-5k47-9k7t-rqak" }, { "vulnerability": "VCID-66kh-c1dm-8fbf" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-94r9-hh4g-jkej" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-9yu1-z7c2-t3fj" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-buj5-2t53-3kcr" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-emqq-kwjg-3kfk" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-f319-jpf5-hyex" }, { "vulnerability": "VCID-f4n7-q72x-3yea" }, { "vulnerability": "VCID-fpa2-ffg1-fyaa" }, { "vulnerability": "VCID-fqkc-utex-3kav" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-gpv4-4tpd-tbaa" }, { "vulnerability": "VCID-hknp-f88a-kqec" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hsw8-nbs6-auaa" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-je4q-svfw-hqda" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jwb1-3sbg-kfa5" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p576-w7dd-p3h7" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-q2t1-kx56-s3c3" }, { "vulnerability": "VCID-q7vt-19eb-sqeq" }, { "vulnerability": "VCID-qcnh-z4zh-myaw" }, { "vulnerability": "VCID-qdxh-arxx-wbcr" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-teby-zvvw-zkhv" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-tzpj-j3x1-ekgk" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-u6as-cwxc-pkhk" }, { "vulnerability": "VCID-un7r-8sah-33cr" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-w1wb-mq2y-dfca" }, { "vulnerability": "VCID-w7z1-aw31-vugx" }, { "vulnerability": "VCID-wat8-4m83-hken" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xvyu-2hb8-8ufh" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-yh6b-tc4u-v3bk" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgfw-pk39-gyg8" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0" } ], "aliases": [ "GMS-2019-174" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn3p-39sv-6fdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40497?format=api", "vulnerability_id": "VCID-dsqm-9q3e-dudw", "summary": "Uncontrolled Resource Consumption\nDenial of Service in Online Media Asset Handling.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-102" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dsqm-9q3e-dudw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40496?format=api", "vulnerability_id": "VCID-emqq-kwjg-3kfk", "summary": "Cross-site Scripting\nCross-Site Scripting in CKEditor.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-104" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emqq-kwjg-3kfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54233?format=api", "vulnerability_id": "VCID-ev4k-5k1d-2bhu", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nLogin Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48774", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21338" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp" }, { "reference_url": "https://packagist.org/packages/typo3/cms-core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-core" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21338", "reference_id": "CVE-2021-21338", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21338" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58450?format=api", "purl": "pkg:composer/typo3/cms@8.7.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/80032?format=api", "purl": "pkg:composer/typo3/cms@9.5.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/80033?format=api", "purl": "pkg:composer/typo3/cms@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80034?format=api", "purl": "pkg:composer/typo3/cms@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1" } ], "aliases": [ "CVE-2021-21338", "GHSA-4jhw-2p6j-5wmp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev4k-5k1d-2bhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40504?format=api", "vulnerability_id": "VCID-fdnw-2tz5-4fdr", "summary": "Uncontrolled Resource Consumption\nDenial of Service in Frontend Record Registration.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/55352?format=api", "purl": "pkg:composer/typo3/cms@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sw-6x9k-vued" }, { "vulnerability": "VCID-11u3-8xzy-jfhh" }, { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-28fn-ncj5-2ufk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2rmv-a83x-9ka8" }, { "vulnerability": "VCID-39vn-73mc-jqav" }, { "vulnerability": "VCID-3k2k-a3gb-n3ba" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-5k47-9k7t-rqak" }, { "vulnerability": "VCID-66kh-c1dm-8fbf" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-94r9-hh4g-jkej" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-9yu1-z7c2-t3fj" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-buj5-2t53-3kcr" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-emqq-kwjg-3kfk" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-f319-jpf5-hyex" }, { "vulnerability": "VCID-f4n7-q72x-3yea" }, { "vulnerability": "VCID-fpa2-ffg1-fyaa" }, { "vulnerability": "VCID-fqkc-utex-3kav" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-gpv4-4tpd-tbaa" }, { "vulnerability": "VCID-hknp-f88a-kqec" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hsw8-nbs6-auaa" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-je4q-svfw-hqda" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jwb1-3sbg-kfa5" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p576-w7dd-p3h7" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-q2t1-kx56-s3c3" }, { "vulnerability": "VCID-q7vt-19eb-sqeq" }, { "vulnerability": "VCID-qcnh-z4zh-myaw" }, { "vulnerability": "VCID-qdxh-arxx-wbcr" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-teby-zvvw-zkhv" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-tzpj-j3x1-ekgk" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-u6as-cwxc-pkhk" }, { "vulnerability": "VCID-un7r-8sah-33cr" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-w1wb-mq2y-dfca" }, { "vulnerability": "VCID-w7z1-aw31-vugx" }, { "vulnerability": "VCID-wat8-4m83-hken" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xvyu-2hb8-8ufh" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-yh6b-tc4u-v3bk" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgfw-pk39-gyg8" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0" } ], "aliases": [ "GMS-2018-103" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdnw-2tz5-4fdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54220?format=api", "vulnerability_id": "VCID-fqkx-v8t5-q3h6", "summary": "Cleartext Storage of Sensitive Information\nUser session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32224", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21339" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch" }, { "reference_url": "https://packagist.org/packages/typo3/cms-core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-core" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21339", "reference_id": "CVE-2021-21339", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21339" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58450?format=api", "purl": "pkg:composer/typo3/cms@8.7.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/80032?format=api", "purl": "pkg:composer/typo3/cms@9.5.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/80033?format=api", "purl": "pkg:composer/typo3/cms@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80034?format=api", "purl": "pkg:composer/typo3/cms@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1" } ], "aliases": [ "CVE-2021-21339", "GHSA-qx3w-4864-94ch" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkx-v8t5-q3h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41127?format=api", "vulnerability_id": "VCID-fut7-bb1f-37g7", "summary": "Cross-site Scripting\nCross-Site Scripting in Link Handling.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58251?format=api", "purl": "pkg:composer/typo3/cms@8.7.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/58252?format=api", "purl": "pkg:composer/typo3/cms@9.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8" } ], "aliases": [ "GMS-2019-186" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fut7-bb1f-37g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40507?format=api", "vulnerability_id": "VCID-hp99-ncuh-6ugv", "summary": "Cross-site Scripting\nCross-Site Scripting in Frontend User Login.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-99" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hp99-ncuh-6ugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54221?format=api", "vulnerability_id": "VCID-jp1p-rfxa-hyd9", "summary": "Cross-site Scripting\nContent elements of type `_menu_` are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.57112", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21370" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml" }, { "reference_url": "https://packagist.org/packages/typo3/cms-backend", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-backend" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-008" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21370", "reference_id": "CVE-2021-21370", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21370" }, { "reference_url": "https://github.com/advisories/GHSA-x7hc-x7fm-f7qh", "reference_id": "GHSA-x7hc-x7fm-f7qh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x7hc-x7fm-f7qh" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh", "reference_id": "GHSA-x7hc-x7fm-f7qh", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58450?format=api", "purl": "pkg:composer/typo3/cms@8.7.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/80032?format=api", "purl": "pkg:composer/typo3/cms@9.5.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/80033?format=api", "purl": "pkg:composer/typo3/cms@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80034?format=api", "purl": "pkg:composer/typo3/cms@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1" } ], "aliases": [ "CVE-2021-21370", "GHSA-x7hc-x7fm-f7qh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jp1p-rfxa-hyd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40511?format=api", "vulnerability_id": "VCID-jq5y-7h9g-mufa", "summary": "Information Disclosure in Install Tool.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-010/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-010/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-101" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jq5y-7h9g-mufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40968?format=api", "vulnerability_id": "VCID-k5t3-28es-h3ez", "summary": "Improper Input Validation\nTYPO3 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by `ImageMagick` or `GraphicsMagick`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.76028", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11832" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml" }, { "reference_url": "https://github.com/github/advisory-database/pull/3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/3530" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11832", "reference_id": "CVE-2019-11832", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11832" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57973?format=api", "purl": "pkg:composer/typo3/cms@8.7.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-cbmm-1b2k-8qaz" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/57974?format=api", "purl": "pkg:composer/typo3/cms@9.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cbmm-1b2k-8qaz" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6" } ], "aliases": [ "CVE-2019-11832", "GHSA-3w4h-r27h-4r2w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5t3-28es-h3ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40617?format=api", "vulnerability_id": "VCID-khpm-e1xb-hydb", "summary": "Information Disclosure of Installed Extensions.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56435?format=api", "purl": "pkg:composer/typo3/cms@8.7.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/56436?format=api", "purl": "pkg:composer/typo3/cms@9.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4" } ], "aliases": [ "GMS-2019-172" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khpm-e1xb-hydb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41128?format=api", "vulnerability_id": "VCID-nney-azbc-pucg", "summary": "Information Disclosure in Backend User Interface.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-014/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58251?format=api", "purl": "pkg:composer/typo3/cms@8.7.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/58252?format=api", "purl": "pkg:composer/typo3/cms@9.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8" } ], "aliases": [ "GMS-2019-185" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nney-azbc-pucg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52113?format=api", "vulnerability_id": "VCID-p7gd-anw2-1qbz", "summary": "Deserialization of Untrusted Data\nIt has been discovered that the classes `QueryGenerator` and `QueryView` are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension `ext:lowlevel` (Backend Module `DB Check`) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension `ext:sys_action` installed, with a valid backend user who has limited privileges.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00746", "scoring_system": "epss", "scoring_elements": "0.7342", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19849" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml" }, { "reference_url": "https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19849", "reference_id": "CVE-2019-19849", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19849" }, { "reference_url": "https://github.com/advisories/GHSA-rcgc-4xfc-564v", "reference_id": "GHSA-rcgc-4xfc-564v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rcgc-4xfc-564v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76375?format=api", "purl": "pkg:composer/typo3/cms@8.7.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/76376?format=api", "purl": "pkg:composer/typo3/cms@9.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bcbd-zzet-mff6" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/81802?format=api", "purl": "pkg:composer/typo3/cms@10.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-2tz2-8qdm-2kcv" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bcbd-zzet-mff6" }, { "vulnerability": "VCID-c46m-ht19-ybc4" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-r3az-g422-gqf9" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76377?format=api", "purl": "pkg:composer/typo3/cms@10.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-2tz2-8qdm-2kcv" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bcbd-zzet-mff6" }, { "vulnerability": "VCID-c46m-ht19-ybc4" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-r3az-g422-gqf9" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2" } ], "aliases": [ "CVE-2019-19849", "GHSA-rcgc-4xfc-564v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7gd-anw2-1qbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40639?format=api", "vulnerability_id": "VCID-pmvp-twk2-jqe4", "summary": "Security Misconfiguration for Backend User Accounts.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-002/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56435?format=api", "purl": "pkg:composer/typo3/cms@8.7.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/56436?format=api", "purl": "pkg:composer/typo3/cms@9.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4" } ], "aliases": [ "GMS-2019-173" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmvp-twk2-jqe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41160?format=api", "vulnerability_id": "VCID-qv14-m93d-jyd9", "summary": "Cross-site Scripting\nTYPO3 allows XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53716", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12748" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-12748.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-12748.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-12748.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-12748.yaml" }, { "reference_url": "https://github.com/TYPO3-CMS/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/core" }, { "reference_url": "https://typo3.org/cms/release-news/typo3-8-release-notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/cms/release-news/typo3-8-release-notes" }, { "reference_url": "https://typo3.org/cms/release-news/typo3-8-release-notes/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/cms/release-news/typo3-8-release-notes/" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-015/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12748", "reference_id": "CVE-2019-12748", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12748" }, { "reference_url": "https://github.com/advisories/GHSA-r6fv-56gp-j3r4", "reference_id": "GHSA-r6fv-56gp-j3r4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r6fv-56gp-j3r4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58251?format=api", "purl": "pkg:composer/typo3/cms@8.7.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/58252?format=api", "purl": "pkg:composer/typo3/cms@9.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8" } ], "aliases": [ "CVE-2019-12748", "GHSA-r6fv-56gp-j3r4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qv14-m93d-jyd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40440?format=api", "vulnerability_id": "VCID-qxab-9uwr-yqhv", "summary": "Cross-site Scripting\nCKEditor allows user-assisted XSS involving a source-mode paste.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.84092", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17960" }, { "reference_url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released" }, { "reference_url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/" }, { "reference_url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005" }, { "reference_url": "https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217", "reference_id": "1015217", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17960", "reference_id": "CVE-2018-17960", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17960" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml", "reference_id": "CVE-2018-17960.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml", "reference_id": "CVE-2018-17960.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-g68x-vvqq-pvw3", "reference_id": "GHSA-g68x-vvqq-pvw3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g68x-vvqq-pvw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "CVE-2018-17960", "GHSA-g68x-vvqq-pvw3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52099?format=api", "vulnerability_id": "VCID-rqrw-t2kj-mud8", "summary": "SQL Injection\nBecause escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension `ext:lowlevel` installed, and a valid backend user who has administrator privileges.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52069", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19850" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19850", "reference_id": "CVE-2019-19850", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19850" }, { "reference_url": "https://github.com/advisories/GHSA-59pj-7mjh-4465", "reference_id": "GHSA-59pj-7mjh-4465", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-59pj-7mjh-4465" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76375?format=api", "purl": "pkg:composer/typo3/cms@8.7.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/76376?format=api", "purl": "pkg:composer/typo3/cms@9.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bcbd-zzet-mff6" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/76377?format=api", "purl": "pkg:composer/typo3/cms@10.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-2tz2-8qdm-2kcv" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bcbd-zzet-mff6" }, { "vulnerability": "VCID-c46m-ht19-ybc4" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-r3az-g422-gqf9" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2" } ], "aliases": [ "CVE-2019-19850", "GHSA-59pj-7mjh-4465" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqrw-t2kj-mud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40966?format=api", "vulnerability_id": "VCID-ru6w-m6q6-27gn", "summary": "Cross-site Scripting\nCross-Site Scripting in Fluid Engine.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-013/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57973?format=api", "purl": "pkg:composer/typo3/cms@8.7.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-cbmm-1b2k-8qaz" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/57974?format=api", "purl": "pkg:composer/typo3/cms@9.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cbmm-1b2k-8qaz" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6" } ], "aliases": [ "GMS-2019-180" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ru6w-m6q6-27gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40959?format=api", "vulnerability_id": "VCID-sdsa-mh76-kqch", "summary": "Security Misconfiguration in User Session Handling.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57973?format=api", "purl": "pkg:composer/typo3/cms@8.7.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-cbmm-1b2k-8qaz" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/57974?format=api", "purl": "pkg:composer/typo3/cms@9.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cbmm-1b2k-8qaz" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6" } ], "aliases": [ "GMS-2019-181" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sdsa-mh76-kqch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53815?format=api", "vulnerability_id": "VCID-tgyt-axv1-c7ag", "summary": "Cross-site Scripting\nTYPO3 is an open source PHP based web content management system. In TYPO3 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 that fix the problem described.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.5838", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26227" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf" }, { "reference_url": "https://packagist.org/packages/typo3/cms-core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-core" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2020-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26227", "reference_id": "CVE-2020-26227", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26227" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/140218?format=api", "purl": "pkg:composer/typo3/cms@8.7.38", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.38" }, { "url": "http://public2.vulnerablecode.io/api/packages/79196?format=api", "purl": "pkg:composer/typo3/cms@9.5.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/79197?format=api", "purl": "pkg:composer/typo3/cms@10.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-c46m-ht19-ybc4" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.10" } ], "aliases": [ "CVE-2020-26227", "GHSA-vqqx-jw6p-q3rf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyt-axv1-c7ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40636?format=api", "vulnerability_id": "VCID-u259-2sxq-tbct", "summary": "Cross-site Scripting\nCross-Site Scripting in Fluid `ViewHelpers`.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56435?format=api", "purl": "pkg:composer/typo3/cms@8.7.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/56436?format=api", "purl": "pkg:composer/typo3/cms@9.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4" } ], "aliases": [ "GMS-2019-175" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u259-2sxq-tbct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40620?format=api", "vulnerability_id": "VCID-vw2r-g8yy-eyf4", "summary": "Code Injection\nArbitrary Code Execution via File List Module.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56435?format=api", "purl": "pkg:composer/typo3/cms@8.7.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/56436?format=api", "purl": "pkg:composer/typo3/cms@9.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4" } ], "aliases": [ "GMS-2019-178" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vw2r-g8yy-eyf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40958?format=api", "vulnerability_id": "VCID-x5x1-w7yv-eye9", "summary": "Code Injection\nPossible Arbitrary Code Execution in Image Processing.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57973?format=api", "purl": "pkg:composer/typo3/cms@8.7.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-cbmm-1b2k-8qaz" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/57974?format=api", "purl": "pkg:composer/typo3/cms@9.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cbmm-1b2k-8qaz" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6" } ], "aliases": [ "GMS-2019-182" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5x1-w7yv-eye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52106?format=api", "vulnerability_id": "VCID-xw1s-93bu-wuh9", "summary": "Path Traversal\nIt has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59393", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19848" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml" }, { "reference_url": "https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19848", "reference_id": "CVE-2019-19848", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19848" }, { "reference_url": "https://github.com/advisories/GHSA-77p4-wfr8-977w", "reference_id": "GHSA-77p4-wfr8-977w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-77p4-wfr8-977w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76375?format=api", "purl": "pkg:composer/typo3/cms@8.7.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/76376?format=api", "purl": "pkg:composer/typo3/cms@9.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bcbd-zzet-mff6" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/76377?format=api", "purl": "pkg:composer/typo3/cms@10.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-2tz2-8qdm-2kcv" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bcbd-zzet-mff6" }, { "vulnerability": "VCID-c46m-ht19-ybc4" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-r3az-g422-gqf9" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2" } ], "aliases": [ "CVE-2019-19848", "GHSA-77p4-wfr8-977w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw1s-93bu-wuh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41124?format=api", "vulnerability_id": "VCID-y7ds-p5r2-yuhq", "summary": "Security Misconfiguration in Frontend Session Handling.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-018/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-018/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58251?format=api", "purl": "pkg:composer/typo3/cms@8.7.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/58252?format=api", "purl": "pkg:composer/typo3/cms@9.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8" } ], "aliases": [ "GMS-2019-187" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7ds-p5r2-yuhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40503?format=api", "vulnerability_id": "VCID-yz6t-ge1y-qfgr", "summary": "Security Misconfiguration in Install Tool Cookie.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-009/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4jck-w9ct-budk" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-100" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yz6t-ge1y-qfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40627?format=api", "vulnerability_id": "VCID-zmwv-gwq3-fkej", "summary": "Cross-site Scripting\nCross-Site Scripting in Form Framework.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56435?format=api", "purl": "pkg:composer/typo3/cms@8.7.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/56436?format=api", "purl": "pkg:composer/typo3/cms@9.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-3ye6-vqje-abh4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-7xv1-78u7-xufp" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9adx-p876-kyb5" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-cvk2-93hm-gkhx" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qv14-m93d-jyd9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4" } ], "aliases": [ "GMS-2019-177" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zmwv-gwq3-fkej" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.18" }