Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms@7.6.13
Typecomposer
Namespacetypo3
Namecms
Version7.6.13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.4.35
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-28bf-jvah-zkhw
vulnerability_id VCID-28bf-jvah-zkhw
summary 
Improper Authentication
Authentication Bypass in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-6b5q-vzs3-pkcc
3
vulnerability VCID-bajy-qbwq-fufn
4
vulnerability VCID-bnne-7p2q-eqd2
5
vulnerability VCID-dbrh-t8zx-nkd9
6
vulnerability VCID-dm97-51uu-r7gw
7
vulnerability VCID-dsu7-jjjq-f3e1
8
vulnerability VCID-ehzg-bzrd-kbcc
9
vulnerability VCID-f963-qur3-2qb7
10
vulnerability VCID-gcnj-6qb6-pbgz
11
vulnerability VCID-mnz3-rj21-67ad
12
vulnerability VCID-n15v-ta9h-6ffb
13
vulnerability VCID-n78p-x7hh-gqcf
14
vulnerability VCID-pk8d-8u15-5bfq
15
vulnerability VCID-rdrs-mhaw-b3ge
16
vulnerability VCID-t3jn-vwbx-u7cr
17
vulnerability VCID-tw1y-t4qj-j3d1
18
vulnerability VCID-vndb-w8e1-4ugv
19
vulnerability VCID-wr5t-xqnn-gkcj
20
vulnerability VCID-wxps-mnue-6bbh
21
vulnerability VCID-xa4m-xpa9-v7h8
22
vulnerability VCID-xqew-bx7v-1qfk
23
vulnerability VCID-y32z-2d3f-gkgw
24
vulnerability VCID-zdq2-dhb2-6kaq
25
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3gg5-1921-rbfs
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-551q-gpyd-ffe8
9
vulnerability VCID-5jgb-dsyx-hyb4
10
vulnerability VCID-5paq-5frf-43ed
11
vulnerability VCID-5qfv-y43v-akdm
12
vulnerability VCID-6487-15z5-pkd4
13
vulnerability VCID-6b5q-vzs3-pkcc
14
vulnerability VCID-9g62-zd1x-3bdg
15
vulnerability VCID-9gpp-ez8w-rqav
16
vulnerability VCID-axaf-45kr-kbfe
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-bnne-7p2q-eqd2
19
vulnerability VCID-c2tm-eqmm-1ugt
20
vulnerability VCID-cm14-t8uv-k3es
21
vulnerability VCID-cmka-8484-27bu
22
vulnerability VCID-dbrh-t8zx-nkd9
23
vulnerability VCID-dj88-f3p8-cfbn
24
vulnerability VCID-dm97-51uu-r7gw
25
vulnerability VCID-dsu7-jjjq-f3e1
26
vulnerability VCID-e72u-tpc3-23g3
27
vulnerability VCID-eajg-ctpd-2bby
28
vulnerability VCID-ehzg-bzrd-kbcc
29
vulnerability VCID-ekfd-wp8z-d7e1
30
vulnerability VCID-f963-qur3-2qb7
31
vulnerability VCID-gcnj-6qb6-pbgz
32
vulnerability VCID-he5m-6wj4-rbhc
33
vulnerability VCID-j77k-hjgx-5kc5
34
vulnerability VCID-jppe-cbgm-k3cz
35
vulnerability VCID-k4h1-mvnf-1ybx
36
vulnerability VCID-k8af-cg9k-87a9
37
vulnerability VCID-m7w6-b2xu-6uee
38
vulnerability VCID-mnz3-rj21-67ad
39
vulnerability VCID-n15v-ta9h-6ffb
40
vulnerability VCID-n78p-x7hh-gqcf
41
vulnerability VCID-pk8d-8u15-5bfq
42
vulnerability VCID-px44-19tj-h7aa
43
vulnerability VCID-q8hy-wjd9-nbgp
44
vulnerability VCID-qb4j-9tz7-m7a2
45
vulnerability VCID-rdrs-mhaw-b3ge
46
vulnerability VCID-s64f-x81f-b7ce
47
vulnerability VCID-shqd-udhm-pff8
48
vulnerability VCID-stzu-sxe6-5yf5
49
vulnerability VCID-t1n7-eswt-73gw
50
vulnerability VCID-t3jn-vwbx-u7cr
51
vulnerability VCID-tqf5-2fsm-8fch
52
vulnerability VCID-tw1y-t4qj-j3d1
53
vulnerability VCID-vndb-w8e1-4ugv
54
vulnerability VCID-vxj6-wvyz-zbaq
55
vulnerability VCID-vxry-uvph-kbfd
56
vulnerability VCID-vybh-pxr3-17hn
57
vulnerability VCID-vyvy-y3cw-hbgr
58
vulnerability VCID-wea9-egep-h7g5
59
vulnerability VCID-wr5t-xqnn-gkcj
60
vulnerability VCID-wxps-mnue-6bbh
61
vulnerability VCID-xa4m-xpa9-v7h8
62
vulnerability VCID-xh7y-56vy-5ud8
63
vulnerability VCID-xqew-bx7v-1qfk
64
vulnerability VCID-y32z-2d3f-gkgw
65
vulnerability VCID-zdq2-dhb2-6kaq
66
vulnerability VCID-zkea-ge1t-z7gn
67
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3gg5-1921-rbfs
5
vulnerability VCID-3n2r-awja-dug9
6
vulnerability VCID-3v4n-fzxa-bfaw
7
vulnerability VCID-4ack-haf2-cfbe
8
vulnerability VCID-4btk-jt5n-2ugf
9
vulnerability VCID-4mkw-tv16-jyca
10
vulnerability VCID-543x-cnbz-1kb9
11
vulnerability VCID-551q-gpyd-ffe8
12
vulnerability VCID-58js-jzm4-4fc7
13
vulnerability VCID-5jgb-dsyx-hyb4
14
vulnerability VCID-5kzs-ex81-bbaj
15
vulnerability VCID-5paq-5frf-43ed
16
vulnerability VCID-6487-15z5-pkd4
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-6b5q-vzs3-pkcc
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-a49c-fqrj-nbb3
22
vulnerability VCID-anfj-pmkg-skhe
23
vulnerability VCID-axaf-45kr-kbfe
24
vulnerability VCID-bajy-qbwq-fufn
25
vulnerability VCID-bnne-7p2q-eqd2
26
vulnerability VCID-c2tm-eqmm-1ugt
27
vulnerability VCID-cm14-t8uv-k3es
28
vulnerability VCID-cmka-8484-27bu
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-dbrh-t8zx-nkd9
31
vulnerability VCID-dcy2-efyc-6qgq
32
vulnerability VCID-dj88-f3p8-cfbn
33
vulnerability VCID-dm97-51uu-r7gw
34
vulnerability VCID-dsu7-jjjq-f3e1
35
vulnerability VCID-e72u-tpc3-23g3
36
vulnerability VCID-eajg-ctpd-2bby
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-he5m-6wj4-rbhc
41
vulnerability VCID-jppe-cbgm-k3cz
42
vulnerability VCID-k4h1-mvnf-1ybx
43
vulnerability VCID-k8af-cg9k-87a9
44
vulnerability VCID-kc67-7kf7-s3d7
45
vulnerability VCID-kj9x-psfz-2ug1
46
vulnerability VCID-m7w6-b2xu-6uee
47
vulnerability VCID-mnz3-rj21-67ad
48
vulnerability VCID-n15v-ta9h-6ffb
49
vulnerability VCID-n78p-x7hh-gqcf
50
vulnerability VCID-p715-yexd-jfgc
51
vulnerability VCID-phgh-sd4m-zbdx
52
vulnerability VCID-pk8d-8u15-5bfq
53
vulnerability VCID-px44-19tj-h7aa
54
vulnerability VCID-q8hy-wjd9-nbgp
55
vulnerability VCID-qb4j-9tz7-m7a2
56
vulnerability VCID-raxk-rm9v-hubn
57
vulnerability VCID-rdrs-mhaw-b3ge
58
vulnerability VCID-s64f-x81f-b7ce
59
vulnerability VCID-shqd-udhm-pff8
60
vulnerability VCID-stzu-sxe6-5yf5
61
vulnerability VCID-sw7v-fbjk-13hy
62
vulnerability VCID-t1n7-eswt-73gw
63
vulnerability VCID-t3jn-vwbx-u7cr
64
vulnerability VCID-tqf5-2fsm-8fch
65
vulnerability VCID-tw1y-t4qj-j3d1
66
vulnerability VCID-u9bx-8e86-wbew
67
vulnerability VCID-ve7g-8st5-wffb
68
vulnerability VCID-vndb-w8e1-4ugv
69
vulnerability VCID-vxj6-wvyz-zbaq
70
vulnerability VCID-vxry-uvph-kbfd
71
vulnerability VCID-vybh-pxr3-17hn
72
vulnerability VCID-vyvy-y3cw-hbgr
73
vulnerability VCID-wea9-egep-h7g5
74
vulnerability VCID-wr5t-xqnn-gkcj
75
vulnerability VCID-wxps-mnue-6bbh
76
vulnerability VCID-xa4m-xpa9-v7h8
77
vulnerability VCID-xh7y-56vy-5ud8
78
vulnerability VCID-xtdg-uj46-rkcm
79
vulnerability VCID-xwc2-z7hx-4qa7
80
vulnerability VCID-y32z-2d3f-gkgw
81
vulnerability VCID-zdq2-dhb2-6kaq
82
vulnerability VCID-zkea-ge1t-z7gn
83
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases 2018-07-12-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28bf-jvah-zkhw
1
url VCID-2fs8-bscc-3ye2
vulnerability_id VCID-2fs8-bscc-3ye2
summary 
Cross-site Scripting
XSS in TYPO3 CMS.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.16
purl pkg:composer/typo3/cms@7.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-fy3g-uegw-2bew
13
vulnerability VCID-gcnj-6qb6-pbgz
14
vulnerability VCID-h63t-9enx-qfdn
15
vulnerability VCID-hpgq-deze-p7dp
16
vulnerability VCID-jqth-wfgx-87cx
17
vulnerability VCID-mnz3-rj21-67ad
18
vulnerability VCID-mqbh-k9n3-nbed
19
vulnerability VCID-mub5-s7h1-57cy
20
vulnerability VCID-n15v-ta9h-6ffb
21
vulnerability VCID-n78p-x7hh-gqcf
22
vulnerability VCID-nt6a-5zkv-pbcm
23
vulnerability VCID-nwxj-3ajk-rkh5
24
vulnerability VCID-pk8d-8u15-5bfq
25
vulnerability VCID-pnfa-cksc-43de
26
vulnerability VCID-rdrs-mhaw-b3ge
27
vulnerability VCID-rzw5-8d1u-sfam
28
vulnerability VCID-sr3p-pdxy-4yhu
29
vulnerability VCID-t3jn-vwbx-u7cr
30
vulnerability VCID-tmrt-6fxw-5ugh
31
vulnerability VCID-tw1y-t4qj-j3d1
32
vulnerability VCID-vndb-w8e1-4ugv
33
vulnerability VCID-wge3-kxdq-f3bz
34
vulnerability VCID-wr5t-xqnn-gkcj
35
vulnerability VCID-wxps-mnue-6bbh
36
vulnerability VCID-xa4m-xpa9-v7h8
37
vulnerability VCID-xqew-bx7v-1qfk
38
vulnerability VCID-y32z-2d3f-gkgw
39
vulnerability VCID-zdq2-dhb2-6kaq
40
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16
1
url pkg:composer/typo3/cms@8.6.1
purl pkg:composer/typo3/cms@8.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-9jj4-ec9n-qbhs
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-bnne-7p2q-eqd2
23
vulnerability VCID-bxjw-7426-gyb8
24
vulnerability VCID-byp6-edft-fbhm
25
vulnerability VCID-c2tm-eqmm-1ugt
26
vulnerability VCID-cm14-t8uv-k3es
27
vulnerability VCID-cmka-8484-27bu
28
vulnerability VCID-dbrh-t8zx-nkd9
29
vulnerability VCID-dj88-f3p8-cfbn
30
vulnerability VCID-dm97-51uu-r7gw
31
vulnerability VCID-dquc-7amf-e7cs
32
vulnerability VCID-dsu7-jjjq-f3e1
33
vulnerability VCID-e72u-tpc3-23g3
34
vulnerability VCID-e7sv-4xc2-m3d5
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ehzg-bzrd-kbcc
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-fy3g-uegw-2bew
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-h63t-9enx-qfdn
41
vulnerability VCID-he5m-6wj4-rbhc
42
vulnerability VCID-hpgq-deze-p7dp
43
vulnerability VCID-j77k-hjgx-5kc5
44
vulnerability VCID-jppe-cbgm-k3cz
45
vulnerability VCID-jqth-wfgx-87cx
46
vulnerability VCID-k4h1-mvnf-1ybx
47
vulnerability VCID-k8af-cg9k-87a9
48
vulnerability VCID-m7w6-b2xu-6uee
49
vulnerability VCID-mnz3-rj21-67ad
50
vulnerability VCID-mqbh-k9n3-nbed
51
vulnerability VCID-mub5-s7h1-57cy
52
vulnerability VCID-n15v-ta9h-6ffb
53
vulnerability VCID-n78p-x7hh-gqcf
54
vulnerability VCID-nt6a-5zkv-pbcm
55
vulnerability VCID-nwxj-3ajk-rkh5
56
vulnerability VCID-pk8d-8u15-5bfq
57
vulnerability VCID-pnfa-cksc-43de
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-qb4j-9tz7-m7a2
61
vulnerability VCID-rdrs-mhaw-b3ge
62
vulnerability VCID-rzw5-8d1u-sfam
63
vulnerability VCID-s64f-x81f-b7ce
64
vulnerability VCID-shqd-udhm-pff8
65
vulnerability VCID-sr3p-pdxy-4yhu
66
vulnerability VCID-stzu-sxe6-5yf5
67
vulnerability VCID-t1n7-eswt-73gw
68
vulnerability VCID-t3jn-vwbx-u7cr
69
vulnerability VCID-tmrt-6fxw-5ugh
70
vulnerability VCID-tqf5-2fsm-8fch
71
vulnerability VCID-tw1y-t4qj-j3d1
72
vulnerability VCID-vndb-w8e1-4ugv
73
vulnerability VCID-vxj6-wvyz-zbaq
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vybh-pxr3-17hn
76
vulnerability VCID-wea9-egep-h7g5
77
vulnerability VCID-wge3-kxdq-f3bz
78
vulnerability VCID-wkm6-cgc8-bfa8
79
vulnerability VCID-wr5t-xqnn-gkcj
80
vulnerability VCID-wxps-mnue-6bbh
81
vulnerability VCID-xa4m-xpa9-v7h8
82
vulnerability VCID-xh7y-56vy-5ud8
83
vulnerability VCID-xqew-bx7v-1qfk
84
vulnerability VCID-y32z-2d3f-gkgw
85
vulnerability VCID-zdq2-dhb2-6kaq
86
vulnerability VCID-zkea-ge1t-z7gn
87
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1
aliases 2017-02-28-2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fs8-bscc-3ye2
2
url VCID-5jgb-dsyx-hyb4
vulnerability_id VCID-5jgb-dsyx-hyb4
summary 
Open Redirection in Login Handling
### Problem
It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.

### Solution
Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.

### Credits
Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue.

### References
* [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48593
published_at 2026-04-08T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48598
published_at 2026-04-21T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.4861
published_at 2026-04-11T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48529
published_at 2026-04-01T12:55:00Z
4
value 0.00253
scoring_system epss
scoring_elements 0.48589
published_at 2026-04-09T12:55:00Z
5
value 0.00253
scoring_system epss
scoring_elements 0.48564
published_at 2026-04-02T12:55:00Z
6
value 0.00253
scoring_system epss
scoring_elements 0.48587
published_at 2026-04-04T12:55:00Z
7
value 0.00253
scoring_system epss
scoring_elements 0.48539
published_at 2026-04-07T12:55:00Z
8
value 0.00253
scoring_system epss
scoring_elements 0.48641
published_at 2026-04-18T12:55:00Z
9
value 0.00253
scoring_system epss
scoring_elements 0.48646
published_at 2026-04-16T12:55:00Z
10
value 0.00253
scoring_system epss
scoring_elements 0.48596
published_at 2026-04-13T12:55:00Z
11
value 0.00253
scoring_system epss
scoring_elements 0.48584
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
5
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-001
7
reference_url https://github.com/advisories/GHSA-4jhw-2p6j-5wmp
reference_id GHSA-4jhw-2p6j-5wmp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4jhw-2p6j-5wmp
fixed_packages
0
url pkg:composer/typo3/cms@7.6.51
purl pkg:composer/typo3/cms@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n15v-ta9h-6ffb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51
1
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ekfd-wp8z-d7e1
1
vulnerability VCID-n15v-ta9h-6ffb
2
vulnerability VCID-s64f-x81f-b7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
2
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-6a9t-8dmn-s3bv
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-ekfd-wp8z-d7e1
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-n15v-ta9h-6ffb
6
vulnerability VCID-s64f-x81f-b7ce
7
vulnerability VCID-t1n7-eswt-73gw
8
vulnerability VCID-ve7g-8st5-wffb
9
vulnerability VCID-vyvy-y3cw-hbgr
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
3
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6a9t-8dmn-s3bv
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-av8u-rvzq-4fc7
6
vulnerability VCID-bajy-qbwq-fufn
7
vulnerability VCID-e32h-8q61-hbgc
8
vulnerability VCID-ekfd-wp8z-d7e1
9
vulnerability VCID-mnz3-rj21-67ad
10
vulnerability VCID-n15v-ta9h-6ffb
11
vulnerability VCID-remd-55jh-r3g5
12
vulnerability VCID-s55j-8hbt-akhn
13
vulnerability VCID-s64f-x81f-b7ce
14
vulnerability VCID-t1n7-eswt-73gw
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vwb2-a84s-5qak
17
vulnerability VCID-vyvy-y3cw-hbgr
18
vulnerability VCID-w13x-3rp9-wyej
19
vulnerability VCID-y32z-2d3f-gkgw
20
vulnerability VCID-yj9g-uz1a-jkf2
21
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
4
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6a9t-8dmn-s3bv
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-av8u-rvzq-4fc7
6
vulnerability VCID-bajy-qbwq-fufn
7
vulnerability VCID-e32h-8q61-hbgc
8
vulnerability VCID-ekfd-wp8z-d7e1
9
vulnerability VCID-mnz3-rj21-67ad
10
vulnerability VCID-n15v-ta9h-6ffb
11
vulnerability VCID-remd-55jh-r3g5
12
vulnerability VCID-s55j-8hbt-akhn
13
vulnerability VCID-s64f-x81f-b7ce
14
vulnerability VCID-t1n7-eswt-73gw
15
vulnerability VCID-uyeu-a3xr-fkh4
16
vulnerability VCID-ve7g-8st5-wffb
17
vulnerability VCID-vwb2-a84s-5qak
18
vulnerability VCID-vyvy-y3cw-hbgr
19
vulnerability VCID-w13x-3rp9-wyej
20
vulnerability VCID-y32z-2d3f-gkgw
21
vulnerability VCID-yj9g-uz1a-jkf2
22
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21338, GHSA-4jhw-2p6j-5wmp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jgb-dsyx-hyb4
3
url VCID-5paq-5frf-43ed
vulnerability_id VCID-5paq-5frf-43ed
summary 
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)

### Problem
It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.71682
published_at 2026-04-02T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.7173
published_at 2026-04-12T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.71747
published_at 2026-04-11T12:55:00Z
3
value 0.00687
scoring_system epss
scoring_elements 0.71723
published_at 2026-04-09T12:55:00Z
4
value 0.00687
scoring_system epss
scoring_elements 0.71712
published_at 2026-04-08T12:55:00Z
5
value 0.00687
scoring_system epss
scoring_elements 0.71673
published_at 2026-04-07T12:55:00Z
6
value 0.00687
scoring_system epss
scoring_elements 0.717
published_at 2026-04-04T12:55:00Z
7
value 0.00687
scoring_system epss
scoring_elements 0.71744
published_at 2026-04-21T12:55:00Z
8
value 0.00687
scoring_system epss
scoring_elements 0.71762
published_at 2026-04-18T12:55:00Z
9
value 0.00687
scoring_system epss
scoring_elements 0.71756
published_at 2026-04-16T12:55:00Z
10
value 0.00687
scoring_system epss
scoring_elements 0.71713
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
5
reference_url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-009
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-009
9
reference_url https://github.com/advisories/GHSA-9c6w-55cp-5w25
reference_id GHSA-9c6w-55cp-5w25
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c6w-55cp-5w25
fixed_packages
0
url pkg:composer/typo3/cms@10.4.32
purl pkg:composer/typo3/cms@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sdd-b1bn-cuhx
1
vulnerability VCID-t1n7-eswt-73gw
2
vulnerability VCID-ve7g-8st5-wffb
3
vulnerability VCID-vyvy-y3cw-hbgr
4
vulnerability VCID-w13x-3rp9-wyej
5
vulnerability VCID-yj9g-uz1a-jkf2
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.32
1
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sdd-b1bn-cuhx
1
vulnerability VCID-t1n7-eswt-73gw
2
vulnerability VCID-ve7g-8st5-wffb
3
vulnerability VCID-vyvy-y3cw-hbgr
4
vulnerability VCID-w13x-3rp9-wyej
5
vulnerability VCID-yj9g-uz1a-jkf2
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36107, GHSA-9c6w-55cp-5w25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5paq-5frf-43ed
4
url VCID-6b5q-vzs3-pkcc
vulnerability_id VCID-6b5q-vzs3-pkcc
summary 
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a
3
reference_url https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1
4
reference_url https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-009
6
reference_url https://github.com/advisories/GHSA-f777-f784-36gm
reference_id GHSA-f777-f784-36gm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f777-f784-36gm
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-f777-f784-36gm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6b5q-vzs3-pkcc
5
url VCID-bajy-qbwq-fufn
vulnerability_id VCID-bajy-qbwq-fufn
summary 
Insertion of Sensitive Information into Log File in typo3/cms-core
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace.

### Solution
Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

### Credits
Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
reference_id
reference_type
scores
0
value 0.00391
scoring_system epss
scoring_elements 0.60107
published_at 2026-04-02T12:55:00Z
1
value 0.00391
scoring_system epss
scoring_elements 0.60201
published_at 2026-04-18T12:55:00Z
2
value 0.00391
scoring_system epss
scoring_elements 0.60194
published_at 2026-04-16T12:55:00Z
3
value 0.00391
scoring_system epss
scoring_elements 0.60155
published_at 2026-04-13T12:55:00Z
4
value 0.00391
scoring_system epss
scoring_elements 0.60173
published_at 2026-04-12T12:55:00Z
5
value 0.00391
scoring_system epss
scoring_elements 0.60187
published_at 2026-04-21T12:55:00Z
6
value 0.00391
scoring_system epss
scoring_elements 0.60165
published_at 2026-04-09T12:55:00Z
7
value 0.00391
scoring_system epss
scoring_elements 0.60151
published_at 2026-04-08T12:55:00Z
8
value 0.00391
scoring_system epss
scoring_elements 0.60101
published_at 2026-04-07T12:55:00Z
9
value 0.00391
scoring_system epss
scoring_elements 0.60132
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
2
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
3
reference_url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-002
7
reference_url https://github.com/advisories/GHSA-fh99-4pgr-8j99
reference_id GHSA-fh99-4pgr-8j99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh99-4pgr-8j99
fixed_packages
0
url pkg:composer/typo3/cms@10.4.29
purl pkg:composer/typo3/cms@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-8sdd-b1bn-cuhx
3
vulnerability VCID-av8u-rvzq-4fc7
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-t1n7-eswt-73gw
6
vulnerability VCID-ve7g-8st5-wffb
7
vulnerability VCID-vwb2-a84s-5qak
8
vulnerability VCID-vyvy-y3cw-hbgr
9
vulnerability VCID-w13x-3rp9-wyej
10
vulnerability VCID-yj9g-uz1a-jkf2
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.29
1
url pkg:composer/typo3/cms@11.5.11
purl pkg:composer/typo3/cms@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-8sdd-b1bn-cuhx
3
vulnerability VCID-av8u-rvzq-4fc7
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-t1n7-eswt-73gw
6
vulnerability VCID-tnxn-p13f-yuah
7
vulnerability VCID-ve7g-8st5-wffb
8
vulnerability VCID-vwb2-a84s-5qak
9
vulnerability VCID-vyvy-y3cw-hbgr
10
vulnerability VCID-w13x-3rp9-wyej
11
vulnerability VCID-yj9g-uz1a-jkf2
12
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.11
aliases CVE-2022-31047, GHSA-fh99-4pgr-8j99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bajy-qbwq-fufn
6
url VCID-bnne-7p2q-eqd2
vulnerability_id VCID-bnne-7p2q-eqd2
summary 
Uncontrolled Resource Consumption
Denial of Service in Online Media Asset Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases 2018-12-11-6
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnne-7p2q-eqd2
7
url VCID-bxjw-7426-gyb8
vulnerability_id VCID-bxjw-7426-gyb8
summary 
Authentication Bypass in TYPO3 CMS
It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-001
3
reference_url https://github.com/advisories/GHSA-6f9m-v7mp-7jjq
reference_id GHSA-6f9m-v7mp-7jjq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6f9m-v7mp-7jjq
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-6b5q-vzs3-pkcc
3
vulnerability VCID-bajy-qbwq-fufn
4
vulnerability VCID-bnne-7p2q-eqd2
5
vulnerability VCID-dbrh-t8zx-nkd9
6
vulnerability VCID-dm97-51uu-r7gw
7
vulnerability VCID-dsu7-jjjq-f3e1
8
vulnerability VCID-ehzg-bzrd-kbcc
9
vulnerability VCID-f963-qur3-2qb7
10
vulnerability VCID-gcnj-6qb6-pbgz
11
vulnerability VCID-mnz3-rj21-67ad
12
vulnerability VCID-n15v-ta9h-6ffb
13
vulnerability VCID-n78p-x7hh-gqcf
14
vulnerability VCID-pk8d-8u15-5bfq
15
vulnerability VCID-rdrs-mhaw-b3ge
16
vulnerability VCID-t3jn-vwbx-u7cr
17
vulnerability VCID-tw1y-t4qj-j3d1
18
vulnerability VCID-vndb-w8e1-4ugv
19
vulnerability VCID-wr5t-xqnn-gkcj
20
vulnerability VCID-wxps-mnue-6bbh
21
vulnerability VCID-xa4m-xpa9-v7h8
22
vulnerability VCID-xqew-bx7v-1qfk
23
vulnerability VCID-y32z-2d3f-gkgw
24
vulnerability VCID-zdq2-dhb2-6kaq
25
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3gg5-1921-rbfs
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-551q-gpyd-ffe8
9
vulnerability VCID-5jgb-dsyx-hyb4
10
vulnerability VCID-5paq-5frf-43ed
11
vulnerability VCID-5qfv-y43v-akdm
12
vulnerability VCID-6487-15z5-pkd4
13
vulnerability VCID-6b5q-vzs3-pkcc
14
vulnerability VCID-9g62-zd1x-3bdg
15
vulnerability VCID-9gpp-ez8w-rqav
16
vulnerability VCID-axaf-45kr-kbfe
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-bnne-7p2q-eqd2
19
vulnerability VCID-c2tm-eqmm-1ugt
20
vulnerability VCID-cm14-t8uv-k3es
21
vulnerability VCID-cmka-8484-27bu
22
vulnerability VCID-dbrh-t8zx-nkd9
23
vulnerability VCID-dj88-f3p8-cfbn
24
vulnerability VCID-dm97-51uu-r7gw
25
vulnerability VCID-dsu7-jjjq-f3e1
26
vulnerability VCID-e72u-tpc3-23g3
27
vulnerability VCID-eajg-ctpd-2bby
28
vulnerability VCID-ehzg-bzrd-kbcc
29
vulnerability VCID-ekfd-wp8z-d7e1
30
vulnerability VCID-f963-qur3-2qb7
31
vulnerability VCID-gcnj-6qb6-pbgz
32
vulnerability VCID-he5m-6wj4-rbhc
33
vulnerability VCID-j77k-hjgx-5kc5
34
vulnerability VCID-jppe-cbgm-k3cz
35
vulnerability VCID-k4h1-mvnf-1ybx
36
vulnerability VCID-k8af-cg9k-87a9
37
vulnerability VCID-m7w6-b2xu-6uee
38
vulnerability VCID-mnz3-rj21-67ad
39
vulnerability VCID-n15v-ta9h-6ffb
40
vulnerability VCID-n78p-x7hh-gqcf
41
vulnerability VCID-pk8d-8u15-5bfq
42
vulnerability VCID-px44-19tj-h7aa
43
vulnerability VCID-q8hy-wjd9-nbgp
44
vulnerability VCID-qb4j-9tz7-m7a2
45
vulnerability VCID-rdrs-mhaw-b3ge
46
vulnerability VCID-s64f-x81f-b7ce
47
vulnerability VCID-shqd-udhm-pff8
48
vulnerability VCID-stzu-sxe6-5yf5
49
vulnerability VCID-t1n7-eswt-73gw
50
vulnerability VCID-t3jn-vwbx-u7cr
51
vulnerability VCID-tqf5-2fsm-8fch
52
vulnerability VCID-tw1y-t4qj-j3d1
53
vulnerability VCID-vndb-w8e1-4ugv
54
vulnerability VCID-vxj6-wvyz-zbaq
55
vulnerability VCID-vxry-uvph-kbfd
56
vulnerability VCID-vybh-pxr3-17hn
57
vulnerability VCID-vyvy-y3cw-hbgr
58
vulnerability VCID-wea9-egep-h7g5
59
vulnerability VCID-wr5t-xqnn-gkcj
60
vulnerability VCID-wxps-mnue-6bbh
61
vulnerability VCID-xa4m-xpa9-v7h8
62
vulnerability VCID-xh7y-56vy-5ud8
63
vulnerability VCID-xqew-bx7v-1qfk
64
vulnerability VCID-y32z-2d3f-gkgw
65
vulnerability VCID-zdq2-dhb2-6kaq
66
vulnerability VCID-zkea-ge1t-z7gn
67
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3gg5-1921-rbfs
5
vulnerability VCID-3n2r-awja-dug9
6
vulnerability VCID-3v4n-fzxa-bfaw
7
vulnerability VCID-4ack-haf2-cfbe
8
vulnerability VCID-4btk-jt5n-2ugf
9
vulnerability VCID-4mkw-tv16-jyca
10
vulnerability VCID-543x-cnbz-1kb9
11
vulnerability VCID-551q-gpyd-ffe8
12
vulnerability VCID-58js-jzm4-4fc7
13
vulnerability VCID-5jgb-dsyx-hyb4
14
vulnerability VCID-5kzs-ex81-bbaj
15
vulnerability VCID-5paq-5frf-43ed
16
vulnerability VCID-6487-15z5-pkd4
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-6b5q-vzs3-pkcc
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-a49c-fqrj-nbb3
22
vulnerability VCID-anfj-pmkg-skhe
23
vulnerability VCID-axaf-45kr-kbfe
24
vulnerability VCID-bajy-qbwq-fufn
25
vulnerability VCID-bnne-7p2q-eqd2
26
vulnerability VCID-c2tm-eqmm-1ugt
27
vulnerability VCID-cm14-t8uv-k3es
28
vulnerability VCID-cmka-8484-27bu
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-dbrh-t8zx-nkd9
31
vulnerability VCID-dcy2-efyc-6qgq
32
vulnerability VCID-dj88-f3p8-cfbn
33
vulnerability VCID-dm97-51uu-r7gw
34
vulnerability VCID-dsu7-jjjq-f3e1
35
vulnerability VCID-e72u-tpc3-23g3
36
vulnerability VCID-eajg-ctpd-2bby
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-he5m-6wj4-rbhc
41
vulnerability VCID-jppe-cbgm-k3cz
42
vulnerability VCID-k4h1-mvnf-1ybx
43
vulnerability VCID-k8af-cg9k-87a9
44
vulnerability VCID-kc67-7kf7-s3d7
45
vulnerability VCID-kj9x-psfz-2ug1
46
vulnerability VCID-m7w6-b2xu-6uee
47
vulnerability VCID-mnz3-rj21-67ad
48
vulnerability VCID-n15v-ta9h-6ffb
49
vulnerability VCID-n78p-x7hh-gqcf
50
vulnerability VCID-p715-yexd-jfgc
51
vulnerability VCID-phgh-sd4m-zbdx
52
vulnerability VCID-pk8d-8u15-5bfq
53
vulnerability VCID-px44-19tj-h7aa
54
vulnerability VCID-q8hy-wjd9-nbgp
55
vulnerability VCID-qb4j-9tz7-m7a2
56
vulnerability VCID-raxk-rm9v-hubn
57
vulnerability VCID-rdrs-mhaw-b3ge
58
vulnerability VCID-s64f-x81f-b7ce
59
vulnerability VCID-shqd-udhm-pff8
60
vulnerability VCID-stzu-sxe6-5yf5
61
vulnerability VCID-sw7v-fbjk-13hy
62
vulnerability VCID-t1n7-eswt-73gw
63
vulnerability VCID-t3jn-vwbx-u7cr
64
vulnerability VCID-tqf5-2fsm-8fch
65
vulnerability VCID-tw1y-t4qj-j3d1
66
vulnerability VCID-u9bx-8e86-wbew
67
vulnerability VCID-ve7g-8st5-wffb
68
vulnerability VCID-vndb-w8e1-4ugv
69
vulnerability VCID-vxj6-wvyz-zbaq
70
vulnerability VCID-vxry-uvph-kbfd
71
vulnerability VCID-vybh-pxr3-17hn
72
vulnerability VCID-vyvy-y3cw-hbgr
73
vulnerability VCID-wea9-egep-h7g5
74
vulnerability VCID-wr5t-xqnn-gkcj
75
vulnerability VCID-wxps-mnue-6bbh
76
vulnerability VCID-xa4m-xpa9-v7h8
77
vulnerability VCID-xh7y-56vy-5ud8
78
vulnerability VCID-xtdg-uj46-rkcm
79
vulnerability VCID-xwc2-z7hx-4qa7
80
vulnerability VCID-y32z-2d3f-gkgw
81
vulnerability VCID-zdq2-dhb2-6kaq
82
vulnerability VCID-zkea-ge1t-z7gn
83
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-6f9m-v7mp-7jjq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bxjw-7426-gyb8
8
url VCID-dbrh-t8zx-nkd9
vulnerability_id VCID-dbrh-t8zx-nkd9
summary 
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated users.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3
3
reference_url https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92
4
reference_url https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-010
6
reference_url https://github.com/advisories/GHSA-6487-3qvg-8px9
reference_id GHSA-6487-3qvg-8px9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6487-3qvg-8px9
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-6487-3qvg-8px9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbrh-t8zx-nkd9
9
url VCID-dm97-51uu-r7gw
vulnerability_id VCID-dm97-51uu-r7gw
summary 
Cross-site Scripting
Cross-Site Scripting in Online Media Asset Rendering.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases 2018-12-11-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dm97-51uu-r7gw
10
url VCID-dsu7-jjjq-f3e1
vulnerability_id VCID-dsu7-jjjq-f3e1
summary 
Cleartext storage of session identifier
### Problem
User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system.

### Solution
Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.

### Credits
Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32661
published_at 2026-04-07T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32736
published_at 2026-04-11T12:55:00Z
2
value 0.00132
scoring_system epss
scoring_elements 0.32671
published_at 2026-04-01T12:55:00Z
3
value 0.00132
scoring_system epss
scoring_elements 0.32735
published_at 2026-04-09T12:55:00Z
4
value 0.00132
scoring_system epss
scoring_elements 0.32804
published_at 2026-04-02T12:55:00Z
5
value 0.00132
scoring_system epss
scoring_elements 0.3284
published_at 2026-04-04T12:55:00Z
6
value 0.00132
scoring_system epss
scoring_elements 0.32709
published_at 2026-04-08T12:55:00Z
7
value 0.00132
scoring_system epss
scoring_elements 0.32659
published_at 2026-04-21T12:55:00Z
8
value 0.00132
scoring_system epss
scoring_elements 0.32688
published_at 2026-04-18T12:55:00Z
9
value 0.00132
scoring_system epss
scoring_elements 0.32711
published_at 2026-04-16T12:55:00Z
10
value 0.00132
scoring_system epss
scoring_elements 0.32672
published_at 2026-04-13T12:55:00Z
11
value 0.00132
scoring_system epss
scoring_elements 0.327
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
5
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-006
7
reference_url https://github.com/advisories/GHSA-qx3w-4864-94ch
reference_id GHSA-qx3w-4864-94ch
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qx3w-4864-94ch
fixed_packages
0
url pkg:composer/typo3/cms@7.6.51
purl pkg:composer/typo3/cms@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n15v-ta9h-6ffb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51
1
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ekfd-wp8z-d7e1
1
vulnerability VCID-n15v-ta9h-6ffb
2
vulnerability VCID-s64f-x81f-b7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
2
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-6a9t-8dmn-s3bv
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-ekfd-wp8z-d7e1
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-n15v-ta9h-6ffb
6
vulnerability VCID-s64f-x81f-b7ce
7
vulnerability VCID-t1n7-eswt-73gw
8
vulnerability VCID-ve7g-8st5-wffb
9
vulnerability VCID-vyvy-y3cw-hbgr
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
3
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6a9t-8dmn-s3bv
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-av8u-rvzq-4fc7
6
vulnerability VCID-bajy-qbwq-fufn
7
vulnerability VCID-e32h-8q61-hbgc
8
vulnerability VCID-ekfd-wp8z-d7e1
9
vulnerability VCID-mnz3-rj21-67ad
10
vulnerability VCID-n15v-ta9h-6ffb
11
vulnerability VCID-remd-55jh-r3g5
12
vulnerability VCID-s55j-8hbt-akhn
13
vulnerability VCID-s64f-x81f-b7ce
14
vulnerability VCID-t1n7-eswt-73gw
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vwb2-a84s-5qak
17
vulnerability VCID-vyvy-y3cw-hbgr
18
vulnerability VCID-w13x-3rp9-wyej
19
vulnerability VCID-y32z-2d3f-gkgw
20
vulnerability VCID-yj9g-uz1a-jkf2
21
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
4
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6a9t-8dmn-s3bv
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-av8u-rvzq-4fc7
6
vulnerability VCID-bajy-qbwq-fufn
7
vulnerability VCID-e32h-8q61-hbgc
8
vulnerability VCID-ekfd-wp8z-d7e1
9
vulnerability VCID-mnz3-rj21-67ad
10
vulnerability VCID-n15v-ta9h-6ffb
11
vulnerability VCID-remd-55jh-r3g5
12
vulnerability VCID-s55j-8hbt-akhn
13
vulnerability VCID-s64f-x81f-b7ce
14
vulnerability VCID-t1n7-eswt-73gw
15
vulnerability VCID-uyeu-a3xr-fkh4
16
vulnerability VCID-ve7g-8st5-wffb
17
vulnerability VCID-vwb2-a84s-5qak
18
vulnerability VCID-vyvy-y3cw-hbgr
19
vulnerability VCID-w13x-3rp9-wyej
20
vulnerability VCID-y32z-2d3f-gkgw
21
vulnerability VCID-yj9g-uz1a-jkf2
22
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21339, GHSA-qx3w-4864-94ch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsu7-jjjq-f3e1
11
url VCID-ehzg-bzrd-kbcc
vulnerability_id VCID-ehzg-bzrd-kbcc
summary 
Uncontrolled Resource Consumption
Denial of Service in Frontend Record Registration.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.0.0
purl pkg:composer/typo3/cms@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-2mn6-mdmz-4yd9
6
vulnerability VCID-3gg5-1921-rbfs
7
vulnerability VCID-3n2r-awja-dug9
8
vulnerability VCID-3v4n-fzxa-bfaw
9
vulnerability VCID-4ack-haf2-cfbe
10
vulnerability VCID-4btk-jt5n-2ugf
11
vulnerability VCID-4mkw-tv16-jyca
12
vulnerability VCID-543x-cnbz-1kb9
13
vulnerability VCID-551q-gpyd-ffe8
14
vulnerability VCID-58js-jzm4-4fc7
15
vulnerability VCID-5jgb-dsyx-hyb4
16
vulnerability VCID-5kzs-ex81-bbaj
17
vulnerability VCID-5paq-5frf-43ed
18
vulnerability VCID-6487-15z5-pkd4
19
vulnerability VCID-6a9t-8dmn-s3bv
20
vulnerability VCID-6b5q-vzs3-pkcc
21
vulnerability VCID-7kjw-j8st-mqfr
22
vulnerability VCID-9g62-zd1x-3bdg
23
vulnerability VCID-9gpp-ez8w-rqav
24
vulnerability VCID-9jj4-ec9n-qbhs
25
vulnerability VCID-a49c-fqrj-nbb3
26
vulnerability VCID-anfj-pmkg-skhe
27
vulnerability VCID-axaf-45kr-kbfe
28
vulnerability VCID-bajy-qbwq-fufn
29
vulnerability VCID-bnne-7p2q-eqd2
30
vulnerability VCID-bxjw-7426-gyb8
31
vulnerability VCID-byp6-edft-fbhm
32
vulnerability VCID-c2tm-eqmm-1ugt
33
vulnerability VCID-cm14-t8uv-k3es
34
vulnerability VCID-cmka-8484-27bu
35
vulnerability VCID-d8d1-sat6-muhe
36
vulnerability VCID-dbrh-t8zx-nkd9
37
vulnerability VCID-dcy2-efyc-6qgq
38
vulnerability VCID-dj88-f3p8-cfbn
39
vulnerability VCID-dm97-51uu-r7gw
40
vulnerability VCID-dsu7-jjjq-f3e1
41
vulnerability VCID-e72u-tpc3-23g3
42
vulnerability VCID-eajg-ctpd-2bby
43
vulnerability VCID-ekfd-wp8z-d7e1
44
vulnerability VCID-f1rq-qudk-zkf2
45
vulnerability VCID-f963-qur3-2qb7
46
vulnerability VCID-gcnj-6qb6-pbgz
47
vulnerability VCID-he5m-6wj4-rbhc
48
vulnerability VCID-jppe-cbgm-k3cz
49
vulnerability VCID-k4h1-mvnf-1ybx
50
vulnerability VCID-k8af-cg9k-87a9
51
vulnerability VCID-kc67-7kf7-s3d7
52
vulnerability VCID-kj9x-psfz-2ug1
53
vulnerability VCID-m7w6-b2xu-6uee
54
vulnerability VCID-mnz3-rj21-67ad
55
vulnerability VCID-n15v-ta9h-6ffb
56
vulnerability VCID-n78p-x7hh-gqcf
57
vulnerability VCID-nwxj-3ajk-rkh5
58
vulnerability VCID-p715-yexd-jfgc
59
vulnerability VCID-phgh-sd4m-zbdx
60
vulnerability VCID-pk8d-8u15-5bfq
61
vulnerability VCID-px44-19tj-h7aa
62
vulnerability VCID-q8hy-wjd9-nbgp
63
vulnerability VCID-qb4j-9tz7-m7a2
64
vulnerability VCID-raxk-rm9v-hubn
65
vulnerability VCID-rdrs-mhaw-b3ge
66
vulnerability VCID-s64f-x81f-b7ce
67
vulnerability VCID-shqd-udhm-pff8
68
vulnerability VCID-sr3p-pdxy-4yhu
69
vulnerability VCID-stzu-sxe6-5yf5
70
vulnerability VCID-sw7v-fbjk-13hy
71
vulnerability VCID-t1n7-eswt-73gw
72
vulnerability VCID-t3jn-vwbx-u7cr
73
vulnerability VCID-tmrt-6fxw-5ugh
74
vulnerability VCID-tqf5-2fsm-8fch
75
vulnerability VCID-tw1y-t4qj-j3d1
76
vulnerability VCID-u9bx-8e86-wbew
77
vulnerability VCID-ve7g-8st5-wffb
78
vulnerability VCID-vndb-w8e1-4ugv
79
vulnerability VCID-vxj6-wvyz-zbaq
80
vulnerability VCID-vxry-uvph-kbfd
81
vulnerability VCID-vybh-pxr3-17hn
82
vulnerability VCID-vyvy-y3cw-hbgr
83
vulnerability VCID-wea9-egep-h7g5
84
vulnerability VCID-wkm6-cgc8-bfa8
85
vulnerability VCID-wr5t-xqnn-gkcj
86
vulnerability VCID-wxps-mnue-6bbh
87
vulnerability VCID-xa4m-xpa9-v7h8
88
vulnerability VCID-xh7y-56vy-5ud8
89
vulnerability VCID-xtdg-uj46-rkcm
90
vulnerability VCID-xwc2-z7hx-4qa7
91
vulnerability VCID-y32z-2d3f-gkgw
92
vulnerability VCID-zdq2-dhb2-6kaq
93
vulnerability VCID-zkea-ge1t-z7gn
94
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0
aliases 2018-12-11-7
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehzg-bzrd-kbcc
12
url VCID-ep6t-zwd1-4bb3
vulnerability_id VCID-ep6t-zwd1-4bb3
summary 
XSS Vulnerability
TYPO3 is vulnerable to Cross-Site Scripting.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.16
purl pkg:composer/typo3/cms@7.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-fy3g-uegw-2bew
13
vulnerability VCID-gcnj-6qb6-pbgz
14
vulnerability VCID-h63t-9enx-qfdn
15
vulnerability VCID-hpgq-deze-p7dp
16
vulnerability VCID-jqth-wfgx-87cx
17
vulnerability VCID-mnz3-rj21-67ad
18
vulnerability VCID-mqbh-k9n3-nbed
19
vulnerability VCID-mub5-s7h1-57cy
20
vulnerability VCID-n15v-ta9h-6ffb
21
vulnerability VCID-n78p-x7hh-gqcf
22
vulnerability VCID-nt6a-5zkv-pbcm
23
vulnerability VCID-nwxj-3ajk-rkh5
24
vulnerability VCID-pk8d-8u15-5bfq
25
vulnerability VCID-pnfa-cksc-43de
26
vulnerability VCID-rdrs-mhaw-b3ge
27
vulnerability VCID-rzw5-8d1u-sfam
28
vulnerability VCID-sr3p-pdxy-4yhu
29
vulnerability VCID-t3jn-vwbx-u7cr
30
vulnerability VCID-tmrt-6fxw-5ugh
31
vulnerability VCID-tw1y-t4qj-j3d1
32
vulnerability VCID-vndb-w8e1-4ugv
33
vulnerability VCID-wge3-kxdq-f3bz
34
vulnerability VCID-wr5t-xqnn-gkcj
35
vulnerability VCID-wxps-mnue-6bbh
36
vulnerability VCID-xa4m-xpa9-v7h8
37
vulnerability VCID-xqew-bx7v-1qfk
38
vulnerability VCID-y32z-2d3f-gkgw
39
vulnerability VCID-zdq2-dhb2-6kaq
40
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16
1
url pkg:composer/typo3/cms@8.6.1
purl pkg:composer/typo3/cms@8.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-9jj4-ec9n-qbhs
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-bnne-7p2q-eqd2
23
vulnerability VCID-bxjw-7426-gyb8
24
vulnerability VCID-byp6-edft-fbhm
25
vulnerability VCID-c2tm-eqmm-1ugt
26
vulnerability VCID-cm14-t8uv-k3es
27
vulnerability VCID-cmka-8484-27bu
28
vulnerability VCID-dbrh-t8zx-nkd9
29
vulnerability VCID-dj88-f3p8-cfbn
30
vulnerability VCID-dm97-51uu-r7gw
31
vulnerability VCID-dquc-7amf-e7cs
32
vulnerability VCID-dsu7-jjjq-f3e1
33
vulnerability VCID-e72u-tpc3-23g3
34
vulnerability VCID-e7sv-4xc2-m3d5
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ehzg-bzrd-kbcc
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-fy3g-uegw-2bew
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-h63t-9enx-qfdn
41
vulnerability VCID-he5m-6wj4-rbhc
42
vulnerability VCID-hpgq-deze-p7dp
43
vulnerability VCID-j77k-hjgx-5kc5
44
vulnerability VCID-jppe-cbgm-k3cz
45
vulnerability VCID-jqth-wfgx-87cx
46
vulnerability VCID-k4h1-mvnf-1ybx
47
vulnerability VCID-k8af-cg9k-87a9
48
vulnerability VCID-m7w6-b2xu-6uee
49
vulnerability VCID-mnz3-rj21-67ad
50
vulnerability VCID-mqbh-k9n3-nbed
51
vulnerability VCID-mub5-s7h1-57cy
52
vulnerability VCID-n15v-ta9h-6ffb
53
vulnerability VCID-n78p-x7hh-gqcf
54
vulnerability VCID-nt6a-5zkv-pbcm
55
vulnerability VCID-nwxj-3ajk-rkh5
56
vulnerability VCID-pk8d-8u15-5bfq
57
vulnerability VCID-pnfa-cksc-43de
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-qb4j-9tz7-m7a2
61
vulnerability VCID-rdrs-mhaw-b3ge
62
vulnerability VCID-rzw5-8d1u-sfam
63
vulnerability VCID-s64f-x81f-b7ce
64
vulnerability VCID-shqd-udhm-pff8
65
vulnerability VCID-sr3p-pdxy-4yhu
66
vulnerability VCID-stzu-sxe6-5yf5
67
vulnerability VCID-t1n7-eswt-73gw
68
vulnerability VCID-t3jn-vwbx-u7cr
69
vulnerability VCID-tmrt-6fxw-5ugh
70
vulnerability VCID-tqf5-2fsm-8fch
71
vulnerability VCID-tw1y-t4qj-j3d1
72
vulnerability VCID-vndb-w8e1-4ugv
73
vulnerability VCID-vxj6-wvyz-zbaq
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vybh-pxr3-17hn
76
vulnerability VCID-wea9-egep-h7g5
77
vulnerability VCID-wge3-kxdq-f3bz
78
vulnerability VCID-wkm6-cgc8-bfa8
79
vulnerability VCID-wr5t-xqnn-gkcj
80
vulnerability VCID-wxps-mnue-6bbh
81
vulnerability VCID-xa4m-xpa9-v7h8
82
vulnerability VCID-xh7y-56vy-5ud8
83
vulnerability VCID-xqew-bx7v-1qfk
84
vulnerability VCID-y32z-2d3f-gkgw
85
vulnerability VCID-zdq2-dhb2-6kaq
86
vulnerability VCID-zkea-ge1t-z7gn
87
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1
aliases TYPO3-CORE-SA-2017-003
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ep6t-zwd1-4bb3
13
url VCID-f963-qur3-2qb7
vulnerability_id VCID-f963-qur3-2qb7
summary 
Cross-Site Scripting in Fluid view helpers
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)
> * CWE-79

### Problem
It has been discovered that system extension Fluid (`typo3/cms-fluid`) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers.

```
<f:form ... fieldNamePrefix="{payload}" />
<f:be.labels.csh ... label="{payload}" />
<f:be.menus.actionMenu ... label="{payload}" />
```

### Solution
Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.

### Credits
Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 security team members Helmut Hummel & Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2020-010](https://typo3.org/security/advisory/typo3-core-sa-2020-010)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26227
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.58104
published_at 2026-04-04T12:55:00Z
1
value 0.00359
scoring_system epss
scoring_elements 0.58115
published_at 2026-04-21T12:55:00Z
2
value 0.00359
scoring_system epss
scoring_elements 0.5814
published_at 2026-04-18T12:55:00Z
3
value 0.00359
scoring_system epss
scoring_elements 0.58139
published_at 2026-04-16T12:55:00Z
4
value 0.00359
scoring_system epss
scoring_elements 0.58137
published_at 2026-04-09T12:55:00Z
5
value 0.00359
scoring_system epss
scoring_elements 0.57999
published_at 2026-04-01T12:55:00Z
6
value 0.00359
scoring_system epss
scoring_elements 0.58133
published_at 2026-04-08T12:55:00Z
7
value 0.00359
scoring_system epss
scoring_elements 0.58083
published_at 2026-04-02T12:55:00Z
8
value 0.00359
scoring_system epss
scoring_elements 0.58079
published_at 2026-04-07T12:55:00Z
9
value 0.00359
scoring_system epss
scoring_elements 0.58109
published_at 2026-04-13T12:55:00Z
10
value 0.00359
scoring_system epss
scoring_elements 0.5813
published_at 2026-04-12T12:55:00Z
11
value 0.00359
scoring_system epss
scoring_elements 0.58153
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26227
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26227
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26227
5
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-010
7
reference_url https://github.com/advisories/GHSA-vqqx-jw6p-q3rf
reference_id GHSA-vqqx-jw6p-q3rf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vqqx-jw6p-q3rf
fixed_packages
0
url pkg:composer/typo3/cms@8.0.0
purl pkg:composer/typo3/cms@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1bnd-6xsq-nbec
2
vulnerability VCID-1jcy-nx8g-z3d3
3
vulnerability VCID-1kae-ffj3-xyc7
4
vulnerability VCID-1qjx-grvf-y7bk
5
vulnerability VCID-25t3-1sm6-3kdn
6
vulnerability VCID-28bf-jvah-zkhw
7
vulnerability VCID-2fs8-bscc-3ye2
8
vulnerability VCID-2meq-x4kd-bbdn
9
vulnerability VCID-3gg5-1921-rbfs
10
vulnerability VCID-3n2r-awja-dug9
11
vulnerability VCID-3v4n-fzxa-bfaw
12
vulnerability VCID-435j-f3yx-9yep
13
vulnerability VCID-47px-4d98-ubab
14
vulnerability VCID-4ack-haf2-cfbe
15
vulnerability VCID-4btk-jt5n-2ugf
16
vulnerability VCID-551q-gpyd-ffe8
17
vulnerability VCID-5jgb-dsyx-hyb4
18
vulnerability VCID-5paq-5frf-43ed
19
vulnerability VCID-5ppt-avmb-cqb2
20
vulnerability VCID-5qfv-y43v-akdm
21
vulnerability VCID-5yg8-2cbr-d3as
22
vulnerability VCID-6487-15z5-pkd4
23
vulnerability VCID-6b5q-vzs3-pkcc
24
vulnerability VCID-6wsa-4ywc-8fh4
25
vulnerability VCID-7d1g-j3k5-gub8
26
vulnerability VCID-8jp8-a363-67be
27
vulnerability VCID-9g62-zd1x-3bdg
28
vulnerability VCID-9gpp-ez8w-rqav
29
vulnerability VCID-auw7-pc55-73hj
30
vulnerability VCID-axaf-45kr-kbfe
31
vulnerability VCID-bajy-qbwq-fufn
32
vulnerability VCID-bck9-34jp-6ydx
33
vulnerability VCID-bmj2-4k58-tqa4
34
vulnerability VCID-bnne-7p2q-eqd2
35
vulnerability VCID-bxjw-7426-gyb8
36
vulnerability VCID-c2tm-eqmm-1ugt
37
vulnerability VCID-c6zq-cfg5-u7d9
38
vulnerability VCID-cm14-t8uv-k3es
39
vulnerability VCID-cmka-8484-27bu
40
vulnerability VCID-dbrh-t8zx-nkd9
41
vulnerability VCID-dj88-f3p8-cfbn
42
vulnerability VCID-dm97-51uu-r7gw
43
vulnerability VCID-dquc-7amf-e7cs
44
vulnerability VCID-dsu7-jjjq-f3e1
45
vulnerability VCID-e72u-tpc3-23g3
46
vulnerability VCID-e7sv-4xc2-m3d5
47
vulnerability VCID-eajg-ctpd-2bby
48
vulnerability VCID-ehzg-bzrd-kbcc
49
vulnerability VCID-ekfd-wp8z-d7e1
50
vulnerability VCID-ep6t-zwd1-4bb3
51
vulnerability VCID-euk5-hagy-xqfz
52
vulnerability VCID-f1rq-qudk-zkf2
53
vulnerability VCID-fber-yp9q-f7dr
54
vulnerability VCID-fqbx-7xyq-fkav
55
vulnerability VCID-fy3g-uegw-2bew
56
vulnerability VCID-gcnj-6qb6-pbgz
57
vulnerability VCID-gezz-pvpj-p3c6
58
vulnerability VCID-gspd-apwy-efgu
59
vulnerability VCID-h63t-9enx-qfdn
60
vulnerability VCID-h958-d3pm-kfcs
61
vulnerability VCID-he5m-6wj4-rbhc
62
vulnerability VCID-hpgq-deze-p7dp
63
vulnerability VCID-hv3n-j8ck-1ufx
64
vulnerability VCID-j77k-hjgx-5kc5
65
vulnerability VCID-jppe-cbgm-k3cz
66
vulnerability VCID-jqth-wfgx-87cx
67
vulnerability VCID-k4h1-mvnf-1ybx
68
vulnerability VCID-k8af-cg9k-87a9
69
vulnerability VCID-m3nf-1qbv-d3dj
70
vulnerability VCID-m7w6-b2xu-6uee
71
vulnerability VCID-mnz3-rj21-67ad
72
vulnerability VCID-mqbh-k9n3-nbed
73
vulnerability VCID-mqk6-z77g-bfdv
74
vulnerability VCID-mub5-s7h1-57cy
75
vulnerability VCID-n15v-ta9h-6ffb
76
vulnerability VCID-n61z-6v8a-hygf
77
vulnerability VCID-n78p-x7hh-gqcf
78
vulnerability VCID-nnh9-udcj-m7fv
79
vulnerability VCID-npn5-rand-q3dg
80
vulnerability VCID-nt6a-5zkv-pbcm
81
vulnerability VCID-nwxj-3ajk-rkh5
82
vulnerability VCID-p1u9-66hm-47er
83
vulnerability VCID-p545-vwe6-9kfr
84
vulnerability VCID-pk8d-8u15-5bfq
85
vulnerability VCID-pnfa-cksc-43de
86
vulnerability VCID-prbd-r82t-87dm
87
vulnerability VCID-px44-19tj-h7aa
88
vulnerability VCID-q8hy-wjd9-nbgp
89
vulnerability VCID-q9ak-qcq6-qfhy
90
vulnerability VCID-qb4j-9tz7-m7a2
91
vulnerability VCID-rdrs-mhaw-b3ge
92
vulnerability VCID-rg5d-d8nc-9qfu
93
vulnerability VCID-rzw5-8d1u-sfam
94
vulnerability VCID-s64f-x81f-b7ce
95
vulnerability VCID-shqd-udhm-pff8
96
vulnerability VCID-sr3p-pdxy-4yhu
97
vulnerability VCID-stzu-sxe6-5yf5
98
vulnerability VCID-t1n7-eswt-73gw
99
vulnerability VCID-t3jn-vwbx-u7cr
100
vulnerability VCID-tmrt-6fxw-5ugh
101
vulnerability VCID-tqf5-2fsm-8fch
102
vulnerability VCID-tw1y-t4qj-j3d1
103
vulnerability VCID-uckg-j48d-efad
104
vulnerability VCID-utpu-q2dv-m3hm
105
vulnerability VCID-vndb-w8e1-4ugv
106
vulnerability VCID-vrt1-aj9v-2kb6
107
vulnerability VCID-vxj6-wvyz-zbaq
108
vulnerability VCID-vxry-uvph-kbfd
109
vulnerability VCID-vybh-pxr3-17hn
110
vulnerability VCID-wea9-egep-h7g5
111
vulnerability VCID-wge3-kxdq-f3bz
112
vulnerability VCID-wr5t-xqnn-gkcj
113
vulnerability VCID-wxps-mnue-6bbh
114
vulnerability VCID-xa4m-xpa9-v7h8
115
vulnerability VCID-xh7y-56vy-5ud8
116
vulnerability VCID-xqew-bx7v-1qfk
117
vulnerability VCID-y32z-2d3f-gkgw
118
vulnerability VCID-zawz-vky5-tkgt
119
vulnerability VCID-zdq2-dhb2-6kaq
120
vulnerability VCID-zkea-ge1t-z7gn
121
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0
1
url pkg:composer/typo3/cms@8.7.38
purl pkg:composer/typo3/cms@8.7.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.38
2
url pkg:composer/typo3/cms@9.5.23
purl pkg:composer/typo3/cms@9.5.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-6a9t-8dmn-s3bv
3
vulnerability VCID-bajy-qbwq-fufn
4
vulnerability VCID-d8d1-sat6-muhe
5
vulnerability VCID-dsu7-jjjq-f3e1
6
vulnerability VCID-ekfd-wp8z-d7e1
7
vulnerability VCID-he5m-6wj4-rbhc
8
vulnerability VCID-mnz3-rj21-67ad
9
vulnerability VCID-n15v-ta9h-6ffb
10
vulnerability VCID-s64f-x81f-b7ce
11
vulnerability VCID-t1n7-eswt-73gw
12
vulnerability VCID-t3jn-vwbx-u7cr
13
vulnerability VCID-ve7g-8st5-wffb
14
vulnerability VCID-vyvy-y3cw-hbgr
15
vulnerability VCID-xh7y-56vy-5ud8
16
vulnerability VCID-y32z-2d3f-gkgw
17
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.23
3
url pkg:composer/typo3/cms@10.4.10
purl pkg:composer/typo3/cms@10.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6a9t-8dmn-s3bv
5
vulnerability VCID-8sdd-b1bn-cuhx
6
vulnerability VCID-a89c-jvwa-6kh5
7
vulnerability VCID-av8u-rvzq-4fc7
8
vulnerability VCID-bajy-qbwq-fufn
9
vulnerability VCID-d8d1-sat6-muhe
10
vulnerability VCID-dhrm-uxuv-zfaj
11
vulnerability VCID-dsu7-jjjq-f3e1
12
vulnerability VCID-e32h-8q61-hbgc
13
vulnerability VCID-ekfd-wp8z-d7e1
14
vulnerability VCID-he5m-6wj4-rbhc
15
vulnerability VCID-mnz3-rj21-67ad
16
vulnerability VCID-n15v-ta9h-6ffb
17
vulnerability VCID-remd-55jh-r3g5
18
vulnerability VCID-s55j-8hbt-akhn
19
vulnerability VCID-s64f-x81f-b7ce
20
vulnerability VCID-t1n7-eswt-73gw
21
vulnerability VCID-t3jn-vwbx-u7cr
22
vulnerability VCID-ve7g-8st5-wffb
23
vulnerability VCID-vwb2-a84s-5qak
24
vulnerability VCID-vyvy-y3cw-hbgr
25
vulnerability VCID-w13x-3rp9-wyej
26
vulnerability VCID-xh7y-56vy-5ud8
27
vulnerability VCID-y32z-2d3f-gkgw
28
vulnerability VCID-yj9g-uz1a-jkf2
29
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.10
aliases CVE-2020-26227, GHSA-vqqx-jw6p-q3rf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f963-qur3-2qb7
14
url VCID-fy3g-uegw-2bew
vulnerability_id VCID-fy3g-uegw-2bew
summary 
Arbitrary Code Execution in TYPO3 CMS
Due to a missing file extension in the fileDenyPattern, backend user are allowed to upload *.pht files which can be executed in certain web server setups. The new default fileDenyPattern is the following, which might have been overridden in the TYPO3 Install Tool.
```
\.(php[3-7]?|phpsh|phtml|pht)(\..*)?$|^\.htaccess$
```
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-4.yaml
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-007
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-007
3
reference_url https://github.com/advisories/GHSA-67wg-6j7r-mqh8
reference_id GHSA-67wg-6j7r-mqh8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67wg-6j7r-mqh8
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6b5q-vzs3-pkcc
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-byp6-edft-fbhm
24
vulnerability VCID-c2tm-eqmm-1ugt
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-cmka-8484-27bu
27
vulnerability VCID-dbrh-t8zx-nkd9
28
vulnerability VCID-dj88-f3p8-cfbn
29
vulnerability VCID-dm97-51uu-r7gw
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-eajg-ctpd-2bby
33
vulnerability VCID-ehzg-bzrd-kbcc
34
vulnerability VCID-ekfd-wp8z-d7e1
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-gcnj-6qb6-pbgz
37
vulnerability VCID-he5m-6wj4-rbhc
38
vulnerability VCID-j77k-hjgx-5kc5
39
vulnerability VCID-jppe-cbgm-k3cz
40
vulnerability VCID-k4h1-mvnf-1ybx
41
vulnerability VCID-k8af-cg9k-87a9
42
vulnerability VCID-m7w6-b2xu-6uee
43
vulnerability VCID-mnz3-rj21-67ad
44
vulnerability VCID-n15v-ta9h-6ffb
45
vulnerability VCID-n78p-x7hh-gqcf
46
vulnerability VCID-nwxj-3ajk-rkh5
47
vulnerability VCID-pk8d-8u15-5bfq
48
vulnerability VCID-px44-19tj-h7aa
49
vulnerability VCID-q8hy-wjd9-nbgp
50
vulnerability VCID-qb4j-9tz7-m7a2
51
vulnerability VCID-rdrs-mhaw-b3ge
52
vulnerability VCID-s64f-x81f-b7ce
53
vulnerability VCID-shqd-udhm-pff8
54
vulnerability VCID-sr3p-pdxy-4yhu
55
vulnerability VCID-stzu-sxe6-5yf5
56
vulnerability VCID-t1n7-eswt-73gw
57
vulnerability VCID-t3jn-vwbx-u7cr
58
vulnerability VCID-tmrt-6fxw-5ugh
59
vulnerability VCID-tqf5-2fsm-8fch
60
vulnerability VCID-tw1y-t4qj-j3d1
61
vulnerability VCID-vndb-w8e1-4ugv
62
vulnerability VCID-vxj6-wvyz-zbaq
63
vulnerability VCID-vxry-uvph-kbfd
64
vulnerability VCID-vybh-pxr3-17hn
65
vulnerability VCID-vyvy-y3cw-hbgr
66
vulnerability VCID-wea9-egep-h7g5
67
vulnerability VCID-wkm6-cgc8-bfa8
68
vulnerability VCID-wr5t-xqnn-gkcj
69
vulnerability VCID-wxps-mnue-6bbh
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-xqew-bx7v-1qfk
73
vulnerability VCID-y32z-2d3f-gkgw
74
vulnerability VCID-zdq2-dhb2-6kaq
75
vulnerability VCID-zkea-ge1t-z7gn
76
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases GHSA-67wg-6j7r-mqh8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fy3g-uegw-2bew
15
url VCID-gcnj-6qb6-pbgz
vulnerability_id VCID-gcnj-6qb6-pbgz
summary 
TYPO3 Directory Traversal on ZIP extraction
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59108
published_at 2026-04-21T12:55:00Z
1
value 0.00374
scoring_system epss
scoring_elements 0.58989
published_at 2026-04-01T12:55:00Z
2
value 0.00374
scoring_system epss
scoring_elements 0.59064
published_at 2026-04-02T12:55:00Z
3
value 0.00374
scoring_system epss
scoring_elements 0.59087
published_at 2026-04-13T12:55:00Z
4
value 0.00374
scoring_system epss
scoring_elements 0.59051
published_at 2026-04-07T12:55:00Z
5
value 0.00374
scoring_system epss
scoring_elements 0.59102
published_at 2026-04-08T12:55:00Z
6
value 0.00374
scoring_system epss
scoring_elements 0.59106
published_at 2026-04-12T12:55:00Z
7
value 0.00374
scoring_system epss
scoring_elements 0.59125
published_at 2026-04-11T12:55:00Z
8
value 0.00374
scoring_system epss
scoring_elements 0.59124
published_at 2026-04-16T12:55:00Z
9
value 0.00374
scoring_system epss
scoring_elements 0.59128
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
4
reference_url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-024
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
7
reference_url https://github.com/advisories/GHSA-77p4-wfr8-977w
reference_id GHSA-77p4-wfr8-977w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77p4-wfr8-977w
fixed_packages
0
url pkg:composer/typo3/cms@8.7.30
purl pkg:composer/typo3/cms@8.7.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-ekfd-wp8z-d7e1
5
vulnerability VCID-f963-qur3-2qb7
6
vulnerability VCID-he5m-6wj4-rbhc
7
vulnerability VCID-mnz3-rj21-67ad
8
vulnerability VCID-n15v-ta9h-6ffb
9
vulnerability VCID-s64f-x81f-b7ce
10
vulnerability VCID-t1n7-eswt-73gw
11
vulnerability VCID-t3jn-vwbx-u7cr
12
vulnerability VCID-vyvy-y3cw-hbgr
13
vulnerability VCID-xh7y-56vy-5ud8
14
vulnerability VCID-y32z-2d3f-gkgw
15
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30
1
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mn6-mdmz-4yd9
1
vulnerability VCID-543x-cnbz-1kb9
2
vulnerability VCID-58js-jzm4-4fc7
3
vulnerability VCID-5jgb-dsyx-hyb4
4
vulnerability VCID-5kzs-ex81-bbaj
5
vulnerability VCID-5paq-5frf-43ed
6
vulnerability VCID-6a9t-8dmn-s3bv
7
vulnerability VCID-7kjw-j8st-mqfr
8
vulnerability VCID-a49c-fqrj-nbb3
9
vulnerability VCID-bajy-qbwq-fufn
10
vulnerability VCID-d8d1-sat6-muhe
11
vulnerability VCID-dsu7-jjjq-f3e1
12
vulnerability VCID-ekfd-wp8z-d7e1
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-he5m-6wj4-rbhc
15
vulnerability VCID-mnz3-rj21-67ad
16
vulnerability VCID-n15v-ta9h-6ffb
17
vulnerability VCID-phgh-sd4m-zbdx
18
vulnerability VCID-s64f-x81f-b7ce
19
vulnerability VCID-sw7v-fbjk-13hy
20
vulnerability VCID-t1n7-eswt-73gw
21
vulnerability VCID-t3jn-vwbx-u7cr
22
vulnerability VCID-ve7g-8st5-wffb
23
vulnerability VCID-vyvy-y3cw-hbgr
24
vulnerability VCID-xh7y-56vy-5ud8
25
vulnerability VCID-y32z-2d3f-gkgw
26
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
2
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-2mn6-mdmz-4yd9
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-543x-cnbz-1kb9
4
vulnerability VCID-58js-jzm4-4fc7
5
vulnerability VCID-5jgb-dsyx-hyb4
6
vulnerability VCID-5kzs-ex81-bbaj
7
vulnerability VCID-5paq-5frf-43ed
8
vulnerability VCID-6a9t-8dmn-s3bv
9
vulnerability VCID-7kjw-j8st-mqfr
10
vulnerability VCID-8sdd-b1bn-cuhx
11
vulnerability VCID-a49c-fqrj-nbb3
12
vulnerability VCID-a89c-jvwa-6kh5
13
vulnerability VCID-av8u-rvzq-4fc7
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-cdjv-fp71-y3dv
16
vulnerability VCID-d8d1-sat6-muhe
17
vulnerability VCID-dhrm-uxuv-zfaj
18
vulnerability VCID-dsu7-jjjq-f3e1
19
vulnerability VCID-e32h-8q61-hbgc
20
vulnerability VCID-ekfd-wp8z-d7e1
21
vulnerability VCID-f963-qur3-2qb7
22
vulnerability VCID-he5m-6wj4-rbhc
23
vulnerability VCID-mnz3-rj21-67ad
24
vulnerability VCID-n15v-ta9h-6ffb
25
vulnerability VCID-phgh-sd4m-zbdx
26
vulnerability VCID-remd-55jh-r3g5
27
vulnerability VCID-s55j-8hbt-akhn
28
vulnerability VCID-s64f-x81f-b7ce
29
vulnerability VCID-sw7v-fbjk-13hy
30
vulnerability VCID-t1n7-eswt-73gw
31
vulnerability VCID-t3jn-vwbx-u7cr
32
vulnerability VCID-usmv-r64u-m7cb
33
vulnerability VCID-ve7g-8st5-wffb
34
vulnerability VCID-vwb2-a84s-5qak
35
vulnerability VCID-vyvy-y3cw-hbgr
36
vulnerability VCID-w13x-3rp9-wyej
37
vulnerability VCID-xh7y-56vy-5ud8
38
vulnerability VCID-y32z-2d3f-gkgw
39
vulnerability VCID-yj9g-uz1a-jkf2
40
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19848, GHSA-77p4-wfr8-977w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcnj-6qb6-pbgz
16
url VCID-h63t-9enx-qfdn
vulnerability_id VCID-h63t-9enx-qfdn
summary 
Information Disclosure in TYPO3 CMS
Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-2.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-005
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-005
3
reference_url https://github.com/advisories/GHSA-g46h-v2cc-6c94
reference_id GHSA-g46h-v2cc-6c94
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g46h-v2cc-6c94
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6b5q-vzs3-pkcc
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-byp6-edft-fbhm
24
vulnerability VCID-c2tm-eqmm-1ugt
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-cmka-8484-27bu
27
vulnerability VCID-dbrh-t8zx-nkd9
28
vulnerability VCID-dj88-f3p8-cfbn
29
vulnerability VCID-dm97-51uu-r7gw
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-eajg-ctpd-2bby
33
vulnerability VCID-ehzg-bzrd-kbcc
34
vulnerability VCID-ekfd-wp8z-d7e1
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-gcnj-6qb6-pbgz
37
vulnerability VCID-he5m-6wj4-rbhc
38
vulnerability VCID-j77k-hjgx-5kc5
39
vulnerability VCID-jppe-cbgm-k3cz
40
vulnerability VCID-k4h1-mvnf-1ybx
41
vulnerability VCID-k8af-cg9k-87a9
42
vulnerability VCID-m7w6-b2xu-6uee
43
vulnerability VCID-mnz3-rj21-67ad
44
vulnerability VCID-n15v-ta9h-6ffb
45
vulnerability VCID-n78p-x7hh-gqcf
46
vulnerability VCID-nwxj-3ajk-rkh5
47
vulnerability VCID-pk8d-8u15-5bfq
48
vulnerability VCID-px44-19tj-h7aa
49
vulnerability VCID-q8hy-wjd9-nbgp
50
vulnerability VCID-qb4j-9tz7-m7a2
51
vulnerability VCID-rdrs-mhaw-b3ge
52
vulnerability VCID-s64f-x81f-b7ce
53
vulnerability VCID-shqd-udhm-pff8
54
vulnerability VCID-sr3p-pdxy-4yhu
55
vulnerability VCID-stzu-sxe6-5yf5
56
vulnerability VCID-t1n7-eswt-73gw
57
vulnerability VCID-t3jn-vwbx-u7cr
58
vulnerability VCID-tmrt-6fxw-5ugh
59
vulnerability VCID-tqf5-2fsm-8fch
60
vulnerability VCID-tw1y-t4qj-j3d1
61
vulnerability VCID-vndb-w8e1-4ugv
62
vulnerability VCID-vxj6-wvyz-zbaq
63
vulnerability VCID-vxry-uvph-kbfd
64
vulnerability VCID-vybh-pxr3-17hn
65
vulnerability VCID-vyvy-y3cw-hbgr
66
vulnerability VCID-wea9-egep-h7g5
67
vulnerability VCID-wkm6-cgc8-bfa8
68
vulnerability VCID-wr5t-xqnn-gkcj
69
vulnerability VCID-wxps-mnue-6bbh
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-xqew-bx7v-1qfk
73
vulnerability VCID-y32z-2d3f-gkgw
74
vulnerability VCID-zdq2-dhb2-6kaq
75
vulnerability VCID-zkea-ge1t-z7gn
76
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases GHSA-g46h-v2cc-6c94
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h63t-9enx-qfdn
17
url VCID-hpgq-deze-p7dp
vulnerability_id VCID-hpgq-deze-p7dp
summary Information Disclosure in TYPO3 CMS.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.0
purl pkg:composer/typo3/cms@8.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-9jj4-ec9n-qbhs
20
vulnerability VCID-a49c-fqrj-nbb3
21
vulnerability VCID-axaf-45kr-kbfe
22
vulnerability VCID-bajy-qbwq-fufn
23
vulnerability VCID-bnne-7p2q-eqd2
24
vulnerability VCID-bxjw-7426-gyb8
25
vulnerability VCID-byp6-edft-fbhm
26
vulnerability VCID-c2tm-eqmm-1ugt
27
vulnerability VCID-cm14-t8uv-k3es
28
vulnerability VCID-cmka-8484-27bu
29
vulnerability VCID-dbrh-t8zx-nkd9
30
vulnerability VCID-dj88-f3p8-cfbn
31
vulnerability VCID-dm97-51uu-r7gw
32
vulnerability VCID-dquc-7amf-e7cs
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e72u-tpc3-23g3
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ehzg-bzrd-kbcc
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-fy3g-uegw-2bew
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-h63t-9enx-qfdn
42
vulnerability VCID-he5m-6wj4-rbhc
43
vulnerability VCID-j77k-hjgx-5kc5
44
vulnerability VCID-jppe-cbgm-k3cz
45
vulnerability VCID-jqth-wfgx-87cx
46
vulnerability VCID-k4h1-mvnf-1ybx
47
vulnerability VCID-k8af-cg9k-87a9
48
vulnerability VCID-m7w6-b2xu-6uee
49
vulnerability VCID-mnz3-rj21-67ad
50
vulnerability VCID-mqbh-k9n3-nbed
51
vulnerability VCID-mub5-s7h1-57cy
52
vulnerability VCID-n15v-ta9h-6ffb
53
vulnerability VCID-n78p-x7hh-gqcf
54
vulnerability VCID-nwxj-3ajk-rkh5
55
vulnerability VCID-pk8d-8u15-5bfq
56
vulnerability VCID-pnfa-cksc-43de
57
vulnerability VCID-px44-19tj-h7aa
58
vulnerability VCID-q8hy-wjd9-nbgp
59
vulnerability VCID-qb4j-9tz7-m7a2
60
vulnerability VCID-rdrs-mhaw-b3ge
61
vulnerability VCID-rzw5-8d1u-sfam
62
vulnerability VCID-s64f-x81f-b7ce
63
vulnerability VCID-shqd-udhm-pff8
64
vulnerability VCID-sr3p-pdxy-4yhu
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-t1n7-eswt-73gw
67
vulnerability VCID-t3jn-vwbx-u7cr
68
vulnerability VCID-tmrt-6fxw-5ugh
69
vulnerability VCID-tqf5-2fsm-8fch
70
vulnerability VCID-tw1y-t4qj-j3d1
71
vulnerability VCID-vndb-w8e1-4ugv
72
vulnerability VCID-vxj6-wvyz-zbaq
73
vulnerability VCID-vxry-uvph-kbfd
74
vulnerability VCID-vybh-pxr3-17hn
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-wea9-egep-h7g5
77
vulnerability VCID-wkm6-cgc8-bfa8
78
vulnerability VCID-wr5t-xqnn-gkcj
79
vulnerability VCID-wxps-mnue-6bbh
80
vulnerability VCID-xa4m-xpa9-v7h8
81
vulnerability VCID-xh7y-56vy-5ud8
82
vulnerability VCID-xqew-bx7v-1qfk
83
vulnerability VCID-y32z-2d3f-gkgw
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0
aliases 2017-09-05-2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpgq-deze-p7dp
18
url VCID-hv3n-j8ck-1ufx
vulnerability_id VCID-hv3n-j8ck-1ufx
summary 
TYPO3 Remote Code Execution in third party library swiftmailer
TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code Execution.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-01-03-1.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-01-03-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-001
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-001
3
reference_url https://github.com/advisories/GHSA-g4pf-3jvq-2gcw
reference_id GHSA-g4pf-3jvq-2gcw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4pf-3jvq-2gcw
fixed_packages
0
url pkg:composer/typo3/cms@7.6.15
purl pkg:composer/typo3/cms@7.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-2fs8-bscc-3ye2
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6b5q-vzs3-pkcc
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-bnne-7p2q-eqd2
7
vulnerability VCID-bxjw-7426-gyb8
8
vulnerability VCID-dbrh-t8zx-nkd9
9
vulnerability VCID-dm97-51uu-r7gw
10
vulnerability VCID-dsu7-jjjq-f3e1
11
vulnerability VCID-ehzg-bzrd-kbcc
12
vulnerability VCID-ep6t-zwd1-4bb3
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-fy3g-uegw-2bew
15
vulnerability VCID-gcnj-6qb6-pbgz
16
vulnerability VCID-h63t-9enx-qfdn
17
vulnerability VCID-hpgq-deze-p7dp
18
vulnerability VCID-jqth-wfgx-87cx
19
vulnerability VCID-mnz3-rj21-67ad
20
vulnerability VCID-mqbh-k9n3-nbed
21
vulnerability VCID-mub5-s7h1-57cy
22
vulnerability VCID-n15v-ta9h-6ffb
23
vulnerability VCID-n78p-x7hh-gqcf
24
vulnerability VCID-nt6a-5zkv-pbcm
25
vulnerability VCID-nwxj-3ajk-rkh5
26
vulnerability VCID-pk8d-8u15-5bfq
27
vulnerability VCID-pnfa-cksc-43de
28
vulnerability VCID-rdrs-mhaw-b3ge
29
vulnerability VCID-rzw5-8d1u-sfam
30
vulnerability VCID-sr3p-pdxy-4yhu
31
vulnerability VCID-sxr7-cutf-8kh6
32
vulnerability VCID-t3jn-vwbx-u7cr
33
vulnerability VCID-tmrt-6fxw-5ugh
34
vulnerability VCID-tw1y-t4qj-j3d1
35
vulnerability VCID-vndb-w8e1-4ugv
36
vulnerability VCID-vrt1-aj9v-2kb6
37
vulnerability VCID-wge3-kxdq-f3bz
38
vulnerability VCID-wr5t-xqnn-gkcj
39
vulnerability VCID-wxps-mnue-6bbh
40
vulnerability VCID-xa4m-xpa9-v7h8
41
vulnerability VCID-xqew-bx7v-1qfk
42
vulnerability VCID-y32z-2d3f-gkgw
43
vulnerability VCID-zdq2-dhb2-6kaq
44
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.15
1
url pkg:composer/typo3/cms@8.5.1
purl pkg:composer/typo3/cms@8.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2fs8-bscc-3ye2
5
vulnerability VCID-2meq-x4kd-bbdn
6
vulnerability VCID-3gg5-1921-rbfs
7
vulnerability VCID-3n2r-awja-dug9
8
vulnerability VCID-3v4n-fzxa-bfaw
9
vulnerability VCID-4ack-haf2-cfbe
10
vulnerability VCID-4btk-jt5n-2ugf
11
vulnerability VCID-551q-gpyd-ffe8
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-5qfv-y43v-akdm
15
vulnerability VCID-5yg8-2cbr-d3as
16
vulnerability VCID-6487-15z5-pkd4
17
vulnerability VCID-6b5q-vzs3-pkcc
18
vulnerability VCID-9g62-zd1x-3bdg
19
vulnerability VCID-9gpp-ez8w-rqav
20
vulnerability VCID-9jj4-ec9n-qbhs
21
vulnerability VCID-axaf-45kr-kbfe
22
vulnerability VCID-bajy-qbwq-fufn
23
vulnerability VCID-bnne-7p2q-eqd2
24
vulnerability VCID-bxjw-7426-gyb8
25
vulnerability VCID-byp6-edft-fbhm
26
vulnerability VCID-c2tm-eqmm-1ugt
27
vulnerability VCID-cm14-t8uv-k3es
28
vulnerability VCID-cmka-8484-27bu
29
vulnerability VCID-dbrh-t8zx-nkd9
30
vulnerability VCID-dj88-f3p8-cfbn
31
vulnerability VCID-dm97-51uu-r7gw
32
vulnerability VCID-dquc-7amf-e7cs
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e72u-tpc3-23g3
35
vulnerability VCID-e7sv-4xc2-m3d5
36
vulnerability VCID-eajg-ctpd-2bby
37
vulnerability VCID-ehzg-bzrd-kbcc
38
vulnerability VCID-ekfd-wp8z-d7e1
39
vulnerability VCID-ep6t-zwd1-4bb3
40
vulnerability VCID-euk5-hagy-xqfz
41
vulnerability VCID-fy3g-uegw-2bew
42
vulnerability VCID-gcnj-6qb6-pbgz
43
vulnerability VCID-h63t-9enx-qfdn
44
vulnerability VCID-he5m-6wj4-rbhc
45
vulnerability VCID-hpgq-deze-p7dp
46
vulnerability VCID-j77k-hjgx-5kc5
47
vulnerability VCID-jppe-cbgm-k3cz
48
vulnerability VCID-jqth-wfgx-87cx
49
vulnerability VCID-k4h1-mvnf-1ybx
50
vulnerability VCID-k8af-cg9k-87a9
51
vulnerability VCID-m7w6-b2xu-6uee
52
vulnerability VCID-mnz3-rj21-67ad
53
vulnerability VCID-mqbh-k9n3-nbed
54
vulnerability VCID-mub5-s7h1-57cy
55
vulnerability VCID-n15v-ta9h-6ffb
56
vulnerability VCID-n78p-x7hh-gqcf
57
vulnerability VCID-nt6a-5zkv-pbcm
58
vulnerability VCID-nwxj-3ajk-rkh5
59
vulnerability VCID-pk8d-8u15-5bfq
60
vulnerability VCID-pnfa-cksc-43de
61
vulnerability VCID-px44-19tj-h7aa
62
vulnerability VCID-q8hy-wjd9-nbgp
63
vulnerability VCID-qb4j-9tz7-m7a2
64
vulnerability VCID-rdrs-mhaw-b3ge
65
vulnerability VCID-rzw5-8d1u-sfam
66
vulnerability VCID-s64f-x81f-b7ce
67
vulnerability VCID-shqd-udhm-pff8
68
vulnerability VCID-sr3p-pdxy-4yhu
69
vulnerability VCID-stzu-sxe6-5yf5
70
vulnerability VCID-t1n7-eswt-73gw
71
vulnerability VCID-t3jn-vwbx-u7cr
72
vulnerability VCID-tgma-cyvk-97ay
73
vulnerability VCID-tmrt-6fxw-5ugh
74
vulnerability VCID-tqf5-2fsm-8fch
75
vulnerability VCID-tw1y-t4qj-j3d1
76
vulnerability VCID-uw2r-3gvq-bbcq
77
vulnerability VCID-vndb-w8e1-4ugv
78
vulnerability VCID-vrt1-aj9v-2kb6
79
vulnerability VCID-vxj6-wvyz-zbaq
80
vulnerability VCID-vxry-uvph-kbfd
81
vulnerability VCID-vybh-pxr3-17hn
82
vulnerability VCID-wea9-egep-h7g5
83
vulnerability VCID-wge3-kxdq-f3bz
84
vulnerability VCID-wkm6-cgc8-bfa8
85
vulnerability VCID-wr5t-xqnn-gkcj
86
vulnerability VCID-wxps-mnue-6bbh
87
vulnerability VCID-xa4m-xpa9-v7h8
88
vulnerability VCID-xh7y-56vy-5ud8
89
vulnerability VCID-xqew-bx7v-1qfk
90
vulnerability VCID-y32z-2d3f-gkgw
91
vulnerability VCID-zdq2-dhb2-6kaq
92
vulnerability VCID-zkea-ge1t-z7gn
93
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.5.1
aliases GHSA-g4pf-3jvq-2gcw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hv3n-j8ck-1ufx
19
url VCID-jqth-wfgx-87cx
vulnerability_id VCID-jqth-wfgx-87cx
summary 
Unrestricted Upload of File with Dangerous Type
Unrestricted File Upload vulnerability in the `fileDenyPattern` in `sysext/core/Classes/Core/SystemEnvironmentBuilder`.
references
0
reference_url http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14251
reference_id
reference_type
scores
0
value 0.03536
scoring_system epss
scoring_elements 0.87684
published_at 2026-04-18T12:55:00Z
1
value 0.03536
scoring_system epss
scoring_elements 0.87669
published_at 2026-04-13T12:55:00Z
2
value 0.03536
scoring_system epss
scoring_elements 0.87672
published_at 2026-04-12T12:55:00Z
3
value 0.03536
scoring_system epss
scoring_elements 0.87624
published_at 2026-04-02T12:55:00Z
4
value 0.03536
scoring_system epss
scoring_elements 0.87681
published_at 2026-04-21T12:55:00Z
5
value 0.03536
scoring_system epss
scoring_elements 0.87614
published_at 2026-04-01T12:55:00Z
6
value 0.03536
scoring_system epss
scoring_elements 0.87637
published_at 2026-04-04T12:55:00Z
7
value 0.03536
scoring_system epss
scoring_elements 0.87677
published_at 2026-04-11T12:55:00Z
8
value 0.03536
scoring_system epss
scoring_elements 0.87666
published_at 2026-04-09T12:55:00Z
9
value 0.03536
scoring_system epss
scoring_elements 0.87659
published_at 2026-04-08T12:55:00Z
10
value 0.03536
scoring_system epss
scoring_elements 0.87639
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14251
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007
4
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
5
reference_url http://www.securityfocus.com/bid/100620
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/100620
6
reference_url http://www.securitytracker.com/id/1039295
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039295
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.10:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.11:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.12:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.13:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.14:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.16:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.17:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.18:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.18:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.18:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.19:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.19:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.2:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.20:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.21:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.21:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.21:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.3:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.4:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.5:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.6:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.7:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.8:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:7.6.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:7.6.9:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.0.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.0.1:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.1.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.1.1:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.1.2:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.2.0:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.2.1:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.3.0:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.3.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.4.0:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.4.1:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.5.0:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.5.1:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.6.0:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.6.1:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.0:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.1:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.2:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.7.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.3:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:8.7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:8.7.4:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14251
reference_id CVE-2017-14251
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14251
50
reference_url https://github.com/advisories/GHSA-fh4q-hxrw-cjqq
reference_id GHSA-fh4q-hxrw-cjqq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh4q-hxrw-cjqq
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6b5q-vzs3-pkcc
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-byp6-edft-fbhm
24
vulnerability VCID-c2tm-eqmm-1ugt
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-cmka-8484-27bu
27
vulnerability VCID-dbrh-t8zx-nkd9
28
vulnerability VCID-dj88-f3p8-cfbn
29
vulnerability VCID-dm97-51uu-r7gw
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-eajg-ctpd-2bby
33
vulnerability VCID-ehzg-bzrd-kbcc
34
vulnerability VCID-ekfd-wp8z-d7e1
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-gcnj-6qb6-pbgz
37
vulnerability VCID-he5m-6wj4-rbhc
38
vulnerability VCID-j77k-hjgx-5kc5
39
vulnerability VCID-jppe-cbgm-k3cz
40
vulnerability VCID-k4h1-mvnf-1ybx
41
vulnerability VCID-k8af-cg9k-87a9
42
vulnerability VCID-m7w6-b2xu-6uee
43
vulnerability VCID-mnz3-rj21-67ad
44
vulnerability VCID-n15v-ta9h-6ffb
45
vulnerability VCID-n78p-x7hh-gqcf
46
vulnerability VCID-nwxj-3ajk-rkh5
47
vulnerability VCID-pk8d-8u15-5bfq
48
vulnerability VCID-px44-19tj-h7aa
49
vulnerability VCID-q8hy-wjd9-nbgp
50
vulnerability VCID-qb4j-9tz7-m7a2
51
vulnerability VCID-rdrs-mhaw-b3ge
52
vulnerability VCID-s64f-x81f-b7ce
53
vulnerability VCID-shqd-udhm-pff8
54
vulnerability VCID-sr3p-pdxy-4yhu
55
vulnerability VCID-stzu-sxe6-5yf5
56
vulnerability VCID-t1n7-eswt-73gw
57
vulnerability VCID-t3jn-vwbx-u7cr
58
vulnerability VCID-tmrt-6fxw-5ugh
59
vulnerability VCID-tqf5-2fsm-8fch
60
vulnerability VCID-tw1y-t4qj-j3d1
61
vulnerability VCID-vndb-w8e1-4ugv
62
vulnerability VCID-vxj6-wvyz-zbaq
63
vulnerability VCID-vxry-uvph-kbfd
64
vulnerability VCID-vybh-pxr3-17hn
65
vulnerability VCID-vyvy-y3cw-hbgr
66
vulnerability VCID-wea9-egep-h7g5
67
vulnerability VCID-wkm6-cgc8-bfa8
68
vulnerability VCID-wr5t-xqnn-gkcj
69
vulnerability VCID-wxps-mnue-6bbh
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-xqew-bx7v-1qfk
73
vulnerability VCID-y32z-2d3f-gkgw
74
vulnerability VCID-zdq2-dhb2-6kaq
75
vulnerability VCID-zkea-ge1t-z7gn
76
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases CVE-2017-14251, GHSA-fh4q-hxrw-cjqq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqth-wfgx-87cx
20
url VCID-mnz3-rj21-67ad
vulnerability_id VCID-mnz3-rj21-67ad
summary 
TYPO3 CMS vulnerable to User Enumeration via Response Timing
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts.

Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.51649
published_at 2026-04-02T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.51712
published_at 2026-04-12T12:55:00Z
2
value 0.00283
scoring_system epss
scoring_elements 0.51734
published_at 2026-04-11T12:55:00Z
3
value 0.00283
scoring_system epss
scoring_elements 0.51685
published_at 2026-04-09T12:55:00Z
4
value 0.00283
scoring_system epss
scoring_elements 0.51689
published_at 2026-04-08T12:55:00Z
5
value 0.00283
scoring_system epss
scoring_elements 0.51634
published_at 2026-04-07T12:55:00Z
6
value 0.00283
scoring_system epss
scoring_elements 0.51674
published_at 2026-04-04T12:55:00Z
7
value 0.00283
scoring_system epss
scoring_elements 0.51723
published_at 2026-04-21T12:55:00Z
8
value 0.00283
scoring_system epss
scoring_elements 0.51744
published_at 2026-04-18T12:55:00Z
9
value 0.00283
scoring_system epss
scoring_elements 0.51737
published_at 2026-04-16T12:55:00Z
10
value 0.00283
scoring_system epss
scoring_elements 0.51696
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
5
reference_url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-007
9
reference_url https://github.com/advisories/GHSA-m392-235j-9r7r
reference_id GHSA-m392-235j-9r7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m392-235j-9r7r
fixed_packages
0
url pkg:composer/typo3/cms@10.4.32
purl pkg:composer/typo3/cms@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sdd-b1bn-cuhx
1
vulnerability VCID-t1n7-eswt-73gw
2
vulnerability VCID-ve7g-8st5-wffb
3
vulnerability VCID-vyvy-y3cw-hbgr
4
vulnerability VCID-w13x-3rp9-wyej
5
vulnerability VCID-yj9g-uz1a-jkf2
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.32
1
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sdd-b1bn-cuhx
1
vulnerability VCID-t1n7-eswt-73gw
2
vulnerability VCID-ve7g-8st5-wffb
3
vulnerability VCID-vyvy-y3cw-hbgr
4
vulnerability VCID-w13x-3rp9-wyej
5
vulnerability VCID-yj9g-uz1a-jkf2
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36105, GHSA-m392-235j-9r7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnz3-rj21-67ad
21
url VCID-mqbh-k9n3-nbed
vulnerability_id VCID-mqbh-k9n3-nbed
summary 
Information Disclosure
Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6b5q-vzs3-pkcc
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-byp6-edft-fbhm
24
vulnerability VCID-c2tm-eqmm-1ugt
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-cmka-8484-27bu
27
vulnerability VCID-dbrh-t8zx-nkd9
28
vulnerability VCID-dj88-f3p8-cfbn
29
vulnerability VCID-dm97-51uu-r7gw
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-eajg-ctpd-2bby
33
vulnerability VCID-ehzg-bzrd-kbcc
34
vulnerability VCID-ekfd-wp8z-d7e1
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-gcnj-6qb6-pbgz
37
vulnerability VCID-he5m-6wj4-rbhc
38
vulnerability VCID-j77k-hjgx-5kc5
39
vulnerability VCID-jppe-cbgm-k3cz
40
vulnerability VCID-k4h1-mvnf-1ybx
41
vulnerability VCID-k8af-cg9k-87a9
42
vulnerability VCID-m7w6-b2xu-6uee
43
vulnerability VCID-mnz3-rj21-67ad
44
vulnerability VCID-n15v-ta9h-6ffb
45
vulnerability VCID-n78p-x7hh-gqcf
46
vulnerability VCID-nwxj-3ajk-rkh5
47
vulnerability VCID-pk8d-8u15-5bfq
48
vulnerability VCID-px44-19tj-h7aa
49
vulnerability VCID-q8hy-wjd9-nbgp
50
vulnerability VCID-qb4j-9tz7-m7a2
51
vulnerability VCID-rdrs-mhaw-b3ge
52
vulnerability VCID-s64f-x81f-b7ce
53
vulnerability VCID-shqd-udhm-pff8
54
vulnerability VCID-sr3p-pdxy-4yhu
55
vulnerability VCID-stzu-sxe6-5yf5
56
vulnerability VCID-t1n7-eswt-73gw
57
vulnerability VCID-t3jn-vwbx-u7cr
58
vulnerability VCID-tmrt-6fxw-5ugh
59
vulnerability VCID-tqf5-2fsm-8fch
60
vulnerability VCID-tw1y-t4qj-j3d1
61
vulnerability VCID-vndb-w8e1-4ugv
62
vulnerability VCID-vxj6-wvyz-zbaq
63
vulnerability VCID-vxry-uvph-kbfd
64
vulnerability VCID-vybh-pxr3-17hn
65
vulnerability VCID-vyvy-y3cw-hbgr
66
vulnerability VCID-wea9-egep-h7g5
67
vulnerability VCID-wkm6-cgc8-bfa8
68
vulnerability VCID-wr5t-xqnn-gkcj
69
vulnerability VCID-wxps-mnue-6bbh
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-xqew-bx7v-1qfk
73
vulnerability VCID-y32z-2d3f-gkgw
74
vulnerability VCID-zdq2-dhb2-6kaq
75
vulnerability VCID-zkea-ge1t-z7gn
76
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-005
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqbh-k9n3-nbed
22
url VCID-mub5-s7h1-57cy
vulnerability_id VCID-mub5-s7h1-57cy
summary 
Information Disclosure in TYPO3 CMS
HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-3.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-09-05-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-006
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-006
3
reference_url https://github.com/advisories/GHSA-c7p6-3c9c-f88q
reference_id GHSA-c7p6-3c9c-f88q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7p6-3c9c-f88q
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6b5q-vzs3-pkcc
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-byp6-edft-fbhm
24
vulnerability VCID-c2tm-eqmm-1ugt
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-cmka-8484-27bu
27
vulnerability VCID-dbrh-t8zx-nkd9
28
vulnerability VCID-dj88-f3p8-cfbn
29
vulnerability VCID-dm97-51uu-r7gw
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-eajg-ctpd-2bby
33
vulnerability VCID-ehzg-bzrd-kbcc
34
vulnerability VCID-ekfd-wp8z-d7e1
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-gcnj-6qb6-pbgz
37
vulnerability VCID-he5m-6wj4-rbhc
38
vulnerability VCID-j77k-hjgx-5kc5
39
vulnerability VCID-jppe-cbgm-k3cz
40
vulnerability VCID-k4h1-mvnf-1ybx
41
vulnerability VCID-k8af-cg9k-87a9
42
vulnerability VCID-m7w6-b2xu-6uee
43
vulnerability VCID-mnz3-rj21-67ad
44
vulnerability VCID-n15v-ta9h-6ffb
45
vulnerability VCID-n78p-x7hh-gqcf
46
vulnerability VCID-nwxj-3ajk-rkh5
47
vulnerability VCID-pk8d-8u15-5bfq
48
vulnerability VCID-px44-19tj-h7aa
49
vulnerability VCID-q8hy-wjd9-nbgp
50
vulnerability VCID-qb4j-9tz7-m7a2
51
vulnerability VCID-rdrs-mhaw-b3ge
52
vulnerability VCID-s64f-x81f-b7ce
53
vulnerability VCID-shqd-udhm-pff8
54
vulnerability VCID-sr3p-pdxy-4yhu
55
vulnerability VCID-stzu-sxe6-5yf5
56
vulnerability VCID-t1n7-eswt-73gw
57
vulnerability VCID-t3jn-vwbx-u7cr
58
vulnerability VCID-tmrt-6fxw-5ugh
59
vulnerability VCID-tqf5-2fsm-8fch
60
vulnerability VCID-tw1y-t4qj-j3d1
61
vulnerability VCID-vndb-w8e1-4ugv
62
vulnerability VCID-vxj6-wvyz-zbaq
63
vulnerability VCID-vxry-uvph-kbfd
64
vulnerability VCID-vybh-pxr3-17hn
65
vulnerability VCID-vyvy-y3cw-hbgr
66
vulnerability VCID-wea9-egep-h7g5
67
vulnerability VCID-wkm6-cgc8-bfa8
68
vulnerability VCID-wr5t-xqnn-gkcj
69
vulnerability VCID-wxps-mnue-6bbh
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-xqew-bx7v-1qfk
73
vulnerability VCID-y32z-2d3f-gkgw
74
vulnerability VCID-zdq2-dhb2-6kaq
75
vulnerability VCID-zkea-ge1t-z7gn
76
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases GHSA-c7p6-3c9c-f88q
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mub5-s7h1-57cy
23
url VCID-n15v-ta9h-6ffb
vulnerability_id VCID-n15v-ta9h-6ffb
summary 
Inclusion of Sensitive Information in Log Files
TYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.55519
published_at 2026-04-01T12:55:00Z
1
value 0.00327
scoring_system epss
scoring_elements 0.5568
published_at 2026-04-21T12:55:00Z
2
value 0.00327
scoring_system epss
scoring_elements 0.55701
published_at 2026-04-18T12:55:00Z
3
value 0.00327
scoring_system epss
scoring_elements 0.55697
published_at 2026-04-16T12:55:00Z
4
value 0.00327
scoring_system epss
scoring_elements 0.55658
published_at 2026-04-13T12:55:00Z
5
value 0.00327
scoring_system epss
scoring_elements 0.55676
published_at 2026-04-12T12:55:00Z
6
value 0.00327
scoring_system epss
scoring_elements 0.55696
published_at 2026-04-11T12:55:00Z
7
value 0.00327
scoring_system epss
scoring_elements 0.55687
published_at 2026-04-09T12:55:00Z
8
value 0.00327
scoring_system epss
scoring_elements 0.55684
published_at 2026-04-08T12:55:00Z
9
value 0.00327
scoring_system epss
scoring_elements 0.55632
published_at 2026-04-07T12:55:00Z
10
value 0.00327
scoring_system epss
scoring_elements 0.55654
published_at 2026-04-04T12:55:00Z
11
value 0.00327
scoring_system epss
scoring_elements 0.5563
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
5
reference_url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-012
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-012
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
reference_id CVE-2021-32767
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
10
reference_url https://github.com/advisories/GHSA-34fr-fhqr-7235
reference_id GHSA-34fr-fhqr-7235
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34fr-fhqr-7235
fixed_packages
0
url pkg:composer/typo3/cms@9.5.28
purl pkg:composer/typo3/cms@9.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-bajy-qbwq-fufn
2
vulnerability VCID-ekfd-wp8z-d7e1
3
vulnerability VCID-mnz3-rj21-67ad
4
vulnerability VCID-s64f-x81f-b7ce
5
vulnerability VCID-t1n7-eswt-73gw
6
vulnerability VCID-ve7g-8st5-wffb
7
vulnerability VCID-vyvy-y3cw-hbgr
8
vulnerability VCID-y32z-2d3f-gkgw
9
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.28
1
url pkg:composer/typo3/cms@10.4.18
purl pkg:composer/typo3/cms@10.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-8sdd-b1bn-cuhx
4
vulnerability VCID-av8u-rvzq-4fc7
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-e32h-8q61-hbgc
7
vulnerability VCID-mnz3-rj21-67ad
8
vulnerability VCID-remd-55jh-r3g5
9
vulnerability VCID-s55j-8hbt-akhn
10
vulnerability VCID-t1n7-eswt-73gw
11
vulnerability VCID-ve7g-8st5-wffb
12
vulnerability VCID-vwb2-a84s-5qak
13
vulnerability VCID-vyvy-y3cw-hbgr
14
vulnerability VCID-w13x-3rp9-wyej
15
vulnerability VCID-y32z-2d3f-gkgw
16
vulnerability VCID-yj9g-uz1a-jkf2
17
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.18
2
url pkg:composer/typo3/cms@11.3.1
purl pkg:composer/typo3/cms@11.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-8sdd-b1bn-cuhx
4
vulnerability VCID-av8u-rvzq-4fc7
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-e32h-8q61-hbgc
7
vulnerability VCID-jjbn-6efk-nud2
8
vulnerability VCID-mnz3-rj21-67ad
9
vulnerability VCID-remd-55jh-r3g5
10
vulnerability VCID-s55j-8hbt-akhn
11
vulnerability VCID-t1n7-eswt-73gw
12
vulnerability VCID-uyeu-a3xr-fkh4
13
vulnerability VCID-ve7g-8st5-wffb
14
vulnerability VCID-vwb2-a84s-5qak
15
vulnerability VCID-vyvy-y3cw-hbgr
16
vulnerability VCID-w13x-3rp9-wyej
17
vulnerability VCID-y32z-2d3f-gkgw
18
vulnerability VCID-yj9g-uz1a-jkf2
19
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.1
aliases CVE-2021-32767, GHSA-34fr-fhqr-7235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n15v-ta9h-6ffb
24
url VCID-n78p-x7hh-gqcf
vulnerability_id VCID-n78p-x7hh-gqcf
summary Information Disclosure in Install Tool.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases 2018-12-11-5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n78p-x7hh-gqcf
25
url VCID-nt6a-5zkv-pbcm
vulnerability_id VCID-nt6a-5zkv-pbcm
summary 
Code Injection
Arbitrary Code Execution in TYPO3 CMS.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.0
purl pkg:composer/typo3/cms@8.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-9jj4-ec9n-qbhs
20
vulnerability VCID-a49c-fqrj-nbb3
21
vulnerability VCID-axaf-45kr-kbfe
22
vulnerability VCID-bajy-qbwq-fufn
23
vulnerability VCID-bnne-7p2q-eqd2
24
vulnerability VCID-bxjw-7426-gyb8
25
vulnerability VCID-byp6-edft-fbhm
26
vulnerability VCID-c2tm-eqmm-1ugt
27
vulnerability VCID-cm14-t8uv-k3es
28
vulnerability VCID-cmka-8484-27bu
29
vulnerability VCID-dbrh-t8zx-nkd9
30
vulnerability VCID-dj88-f3p8-cfbn
31
vulnerability VCID-dm97-51uu-r7gw
32
vulnerability VCID-dquc-7amf-e7cs
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e72u-tpc3-23g3
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ehzg-bzrd-kbcc
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-fy3g-uegw-2bew
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-h63t-9enx-qfdn
42
vulnerability VCID-he5m-6wj4-rbhc
43
vulnerability VCID-j77k-hjgx-5kc5
44
vulnerability VCID-jppe-cbgm-k3cz
45
vulnerability VCID-jqth-wfgx-87cx
46
vulnerability VCID-k4h1-mvnf-1ybx
47
vulnerability VCID-k8af-cg9k-87a9
48
vulnerability VCID-m7w6-b2xu-6uee
49
vulnerability VCID-mnz3-rj21-67ad
50
vulnerability VCID-mqbh-k9n3-nbed
51
vulnerability VCID-mub5-s7h1-57cy
52
vulnerability VCID-n15v-ta9h-6ffb
53
vulnerability VCID-n78p-x7hh-gqcf
54
vulnerability VCID-nwxj-3ajk-rkh5
55
vulnerability VCID-pk8d-8u15-5bfq
56
vulnerability VCID-pnfa-cksc-43de
57
vulnerability VCID-px44-19tj-h7aa
58
vulnerability VCID-q8hy-wjd9-nbgp
59
vulnerability VCID-qb4j-9tz7-m7a2
60
vulnerability VCID-rdrs-mhaw-b3ge
61
vulnerability VCID-rzw5-8d1u-sfam
62
vulnerability VCID-s64f-x81f-b7ce
63
vulnerability VCID-shqd-udhm-pff8
64
vulnerability VCID-sr3p-pdxy-4yhu
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-t1n7-eswt-73gw
67
vulnerability VCID-t3jn-vwbx-u7cr
68
vulnerability VCID-tmrt-6fxw-5ugh
69
vulnerability VCID-tqf5-2fsm-8fch
70
vulnerability VCID-tw1y-t4qj-j3d1
71
vulnerability VCID-vndb-w8e1-4ugv
72
vulnerability VCID-vxj6-wvyz-zbaq
73
vulnerability VCID-vxry-uvph-kbfd
74
vulnerability VCID-vybh-pxr3-17hn
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-wea9-egep-h7g5
77
vulnerability VCID-wkm6-cgc8-bfa8
78
vulnerability VCID-wr5t-xqnn-gkcj
79
vulnerability VCID-wxps-mnue-6bbh
80
vulnerability VCID-xa4m-xpa9-v7h8
81
vulnerability VCID-xh7y-56vy-5ud8
82
vulnerability VCID-xqew-bx7v-1qfk
83
vulnerability VCID-y32z-2d3f-gkgw
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0
aliases 2017-09-05-4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nt6a-5zkv-pbcm
26
url VCID-nwxj-3ajk-rkh5
vulnerability_id VCID-nwxj-3ajk-rkh5
summary 
Cross-site Scripting
The page module in TYPO3 is vulnerable to XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6905
reference_id
reference_type
scores
0
value 0.02274
scoring_system epss
scoring_elements 0.84681
published_at 2026-04-21T12:55:00Z
1
value 0.02274
scoring_system epss
scoring_elements 0.84584
published_at 2026-04-01T12:55:00Z
2
value 0.02274
scoring_system epss
scoring_elements 0.84599
published_at 2026-04-02T12:55:00Z
3
value 0.02274
scoring_system epss
scoring_elements 0.84619
published_at 2026-04-04T12:55:00Z
4
value 0.02274
scoring_system epss
scoring_elements 0.84621
published_at 2026-04-07T12:55:00Z
5
value 0.02274
scoring_system epss
scoring_elements 0.84642
published_at 2026-04-08T12:55:00Z
6
value 0.02274
scoring_system epss
scoring_elements 0.84649
published_at 2026-04-09T12:55:00Z
7
value 0.02274
scoring_system epss
scoring_elements 0.84666
published_at 2026-04-11T12:55:00Z
8
value 0.02274
scoring_system epss
scoring_elements 0.84662
published_at 2026-04-12T12:55:00Z
9
value 0.02274
scoring_system epss
scoring_elements 0.84657
published_at 2026-04-13T12:55:00Z
10
value 0.02274
scoring_system epss
scoring_elements 0.84678
published_at 2026-04-16T12:55:00Z
11
value 0.02274
scoring_system epss
scoring_elements 0.84679
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6905
1
reference_url https://forge.typo3.org/issues/84191
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forge.typo3.org/issues/84191
2
reference_url https://github.com/pradeepjairamani/TYPO3-XSS-POC
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pradeepjairamani/TYPO3-XSS-POC
3
reference_url https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35
4
reference_url http://www.securitytracker.com/id/1040755
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1040755
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
reference_id CVE-2018-6905
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
6
reference_url https://github.com/advisories/GHSA-3w22-wrwx-2r75
reference_id GHSA-3w22-wrwx-2r75
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3w22-wrwx-2r75
fixed_packages
0
url pkg:composer/typo3/cms@8.7.11
purl pkg:composer/typo3/cms@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6b5q-vzs3-pkcc
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-byp6-edft-fbhm
24
vulnerability VCID-c2tm-eqmm-1ugt
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-cmka-8484-27bu
27
vulnerability VCID-dbrh-t8zx-nkd9
28
vulnerability VCID-dj88-f3p8-cfbn
29
vulnerability VCID-dm97-51uu-r7gw
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-eajg-ctpd-2bby
33
vulnerability VCID-ehzg-bzrd-kbcc
34
vulnerability VCID-ekfd-wp8z-d7e1
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-gcnj-6qb6-pbgz
37
vulnerability VCID-he5m-6wj4-rbhc
38
vulnerability VCID-j77k-hjgx-5kc5
39
vulnerability VCID-jppe-cbgm-k3cz
40
vulnerability VCID-k4h1-mvnf-1ybx
41
vulnerability VCID-k8af-cg9k-87a9
42
vulnerability VCID-m7w6-b2xu-6uee
43
vulnerability VCID-mnz3-rj21-67ad
44
vulnerability VCID-n15v-ta9h-6ffb
45
vulnerability VCID-n78p-x7hh-gqcf
46
vulnerability VCID-pk8d-8u15-5bfq
47
vulnerability VCID-px44-19tj-h7aa
48
vulnerability VCID-q8hy-wjd9-nbgp
49
vulnerability VCID-qb4j-9tz7-m7a2
50
vulnerability VCID-rdrs-mhaw-b3ge
51
vulnerability VCID-s64f-x81f-b7ce
52
vulnerability VCID-shqd-udhm-pff8
53
vulnerability VCID-sr3p-pdxy-4yhu
54
vulnerability VCID-stzu-sxe6-5yf5
55
vulnerability VCID-t1n7-eswt-73gw
56
vulnerability VCID-t3jn-vwbx-u7cr
57
vulnerability VCID-tmrt-6fxw-5ugh
58
vulnerability VCID-tqf5-2fsm-8fch
59
vulnerability VCID-tw1y-t4qj-j3d1
60
vulnerability VCID-vndb-w8e1-4ugv
61
vulnerability VCID-vxj6-wvyz-zbaq
62
vulnerability VCID-vxry-uvph-kbfd
63
vulnerability VCID-vybh-pxr3-17hn
64
vulnerability VCID-vyvy-y3cw-hbgr
65
vulnerability VCID-wea9-egep-h7g5
66
vulnerability VCID-wkm6-cgc8-bfa8
67
vulnerability VCID-wr5t-xqnn-gkcj
68
vulnerability VCID-wxps-mnue-6bbh
69
vulnerability VCID-xa4m-xpa9-v7h8
70
vulnerability VCID-xh7y-56vy-5ud8
71
vulnerability VCID-xqew-bx7v-1qfk
72
vulnerability VCID-y32z-2d3f-gkgw
73
vulnerability VCID-zdq2-dhb2-6kaq
74
vulnerability VCID-zkea-ge1t-z7gn
75
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.11
1
url pkg:composer/typo3/cms@9.1.0
purl pkg:composer/typo3/cms@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-2mn6-mdmz-4yd9
6
vulnerability VCID-3gg5-1921-rbfs
7
vulnerability VCID-3n2r-awja-dug9
8
vulnerability VCID-3v4n-fzxa-bfaw
9
vulnerability VCID-4ack-haf2-cfbe
10
vulnerability VCID-4btk-jt5n-2ugf
11
vulnerability VCID-4mkw-tv16-jyca
12
vulnerability VCID-543x-cnbz-1kb9
13
vulnerability VCID-551q-gpyd-ffe8
14
vulnerability VCID-58js-jzm4-4fc7
15
vulnerability VCID-5jgb-dsyx-hyb4
16
vulnerability VCID-5kzs-ex81-bbaj
17
vulnerability VCID-5paq-5frf-43ed
18
vulnerability VCID-6487-15z5-pkd4
19
vulnerability VCID-6a9t-8dmn-s3bv
20
vulnerability VCID-6b5q-vzs3-pkcc
21
vulnerability VCID-9g62-zd1x-3bdg
22
vulnerability VCID-9gpp-ez8w-rqav
23
vulnerability VCID-9jj4-ec9n-qbhs
24
vulnerability VCID-a49c-fqrj-nbb3
25
vulnerability VCID-anfj-pmkg-skhe
26
vulnerability VCID-axaf-45kr-kbfe
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-bnne-7p2q-eqd2
29
vulnerability VCID-bxjw-7426-gyb8
30
vulnerability VCID-byp6-edft-fbhm
31
vulnerability VCID-c2tm-eqmm-1ugt
32
vulnerability VCID-cm14-t8uv-k3es
33
vulnerability VCID-cmka-8484-27bu
34
vulnerability VCID-d8d1-sat6-muhe
35
vulnerability VCID-dbrh-t8zx-nkd9
36
vulnerability VCID-dcy2-efyc-6qgq
37
vulnerability VCID-dj88-f3p8-cfbn
38
vulnerability VCID-dm97-51uu-r7gw
39
vulnerability VCID-dsu7-jjjq-f3e1
40
vulnerability VCID-e72u-tpc3-23g3
41
vulnerability VCID-eajg-ctpd-2bby
42
vulnerability VCID-ekfd-wp8z-d7e1
43
vulnerability VCID-f963-qur3-2qb7
44
vulnerability VCID-gcnj-6qb6-pbgz
45
vulnerability VCID-he5m-6wj4-rbhc
46
vulnerability VCID-jppe-cbgm-k3cz
47
vulnerability VCID-k4h1-mvnf-1ybx
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-kc67-7kf7-s3d7
50
vulnerability VCID-kj9x-psfz-2ug1
51
vulnerability VCID-m7w6-b2xu-6uee
52
vulnerability VCID-mnz3-rj21-67ad
53
vulnerability VCID-n15v-ta9h-6ffb
54
vulnerability VCID-n78p-x7hh-gqcf
55
vulnerability VCID-p715-yexd-jfgc
56
vulnerability VCID-phgh-sd4m-zbdx
57
vulnerability VCID-pk8d-8u15-5bfq
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-qb4j-9tz7-m7a2
61
vulnerability VCID-raxk-rm9v-hubn
62
vulnerability VCID-rdrs-mhaw-b3ge
63
vulnerability VCID-s64f-x81f-b7ce
64
vulnerability VCID-shqd-udhm-pff8
65
vulnerability VCID-sr3p-pdxy-4yhu
66
vulnerability VCID-stzu-sxe6-5yf5
67
vulnerability VCID-sw7v-fbjk-13hy
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-tmrt-6fxw-5ugh
71
vulnerability VCID-tqf5-2fsm-8fch
72
vulnerability VCID-tw1y-t4qj-j3d1
73
vulnerability VCID-u9bx-8e86-wbew
74
vulnerability VCID-ve7g-8st5-wffb
75
vulnerability VCID-vndb-w8e1-4ugv
76
vulnerability VCID-vxj6-wvyz-zbaq
77
vulnerability VCID-vxry-uvph-kbfd
78
vulnerability VCID-vybh-pxr3-17hn
79
vulnerability VCID-vyvy-y3cw-hbgr
80
vulnerability VCID-wea9-egep-h7g5
81
vulnerability VCID-wkm6-cgc8-bfa8
82
vulnerability VCID-wr5t-xqnn-gkcj
83
vulnerability VCID-wxps-mnue-6bbh
84
vulnerability VCID-xa4m-xpa9-v7h8
85
vulnerability VCID-xh7y-56vy-5ud8
86
vulnerability VCID-xtdg-uj46-rkcm
87
vulnerability VCID-xwc2-z7hx-4qa7
88
vulnerability VCID-y32z-2d3f-gkgw
89
vulnerability VCID-zdq2-dhb2-6kaq
90
vulnerability VCID-zkea-ge1t-z7gn
91
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.1.0
2
url pkg:composer/typo3/cms@9.2.0
purl pkg:composer/typo3/cms@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-2mn6-mdmz-4yd9
6
vulnerability VCID-3gg5-1921-rbfs
7
vulnerability VCID-3n2r-awja-dug9
8
vulnerability VCID-3v4n-fzxa-bfaw
9
vulnerability VCID-4ack-haf2-cfbe
10
vulnerability VCID-4btk-jt5n-2ugf
11
vulnerability VCID-4mkw-tv16-jyca
12
vulnerability VCID-543x-cnbz-1kb9
13
vulnerability VCID-551q-gpyd-ffe8
14
vulnerability VCID-58js-jzm4-4fc7
15
vulnerability VCID-5jgb-dsyx-hyb4
16
vulnerability VCID-5kzs-ex81-bbaj
17
vulnerability VCID-5paq-5frf-43ed
18
vulnerability VCID-6487-15z5-pkd4
19
vulnerability VCID-6a9t-8dmn-s3bv
20
vulnerability VCID-6b5q-vzs3-pkcc
21
vulnerability VCID-9g62-zd1x-3bdg
22
vulnerability VCID-9gpp-ez8w-rqav
23
vulnerability VCID-9jj4-ec9n-qbhs
24
vulnerability VCID-a49c-fqrj-nbb3
25
vulnerability VCID-anfj-pmkg-skhe
26
vulnerability VCID-axaf-45kr-kbfe
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-bnne-7p2q-eqd2
29
vulnerability VCID-bxjw-7426-gyb8
30
vulnerability VCID-byp6-edft-fbhm
31
vulnerability VCID-c2tm-eqmm-1ugt
32
vulnerability VCID-cm14-t8uv-k3es
33
vulnerability VCID-cmka-8484-27bu
34
vulnerability VCID-d8d1-sat6-muhe
35
vulnerability VCID-dbrh-t8zx-nkd9
36
vulnerability VCID-dcy2-efyc-6qgq
37
vulnerability VCID-dj88-f3p8-cfbn
38
vulnerability VCID-dm97-51uu-r7gw
39
vulnerability VCID-dsu7-jjjq-f3e1
40
vulnerability VCID-e72u-tpc3-23g3
41
vulnerability VCID-eajg-ctpd-2bby
42
vulnerability VCID-ekfd-wp8z-d7e1
43
vulnerability VCID-f963-qur3-2qb7
44
vulnerability VCID-gcnj-6qb6-pbgz
45
vulnerability VCID-he5m-6wj4-rbhc
46
vulnerability VCID-jppe-cbgm-k3cz
47
vulnerability VCID-k4h1-mvnf-1ybx
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-kc67-7kf7-s3d7
50
vulnerability VCID-kj9x-psfz-2ug1
51
vulnerability VCID-m7w6-b2xu-6uee
52
vulnerability VCID-mnz3-rj21-67ad
53
vulnerability VCID-n15v-ta9h-6ffb
54
vulnerability VCID-n78p-x7hh-gqcf
55
vulnerability VCID-p715-yexd-jfgc
56
vulnerability VCID-phgh-sd4m-zbdx
57
vulnerability VCID-pk8d-8u15-5bfq
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-qb4j-9tz7-m7a2
61
vulnerability VCID-raxk-rm9v-hubn
62
vulnerability VCID-rdrs-mhaw-b3ge
63
vulnerability VCID-s64f-x81f-b7ce
64
vulnerability VCID-shqd-udhm-pff8
65
vulnerability VCID-sr3p-pdxy-4yhu
66
vulnerability VCID-stzu-sxe6-5yf5
67
vulnerability VCID-sw7v-fbjk-13hy
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-tmrt-6fxw-5ugh
71
vulnerability VCID-tqf5-2fsm-8fch
72
vulnerability VCID-tw1y-t4qj-j3d1
73
vulnerability VCID-u9bx-8e86-wbew
74
vulnerability VCID-ve7g-8st5-wffb
75
vulnerability VCID-vndb-w8e1-4ugv
76
vulnerability VCID-vxj6-wvyz-zbaq
77
vulnerability VCID-vxry-uvph-kbfd
78
vulnerability VCID-vybh-pxr3-17hn
79
vulnerability VCID-vyvy-y3cw-hbgr
80
vulnerability VCID-wea9-egep-h7g5
81
vulnerability VCID-wkm6-cgc8-bfa8
82
vulnerability VCID-wr5t-xqnn-gkcj
83
vulnerability VCID-wxps-mnue-6bbh
84
vulnerability VCID-xa4m-xpa9-v7h8
85
vulnerability VCID-xh7y-56vy-5ud8
86
vulnerability VCID-xtdg-uj46-rkcm
87
vulnerability VCID-xwc2-z7hx-4qa7
88
vulnerability VCID-y32z-2d3f-gkgw
89
vulnerability VCID-zdq2-dhb2-6kaq
90
vulnerability VCID-zkea-ge1t-z7gn
91
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.2.0
aliases CVE-2018-6905, GHSA-3w22-wrwx-2r75
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwxj-3ajk-rkh5
27
url VCID-pk8d-8u15-5bfq
vulnerability_id VCID-pk8d-8u15-5bfq
summary 
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (*`.youtube` and *`.vimeo` files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509
3
reference_url https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b
4
reference_url https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-011
6
reference_url https://github.com/advisories/GHSA-f3wf-q4fj-3gxf
reference_id GHSA-f3wf-q4fj-3gxf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3wf-q4fj-3gxf
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-f3wf-q4fj-3gxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pk8d-8u15-5bfq
28
url VCID-pnfa-cksc-43de
vulnerability_id VCID-pnfa-cksc-43de
summary 
Information Disclosure
HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6b5q-vzs3-pkcc
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-byp6-edft-fbhm
24
vulnerability VCID-c2tm-eqmm-1ugt
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-cmka-8484-27bu
27
vulnerability VCID-dbrh-t8zx-nkd9
28
vulnerability VCID-dj88-f3p8-cfbn
29
vulnerability VCID-dm97-51uu-r7gw
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-eajg-ctpd-2bby
33
vulnerability VCID-ehzg-bzrd-kbcc
34
vulnerability VCID-ekfd-wp8z-d7e1
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-gcnj-6qb6-pbgz
37
vulnerability VCID-he5m-6wj4-rbhc
38
vulnerability VCID-j77k-hjgx-5kc5
39
vulnerability VCID-jppe-cbgm-k3cz
40
vulnerability VCID-k4h1-mvnf-1ybx
41
vulnerability VCID-k8af-cg9k-87a9
42
vulnerability VCID-m7w6-b2xu-6uee
43
vulnerability VCID-mnz3-rj21-67ad
44
vulnerability VCID-n15v-ta9h-6ffb
45
vulnerability VCID-n78p-x7hh-gqcf
46
vulnerability VCID-nwxj-3ajk-rkh5
47
vulnerability VCID-pk8d-8u15-5bfq
48
vulnerability VCID-px44-19tj-h7aa
49
vulnerability VCID-q8hy-wjd9-nbgp
50
vulnerability VCID-qb4j-9tz7-m7a2
51
vulnerability VCID-rdrs-mhaw-b3ge
52
vulnerability VCID-s64f-x81f-b7ce
53
vulnerability VCID-shqd-udhm-pff8
54
vulnerability VCID-sr3p-pdxy-4yhu
55
vulnerability VCID-stzu-sxe6-5yf5
56
vulnerability VCID-t1n7-eswt-73gw
57
vulnerability VCID-t3jn-vwbx-u7cr
58
vulnerability VCID-tmrt-6fxw-5ugh
59
vulnerability VCID-tqf5-2fsm-8fch
60
vulnerability VCID-tw1y-t4qj-j3d1
61
vulnerability VCID-vndb-w8e1-4ugv
62
vulnerability VCID-vxj6-wvyz-zbaq
63
vulnerability VCID-vxry-uvph-kbfd
64
vulnerability VCID-vybh-pxr3-17hn
65
vulnerability VCID-vyvy-y3cw-hbgr
66
vulnerability VCID-wea9-egep-h7g5
67
vulnerability VCID-wkm6-cgc8-bfa8
68
vulnerability VCID-wr5t-xqnn-gkcj
69
vulnerability VCID-wxps-mnue-6bbh
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-xqew-bx7v-1qfk
73
vulnerability VCID-y32z-2d3f-gkgw
74
vulnerability VCID-zdq2-dhb2-6kaq
75
vulnerability VCID-zkea-ge1t-z7gn
76
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-006
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnfa-cksc-43de
29
url VCID-q9ak-qcq6-qfhy
vulnerability_id VCID-q9ak-qcq6-qfhy
summary 
Code Injection
Remote Code Execution in third party library swiftmailer.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.15
purl pkg:composer/typo3/cms@7.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-2fs8-bscc-3ye2
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6b5q-vzs3-pkcc
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-bnne-7p2q-eqd2
7
vulnerability VCID-bxjw-7426-gyb8
8
vulnerability VCID-dbrh-t8zx-nkd9
9
vulnerability VCID-dm97-51uu-r7gw
10
vulnerability VCID-dsu7-jjjq-f3e1
11
vulnerability VCID-ehzg-bzrd-kbcc
12
vulnerability VCID-ep6t-zwd1-4bb3
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-fy3g-uegw-2bew
15
vulnerability VCID-gcnj-6qb6-pbgz
16
vulnerability VCID-h63t-9enx-qfdn
17
vulnerability VCID-hpgq-deze-p7dp
18
vulnerability VCID-jqth-wfgx-87cx
19
vulnerability VCID-mnz3-rj21-67ad
20
vulnerability VCID-mqbh-k9n3-nbed
21
vulnerability VCID-mub5-s7h1-57cy
22
vulnerability VCID-n15v-ta9h-6ffb
23
vulnerability VCID-n78p-x7hh-gqcf
24
vulnerability VCID-nt6a-5zkv-pbcm
25
vulnerability VCID-nwxj-3ajk-rkh5
26
vulnerability VCID-pk8d-8u15-5bfq
27
vulnerability VCID-pnfa-cksc-43de
28
vulnerability VCID-rdrs-mhaw-b3ge
29
vulnerability VCID-rzw5-8d1u-sfam
30
vulnerability VCID-sr3p-pdxy-4yhu
31
vulnerability VCID-sxr7-cutf-8kh6
32
vulnerability VCID-t3jn-vwbx-u7cr
33
vulnerability VCID-tmrt-6fxw-5ugh
34
vulnerability VCID-tw1y-t4qj-j3d1
35
vulnerability VCID-vndb-w8e1-4ugv
36
vulnerability VCID-vrt1-aj9v-2kb6
37
vulnerability VCID-wge3-kxdq-f3bz
38
vulnerability VCID-wr5t-xqnn-gkcj
39
vulnerability VCID-wxps-mnue-6bbh
40
vulnerability VCID-xa4m-xpa9-v7h8
41
vulnerability VCID-xqew-bx7v-1qfk
42
vulnerability VCID-y32z-2d3f-gkgw
43
vulnerability VCID-zdq2-dhb2-6kaq
44
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.15
1
url pkg:composer/typo3/cms@8.5.0
purl pkg:composer/typo3/cms@8.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2fs8-bscc-3ye2
5
vulnerability VCID-2meq-x4kd-bbdn
6
vulnerability VCID-3gg5-1921-rbfs
7
vulnerability VCID-3n2r-awja-dug9
8
vulnerability VCID-3v4n-fzxa-bfaw
9
vulnerability VCID-4ack-haf2-cfbe
10
vulnerability VCID-4btk-jt5n-2ugf
11
vulnerability VCID-551q-gpyd-ffe8
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-5qfv-y43v-akdm
15
vulnerability VCID-5yg8-2cbr-d3as
16
vulnerability VCID-6487-15z5-pkd4
17
vulnerability VCID-6b5q-vzs3-pkcc
18
vulnerability VCID-9g62-zd1x-3bdg
19
vulnerability VCID-9gpp-ez8w-rqav
20
vulnerability VCID-9jj4-ec9n-qbhs
21
vulnerability VCID-axaf-45kr-kbfe
22
vulnerability VCID-bajy-qbwq-fufn
23
vulnerability VCID-bnne-7p2q-eqd2
24
vulnerability VCID-bxjw-7426-gyb8
25
vulnerability VCID-byp6-edft-fbhm
26
vulnerability VCID-c2tm-eqmm-1ugt
27
vulnerability VCID-cm14-t8uv-k3es
28
vulnerability VCID-cmka-8484-27bu
29
vulnerability VCID-dbrh-t8zx-nkd9
30
vulnerability VCID-dj88-f3p8-cfbn
31
vulnerability VCID-dm97-51uu-r7gw
32
vulnerability VCID-dquc-7amf-e7cs
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e72u-tpc3-23g3
35
vulnerability VCID-e7sv-4xc2-m3d5
36
vulnerability VCID-eajg-ctpd-2bby
37
vulnerability VCID-ehzg-bzrd-kbcc
38
vulnerability VCID-ekfd-wp8z-d7e1
39
vulnerability VCID-ep6t-zwd1-4bb3
40
vulnerability VCID-euk5-hagy-xqfz
41
vulnerability VCID-fy3g-uegw-2bew
42
vulnerability VCID-gcnj-6qb6-pbgz
43
vulnerability VCID-h63t-9enx-qfdn
44
vulnerability VCID-he5m-6wj4-rbhc
45
vulnerability VCID-hpgq-deze-p7dp
46
vulnerability VCID-hv3n-j8ck-1ufx
47
vulnerability VCID-j77k-hjgx-5kc5
48
vulnerability VCID-jppe-cbgm-k3cz
49
vulnerability VCID-jqth-wfgx-87cx
50
vulnerability VCID-k4h1-mvnf-1ybx
51
vulnerability VCID-k8af-cg9k-87a9
52
vulnerability VCID-m7w6-b2xu-6uee
53
vulnerability VCID-mnz3-rj21-67ad
54
vulnerability VCID-mqbh-k9n3-nbed
55
vulnerability VCID-mub5-s7h1-57cy
56
vulnerability VCID-n15v-ta9h-6ffb
57
vulnerability VCID-n78p-x7hh-gqcf
58
vulnerability VCID-nt6a-5zkv-pbcm
59
vulnerability VCID-nwxj-3ajk-rkh5
60
vulnerability VCID-pk8d-8u15-5bfq
61
vulnerability VCID-pnfa-cksc-43de
62
vulnerability VCID-px44-19tj-h7aa
63
vulnerability VCID-q8hy-wjd9-nbgp
64
vulnerability VCID-qb4j-9tz7-m7a2
65
vulnerability VCID-rdrs-mhaw-b3ge
66
vulnerability VCID-rzw5-8d1u-sfam
67
vulnerability VCID-s64f-x81f-b7ce
68
vulnerability VCID-shqd-udhm-pff8
69
vulnerability VCID-sr3p-pdxy-4yhu
70
vulnerability VCID-stzu-sxe6-5yf5
71
vulnerability VCID-t1n7-eswt-73gw
72
vulnerability VCID-t3jn-vwbx-u7cr
73
vulnerability VCID-tgma-cyvk-97ay
74
vulnerability VCID-tmrt-6fxw-5ugh
75
vulnerability VCID-tqf5-2fsm-8fch
76
vulnerability VCID-tw1y-t4qj-j3d1
77
vulnerability VCID-uw2r-3gvq-bbcq
78
vulnerability VCID-vndb-w8e1-4ugv
79
vulnerability VCID-vrt1-aj9v-2kb6
80
vulnerability VCID-vxj6-wvyz-zbaq
81
vulnerability VCID-vxry-uvph-kbfd
82
vulnerability VCID-vybh-pxr3-17hn
83
vulnerability VCID-wea9-egep-h7g5
84
vulnerability VCID-wge3-kxdq-f3bz
85
vulnerability VCID-wkm6-cgc8-bfa8
86
vulnerability VCID-wr5t-xqnn-gkcj
87
vulnerability VCID-wxps-mnue-6bbh
88
vulnerability VCID-xa4m-xpa9-v7h8
89
vulnerability VCID-xh7y-56vy-5ud8
90
vulnerability VCID-xqew-bx7v-1qfk
91
vulnerability VCID-y32z-2d3f-gkgw
92
vulnerability VCID-zdq2-dhb2-6kaq
93
vulnerability VCID-zkea-ge1t-z7gn
94
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.5.0
aliases 2017-01-03-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q9ak-qcq6-qfhy
30
url VCID-rdrs-mhaw-b3ge
vulnerability_id VCID-rdrs-mhaw-b3ge
summary 
Cross-site Scripting
Cross-Site Scripting in Frontend User Login.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases 2018-12-11-3
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdrs-mhaw-b3ge
31
url VCID-rzw5-8d1u-sfam
vulnerability_id VCID-rzw5-8d1u-sfam
summary 
Arbitrary Code Execution
Due to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6b5q-vzs3-pkcc
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-byp6-edft-fbhm
24
vulnerability VCID-c2tm-eqmm-1ugt
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-cmka-8484-27bu
27
vulnerability VCID-dbrh-t8zx-nkd9
28
vulnerability VCID-dj88-f3p8-cfbn
29
vulnerability VCID-dm97-51uu-r7gw
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-eajg-ctpd-2bby
33
vulnerability VCID-ehzg-bzrd-kbcc
34
vulnerability VCID-ekfd-wp8z-d7e1
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-gcnj-6qb6-pbgz
37
vulnerability VCID-he5m-6wj4-rbhc
38
vulnerability VCID-j77k-hjgx-5kc5
39
vulnerability VCID-jppe-cbgm-k3cz
40
vulnerability VCID-k4h1-mvnf-1ybx
41
vulnerability VCID-k8af-cg9k-87a9
42
vulnerability VCID-m7w6-b2xu-6uee
43
vulnerability VCID-mnz3-rj21-67ad
44
vulnerability VCID-n15v-ta9h-6ffb
45
vulnerability VCID-n78p-x7hh-gqcf
46
vulnerability VCID-nwxj-3ajk-rkh5
47
vulnerability VCID-pk8d-8u15-5bfq
48
vulnerability VCID-px44-19tj-h7aa
49
vulnerability VCID-q8hy-wjd9-nbgp
50
vulnerability VCID-qb4j-9tz7-m7a2
51
vulnerability VCID-rdrs-mhaw-b3ge
52
vulnerability VCID-s64f-x81f-b7ce
53
vulnerability VCID-shqd-udhm-pff8
54
vulnerability VCID-sr3p-pdxy-4yhu
55
vulnerability VCID-stzu-sxe6-5yf5
56
vulnerability VCID-t1n7-eswt-73gw
57
vulnerability VCID-t3jn-vwbx-u7cr
58
vulnerability VCID-tmrt-6fxw-5ugh
59
vulnerability VCID-tqf5-2fsm-8fch
60
vulnerability VCID-tw1y-t4qj-j3d1
61
vulnerability VCID-vndb-w8e1-4ugv
62
vulnerability VCID-vxj6-wvyz-zbaq
63
vulnerability VCID-vxry-uvph-kbfd
64
vulnerability VCID-vybh-pxr3-17hn
65
vulnerability VCID-vyvy-y3cw-hbgr
66
vulnerability VCID-wea9-egep-h7g5
67
vulnerability VCID-wkm6-cgc8-bfa8
68
vulnerability VCID-wr5t-xqnn-gkcj
69
vulnerability VCID-wxps-mnue-6bbh
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-xqew-bx7v-1qfk
73
vulnerability VCID-y32z-2d3f-gkgw
74
vulnerability VCID-zdq2-dhb2-6kaq
75
vulnerability VCID-zkea-ge1t-z7gn
76
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-007
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzw5-8d1u-sfam
32
url VCID-sr3p-pdxy-4yhu
vulnerability_id VCID-sr3p-pdxy-4yhu
summary Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-6b5q-vzs3-pkcc
3
vulnerability VCID-bajy-qbwq-fufn
4
vulnerability VCID-bnne-7p2q-eqd2
5
vulnerability VCID-dbrh-t8zx-nkd9
6
vulnerability VCID-dm97-51uu-r7gw
7
vulnerability VCID-dsu7-jjjq-f3e1
8
vulnerability VCID-ehzg-bzrd-kbcc
9
vulnerability VCID-f963-qur3-2qb7
10
vulnerability VCID-gcnj-6qb6-pbgz
11
vulnerability VCID-mnz3-rj21-67ad
12
vulnerability VCID-n15v-ta9h-6ffb
13
vulnerability VCID-n78p-x7hh-gqcf
14
vulnerability VCID-pk8d-8u15-5bfq
15
vulnerability VCID-rdrs-mhaw-b3ge
16
vulnerability VCID-t3jn-vwbx-u7cr
17
vulnerability VCID-tw1y-t4qj-j3d1
18
vulnerability VCID-vndb-w8e1-4ugv
19
vulnerability VCID-wr5t-xqnn-gkcj
20
vulnerability VCID-wxps-mnue-6bbh
21
vulnerability VCID-xa4m-xpa9-v7h8
22
vulnerability VCID-xqew-bx7v-1qfk
23
vulnerability VCID-y32z-2d3f-gkgw
24
vulnerability VCID-zdq2-dhb2-6kaq
25
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3gg5-1921-rbfs
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-551q-gpyd-ffe8
9
vulnerability VCID-5jgb-dsyx-hyb4
10
vulnerability VCID-5paq-5frf-43ed
11
vulnerability VCID-5qfv-y43v-akdm
12
vulnerability VCID-6487-15z5-pkd4
13
vulnerability VCID-6b5q-vzs3-pkcc
14
vulnerability VCID-9g62-zd1x-3bdg
15
vulnerability VCID-9gpp-ez8w-rqav
16
vulnerability VCID-axaf-45kr-kbfe
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-bnne-7p2q-eqd2
19
vulnerability VCID-c2tm-eqmm-1ugt
20
vulnerability VCID-cm14-t8uv-k3es
21
vulnerability VCID-cmka-8484-27bu
22
vulnerability VCID-dbrh-t8zx-nkd9
23
vulnerability VCID-dj88-f3p8-cfbn
24
vulnerability VCID-dm97-51uu-r7gw
25
vulnerability VCID-dsu7-jjjq-f3e1
26
vulnerability VCID-e72u-tpc3-23g3
27
vulnerability VCID-eajg-ctpd-2bby
28
vulnerability VCID-ehzg-bzrd-kbcc
29
vulnerability VCID-ekfd-wp8z-d7e1
30
vulnerability VCID-f963-qur3-2qb7
31
vulnerability VCID-gcnj-6qb6-pbgz
32
vulnerability VCID-he5m-6wj4-rbhc
33
vulnerability VCID-j77k-hjgx-5kc5
34
vulnerability VCID-jppe-cbgm-k3cz
35
vulnerability VCID-k4h1-mvnf-1ybx
36
vulnerability VCID-k8af-cg9k-87a9
37
vulnerability VCID-m7w6-b2xu-6uee
38
vulnerability VCID-mnz3-rj21-67ad
39
vulnerability VCID-n15v-ta9h-6ffb
40
vulnerability VCID-n78p-x7hh-gqcf
41
vulnerability VCID-pk8d-8u15-5bfq
42
vulnerability VCID-px44-19tj-h7aa
43
vulnerability VCID-q8hy-wjd9-nbgp
44
vulnerability VCID-qb4j-9tz7-m7a2
45
vulnerability VCID-rdrs-mhaw-b3ge
46
vulnerability VCID-s64f-x81f-b7ce
47
vulnerability VCID-shqd-udhm-pff8
48
vulnerability VCID-stzu-sxe6-5yf5
49
vulnerability VCID-t1n7-eswt-73gw
50
vulnerability VCID-t3jn-vwbx-u7cr
51
vulnerability VCID-tqf5-2fsm-8fch
52
vulnerability VCID-tw1y-t4qj-j3d1
53
vulnerability VCID-vndb-w8e1-4ugv
54
vulnerability VCID-vxj6-wvyz-zbaq
55
vulnerability VCID-vxry-uvph-kbfd
56
vulnerability VCID-vybh-pxr3-17hn
57
vulnerability VCID-vyvy-y3cw-hbgr
58
vulnerability VCID-wea9-egep-h7g5
59
vulnerability VCID-wr5t-xqnn-gkcj
60
vulnerability VCID-wxps-mnue-6bbh
61
vulnerability VCID-xa4m-xpa9-v7h8
62
vulnerability VCID-xh7y-56vy-5ud8
63
vulnerability VCID-xqew-bx7v-1qfk
64
vulnerability VCID-y32z-2d3f-gkgw
65
vulnerability VCID-zdq2-dhb2-6kaq
66
vulnerability VCID-zkea-ge1t-z7gn
67
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3gg5-1921-rbfs
5
vulnerability VCID-3n2r-awja-dug9
6
vulnerability VCID-3v4n-fzxa-bfaw
7
vulnerability VCID-4ack-haf2-cfbe
8
vulnerability VCID-4btk-jt5n-2ugf
9
vulnerability VCID-4mkw-tv16-jyca
10
vulnerability VCID-543x-cnbz-1kb9
11
vulnerability VCID-551q-gpyd-ffe8
12
vulnerability VCID-58js-jzm4-4fc7
13
vulnerability VCID-5jgb-dsyx-hyb4
14
vulnerability VCID-5kzs-ex81-bbaj
15
vulnerability VCID-5paq-5frf-43ed
16
vulnerability VCID-6487-15z5-pkd4
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-6b5q-vzs3-pkcc
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-a49c-fqrj-nbb3
22
vulnerability VCID-anfj-pmkg-skhe
23
vulnerability VCID-axaf-45kr-kbfe
24
vulnerability VCID-bajy-qbwq-fufn
25
vulnerability VCID-bnne-7p2q-eqd2
26
vulnerability VCID-c2tm-eqmm-1ugt
27
vulnerability VCID-cm14-t8uv-k3es
28
vulnerability VCID-cmka-8484-27bu
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-dbrh-t8zx-nkd9
31
vulnerability VCID-dcy2-efyc-6qgq
32
vulnerability VCID-dj88-f3p8-cfbn
33
vulnerability VCID-dm97-51uu-r7gw
34
vulnerability VCID-dsu7-jjjq-f3e1
35
vulnerability VCID-e72u-tpc3-23g3
36
vulnerability VCID-eajg-ctpd-2bby
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-he5m-6wj4-rbhc
41
vulnerability VCID-jppe-cbgm-k3cz
42
vulnerability VCID-k4h1-mvnf-1ybx
43
vulnerability VCID-k8af-cg9k-87a9
44
vulnerability VCID-kc67-7kf7-s3d7
45
vulnerability VCID-kj9x-psfz-2ug1
46
vulnerability VCID-m7w6-b2xu-6uee
47
vulnerability VCID-mnz3-rj21-67ad
48
vulnerability VCID-n15v-ta9h-6ffb
49
vulnerability VCID-n78p-x7hh-gqcf
50
vulnerability VCID-p715-yexd-jfgc
51
vulnerability VCID-phgh-sd4m-zbdx
52
vulnerability VCID-pk8d-8u15-5bfq
53
vulnerability VCID-px44-19tj-h7aa
54
vulnerability VCID-q8hy-wjd9-nbgp
55
vulnerability VCID-qb4j-9tz7-m7a2
56
vulnerability VCID-raxk-rm9v-hubn
57
vulnerability VCID-rdrs-mhaw-b3ge
58
vulnerability VCID-s64f-x81f-b7ce
59
vulnerability VCID-shqd-udhm-pff8
60
vulnerability VCID-stzu-sxe6-5yf5
61
vulnerability VCID-sw7v-fbjk-13hy
62
vulnerability VCID-t1n7-eswt-73gw
63
vulnerability VCID-t3jn-vwbx-u7cr
64
vulnerability VCID-tqf5-2fsm-8fch
65
vulnerability VCID-tw1y-t4qj-j3d1
66
vulnerability VCID-u9bx-8e86-wbew
67
vulnerability VCID-ve7g-8st5-wffb
68
vulnerability VCID-vndb-w8e1-4ugv
69
vulnerability VCID-vxj6-wvyz-zbaq
70
vulnerability VCID-vxry-uvph-kbfd
71
vulnerability VCID-vybh-pxr3-17hn
72
vulnerability VCID-vyvy-y3cw-hbgr
73
vulnerability VCID-wea9-egep-h7g5
74
vulnerability VCID-wr5t-xqnn-gkcj
75
vulnerability VCID-wxps-mnue-6bbh
76
vulnerability VCID-xa4m-xpa9-v7h8
77
vulnerability VCID-xh7y-56vy-5ud8
78
vulnerability VCID-xtdg-uj46-rkcm
79
vulnerability VCID-xwc2-z7hx-4qa7
80
vulnerability VCID-y32z-2d3f-gkgw
81
vulnerability VCID-zdq2-dhb2-6kaq
82
vulnerability VCID-zkea-ge1t-z7gn
83
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases 2018-07-12-2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sr3p-pdxy-4yhu
33
url VCID-t3jn-vwbx-u7cr
vulnerability_id VCID-t3jn-vwbx-u7cr
summary 
Cross-Site Scripting in Content Preview (CType menu)
### Problem
It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.

### Solution
Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.

### Credits
Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue.

### References
* [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.56917
published_at 2026-04-18T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.56779
published_at 2026-04-01T12:55:00Z
2
value 0.00342
scoring_system epss
scoring_elements 0.56873
published_at 2026-04-02T12:55:00Z
3
value 0.00342
scoring_system epss
scoring_elements 0.56895
published_at 2026-04-21T12:55:00Z
4
value 0.00342
scoring_system epss
scoring_elements 0.56871
published_at 2026-04-07T12:55:00Z
5
value 0.00342
scoring_system epss
scoring_elements 0.56922
published_at 2026-04-08T12:55:00Z
6
value 0.00342
scoring_system epss
scoring_elements 0.56926
published_at 2026-04-09T12:55:00Z
7
value 0.00342
scoring_system epss
scoring_elements 0.56935
published_at 2026-04-11T12:55:00Z
8
value 0.00342
scoring_system epss
scoring_elements 0.56914
published_at 2026-04-12T12:55:00Z
9
value 0.00342
scoring_system epss
scoring_elements 0.56891
published_at 2026-04-13T12:55:00Z
10
value 0.00342
scoring_system epss
scoring_elements 0.56921
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
5
reference_url https://packagist.org/packages/typo3/cms-backend
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-backend
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-008
7
reference_url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
fixed_packages
0
url pkg:composer/typo3/cms@7.6.51
purl pkg:composer/typo3/cms@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n15v-ta9h-6ffb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51
1
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ekfd-wp8z-d7e1
1
vulnerability VCID-n15v-ta9h-6ffb
2
vulnerability VCID-s64f-x81f-b7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
2
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-6a9t-8dmn-s3bv
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-ekfd-wp8z-d7e1
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-n15v-ta9h-6ffb
6
vulnerability VCID-s64f-x81f-b7ce
7
vulnerability VCID-t1n7-eswt-73gw
8
vulnerability VCID-ve7g-8st5-wffb
9
vulnerability VCID-vyvy-y3cw-hbgr
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
3
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6a9t-8dmn-s3bv
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-av8u-rvzq-4fc7
6
vulnerability VCID-bajy-qbwq-fufn
7
vulnerability VCID-e32h-8q61-hbgc
8
vulnerability VCID-ekfd-wp8z-d7e1
9
vulnerability VCID-mnz3-rj21-67ad
10
vulnerability VCID-n15v-ta9h-6ffb
11
vulnerability VCID-remd-55jh-r3g5
12
vulnerability VCID-s55j-8hbt-akhn
13
vulnerability VCID-s64f-x81f-b7ce
14
vulnerability VCID-t1n7-eswt-73gw
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vwb2-a84s-5qak
17
vulnerability VCID-vyvy-y3cw-hbgr
18
vulnerability VCID-w13x-3rp9-wyej
19
vulnerability VCID-y32z-2d3f-gkgw
20
vulnerability VCID-yj9g-uz1a-jkf2
21
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
4
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6a9t-8dmn-s3bv
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-av8u-rvzq-4fc7
6
vulnerability VCID-bajy-qbwq-fufn
7
vulnerability VCID-e32h-8q61-hbgc
8
vulnerability VCID-ekfd-wp8z-d7e1
9
vulnerability VCID-mnz3-rj21-67ad
10
vulnerability VCID-n15v-ta9h-6ffb
11
vulnerability VCID-remd-55jh-r3g5
12
vulnerability VCID-s55j-8hbt-akhn
13
vulnerability VCID-s64f-x81f-b7ce
14
vulnerability VCID-t1n7-eswt-73gw
15
vulnerability VCID-uyeu-a3xr-fkh4
16
vulnerability VCID-ve7g-8st5-wffb
17
vulnerability VCID-vwb2-a84s-5qak
18
vulnerability VCID-vyvy-y3cw-hbgr
19
vulnerability VCID-w13x-3rp9-wyej
20
vulnerability VCID-y32z-2d3f-gkgw
21
vulnerability VCID-yj9g-uz1a-jkf2
22
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21370, GHSA-x7hc-x7fm-f7qh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t3jn-vwbx-u7cr
34
url VCID-tmrt-6fxw-5ugh
vulnerability_id VCID-tmrt-6fxw-5ugh
summary 
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml
1
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-002
2
reference_url https://github.com/advisories/GHSA-ppgf-8745-8pgx
reference_id GHSA-ppgf-8745-8pgx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ppgf-8745-8pgx
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-6b5q-vzs3-pkcc
3
vulnerability VCID-bajy-qbwq-fufn
4
vulnerability VCID-bnne-7p2q-eqd2
5
vulnerability VCID-dbrh-t8zx-nkd9
6
vulnerability VCID-dm97-51uu-r7gw
7
vulnerability VCID-dsu7-jjjq-f3e1
8
vulnerability VCID-ehzg-bzrd-kbcc
9
vulnerability VCID-f963-qur3-2qb7
10
vulnerability VCID-gcnj-6qb6-pbgz
11
vulnerability VCID-mnz3-rj21-67ad
12
vulnerability VCID-n15v-ta9h-6ffb
13
vulnerability VCID-n78p-x7hh-gqcf
14
vulnerability VCID-pk8d-8u15-5bfq
15
vulnerability VCID-rdrs-mhaw-b3ge
16
vulnerability VCID-t3jn-vwbx-u7cr
17
vulnerability VCID-tw1y-t4qj-j3d1
18
vulnerability VCID-vndb-w8e1-4ugv
19
vulnerability VCID-wr5t-xqnn-gkcj
20
vulnerability VCID-wxps-mnue-6bbh
21
vulnerability VCID-xa4m-xpa9-v7h8
22
vulnerability VCID-xqew-bx7v-1qfk
23
vulnerability VCID-y32z-2d3f-gkgw
24
vulnerability VCID-zdq2-dhb2-6kaq
25
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3gg5-1921-rbfs
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-551q-gpyd-ffe8
9
vulnerability VCID-5jgb-dsyx-hyb4
10
vulnerability VCID-5paq-5frf-43ed
11
vulnerability VCID-5qfv-y43v-akdm
12
vulnerability VCID-6487-15z5-pkd4
13
vulnerability VCID-6b5q-vzs3-pkcc
14
vulnerability VCID-9g62-zd1x-3bdg
15
vulnerability VCID-9gpp-ez8w-rqav
16
vulnerability VCID-axaf-45kr-kbfe
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-bnne-7p2q-eqd2
19
vulnerability VCID-c2tm-eqmm-1ugt
20
vulnerability VCID-cm14-t8uv-k3es
21
vulnerability VCID-cmka-8484-27bu
22
vulnerability VCID-dbrh-t8zx-nkd9
23
vulnerability VCID-dj88-f3p8-cfbn
24
vulnerability VCID-dm97-51uu-r7gw
25
vulnerability VCID-dsu7-jjjq-f3e1
26
vulnerability VCID-e72u-tpc3-23g3
27
vulnerability VCID-eajg-ctpd-2bby
28
vulnerability VCID-ehzg-bzrd-kbcc
29
vulnerability VCID-ekfd-wp8z-d7e1
30
vulnerability VCID-f963-qur3-2qb7
31
vulnerability VCID-gcnj-6qb6-pbgz
32
vulnerability VCID-he5m-6wj4-rbhc
33
vulnerability VCID-j77k-hjgx-5kc5
34
vulnerability VCID-jppe-cbgm-k3cz
35
vulnerability VCID-k4h1-mvnf-1ybx
36
vulnerability VCID-k8af-cg9k-87a9
37
vulnerability VCID-m7w6-b2xu-6uee
38
vulnerability VCID-mnz3-rj21-67ad
39
vulnerability VCID-n15v-ta9h-6ffb
40
vulnerability VCID-n78p-x7hh-gqcf
41
vulnerability VCID-pk8d-8u15-5bfq
42
vulnerability VCID-px44-19tj-h7aa
43
vulnerability VCID-q8hy-wjd9-nbgp
44
vulnerability VCID-qb4j-9tz7-m7a2
45
vulnerability VCID-rdrs-mhaw-b3ge
46
vulnerability VCID-s64f-x81f-b7ce
47
vulnerability VCID-shqd-udhm-pff8
48
vulnerability VCID-stzu-sxe6-5yf5
49
vulnerability VCID-t1n7-eswt-73gw
50
vulnerability VCID-t3jn-vwbx-u7cr
51
vulnerability VCID-tqf5-2fsm-8fch
52
vulnerability VCID-tw1y-t4qj-j3d1
53
vulnerability VCID-vndb-w8e1-4ugv
54
vulnerability VCID-vxj6-wvyz-zbaq
55
vulnerability VCID-vxry-uvph-kbfd
56
vulnerability VCID-vybh-pxr3-17hn
57
vulnerability VCID-vyvy-y3cw-hbgr
58
vulnerability VCID-wea9-egep-h7g5
59
vulnerability VCID-wr5t-xqnn-gkcj
60
vulnerability VCID-wxps-mnue-6bbh
61
vulnerability VCID-xa4m-xpa9-v7h8
62
vulnerability VCID-xh7y-56vy-5ud8
63
vulnerability VCID-xqew-bx7v-1qfk
64
vulnerability VCID-y32z-2d3f-gkgw
65
vulnerability VCID-zdq2-dhb2-6kaq
66
vulnerability VCID-zkea-ge1t-z7gn
67
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3gg5-1921-rbfs
5
vulnerability VCID-3n2r-awja-dug9
6
vulnerability VCID-3v4n-fzxa-bfaw
7
vulnerability VCID-4ack-haf2-cfbe
8
vulnerability VCID-4btk-jt5n-2ugf
9
vulnerability VCID-4mkw-tv16-jyca
10
vulnerability VCID-543x-cnbz-1kb9
11
vulnerability VCID-551q-gpyd-ffe8
12
vulnerability VCID-58js-jzm4-4fc7
13
vulnerability VCID-5jgb-dsyx-hyb4
14
vulnerability VCID-5kzs-ex81-bbaj
15
vulnerability VCID-5paq-5frf-43ed
16
vulnerability VCID-6487-15z5-pkd4
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-6b5q-vzs3-pkcc
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-a49c-fqrj-nbb3
22
vulnerability VCID-anfj-pmkg-skhe
23
vulnerability VCID-axaf-45kr-kbfe
24
vulnerability VCID-bajy-qbwq-fufn
25
vulnerability VCID-bnne-7p2q-eqd2
26
vulnerability VCID-c2tm-eqmm-1ugt
27
vulnerability VCID-cm14-t8uv-k3es
28
vulnerability VCID-cmka-8484-27bu
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-dbrh-t8zx-nkd9
31
vulnerability VCID-dcy2-efyc-6qgq
32
vulnerability VCID-dj88-f3p8-cfbn
33
vulnerability VCID-dm97-51uu-r7gw
34
vulnerability VCID-dsu7-jjjq-f3e1
35
vulnerability VCID-e72u-tpc3-23g3
36
vulnerability VCID-eajg-ctpd-2bby
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-he5m-6wj4-rbhc
41
vulnerability VCID-jppe-cbgm-k3cz
42
vulnerability VCID-k4h1-mvnf-1ybx
43
vulnerability VCID-k8af-cg9k-87a9
44
vulnerability VCID-kc67-7kf7-s3d7
45
vulnerability VCID-kj9x-psfz-2ug1
46
vulnerability VCID-m7w6-b2xu-6uee
47
vulnerability VCID-mnz3-rj21-67ad
48
vulnerability VCID-n15v-ta9h-6ffb
49
vulnerability VCID-n78p-x7hh-gqcf
50
vulnerability VCID-p715-yexd-jfgc
51
vulnerability VCID-phgh-sd4m-zbdx
52
vulnerability VCID-pk8d-8u15-5bfq
53
vulnerability VCID-px44-19tj-h7aa
54
vulnerability VCID-q8hy-wjd9-nbgp
55
vulnerability VCID-qb4j-9tz7-m7a2
56
vulnerability VCID-raxk-rm9v-hubn
57
vulnerability VCID-rdrs-mhaw-b3ge
58
vulnerability VCID-s64f-x81f-b7ce
59
vulnerability VCID-shqd-udhm-pff8
60
vulnerability VCID-stzu-sxe6-5yf5
61
vulnerability VCID-sw7v-fbjk-13hy
62
vulnerability VCID-t1n7-eswt-73gw
63
vulnerability VCID-t3jn-vwbx-u7cr
64
vulnerability VCID-tqf5-2fsm-8fch
65
vulnerability VCID-tw1y-t4qj-j3d1
66
vulnerability VCID-u9bx-8e86-wbew
67
vulnerability VCID-ve7g-8st5-wffb
68
vulnerability VCID-vndb-w8e1-4ugv
69
vulnerability VCID-vxj6-wvyz-zbaq
70
vulnerability VCID-vxry-uvph-kbfd
71
vulnerability VCID-vybh-pxr3-17hn
72
vulnerability VCID-vyvy-y3cw-hbgr
73
vulnerability VCID-wea9-egep-h7g5
74
vulnerability VCID-wr5t-xqnn-gkcj
75
vulnerability VCID-wxps-mnue-6bbh
76
vulnerability VCID-xa4m-xpa9-v7h8
77
vulnerability VCID-xh7y-56vy-5ud8
78
vulnerability VCID-xtdg-uj46-rkcm
79
vulnerability VCID-xwc2-z7hx-4qa7
80
vulnerability VCID-y32z-2d3f-gkgw
81
vulnerability VCID-zdq2-dhb2-6kaq
82
vulnerability VCID-zkea-ge1t-z7gn
83
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-ppgf-8745-8pgx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tmrt-6fxw-5ugh
35
url VCID-tw1y-t4qj-j3d1
vulnerability_id VCID-tw1y-t4qj-j3d1
summary 
Cross-site Scripting
Cross-Site Scripting in Backend Modal Component.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases 2018-12-11-2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tw1y-t4qj-j3d1
36
url VCID-vndb-w8e1-4ugv
vulnerability_id VCID-vndb-w8e1-4ugv
summary 
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (`*.youtube` and `*.vimeo` files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c
3
reference_url https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5
4
reference_url https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-006
6
reference_url https://github.com/advisories/GHSA-8m6j-p5jv-v69w
reference_id GHSA-8m6j-p5jv-v69w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8m6j-p5jv-v69w
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-8m6j-p5jv-v69w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vndb-w8e1-4ugv
37
url VCID-vrt1-aj9v-2kb6
vulnerability_id VCID-vrt1-aj9v-2kb6
summary 
Cross-Site Scripting in TYPO3 CMS
Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-02-28-2.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-02-28-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2017-003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2017-003
3
reference_url https://github.com/advisories/GHSA-5gr6-97fv-52cc
reference_id GHSA-5gr6-97fv-52cc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gr6-97fv-52cc
fixed_packages
0
url pkg:composer/typo3/cms@7.6.16
purl pkg:composer/typo3/cms@7.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-fy3g-uegw-2bew
13
vulnerability VCID-gcnj-6qb6-pbgz
14
vulnerability VCID-h63t-9enx-qfdn
15
vulnerability VCID-hpgq-deze-p7dp
16
vulnerability VCID-jqth-wfgx-87cx
17
vulnerability VCID-mnz3-rj21-67ad
18
vulnerability VCID-mqbh-k9n3-nbed
19
vulnerability VCID-mub5-s7h1-57cy
20
vulnerability VCID-n15v-ta9h-6ffb
21
vulnerability VCID-n78p-x7hh-gqcf
22
vulnerability VCID-nt6a-5zkv-pbcm
23
vulnerability VCID-nwxj-3ajk-rkh5
24
vulnerability VCID-pk8d-8u15-5bfq
25
vulnerability VCID-pnfa-cksc-43de
26
vulnerability VCID-rdrs-mhaw-b3ge
27
vulnerability VCID-rzw5-8d1u-sfam
28
vulnerability VCID-sr3p-pdxy-4yhu
29
vulnerability VCID-t3jn-vwbx-u7cr
30
vulnerability VCID-tmrt-6fxw-5ugh
31
vulnerability VCID-tw1y-t4qj-j3d1
32
vulnerability VCID-vndb-w8e1-4ugv
33
vulnerability VCID-wge3-kxdq-f3bz
34
vulnerability VCID-wr5t-xqnn-gkcj
35
vulnerability VCID-wxps-mnue-6bbh
36
vulnerability VCID-xa4m-xpa9-v7h8
37
vulnerability VCID-xqew-bx7v-1qfk
38
vulnerability VCID-y32z-2d3f-gkgw
39
vulnerability VCID-zdq2-dhb2-6kaq
40
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16
1
url pkg:composer/typo3/cms@8.6.1
purl pkg:composer/typo3/cms@8.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-9jj4-ec9n-qbhs
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-bnne-7p2q-eqd2
23
vulnerability VCID-bxjw-7426-gyb8
24
vulnerability VCID-byp6-edft-fbhm
25
vulnerability VCID-c2tm-eqmm-1ugt
26
vulnerability VCID-cm14-t8uv-k3es
27
vulnerability VCID-cmka-8484-27bu
28
vulnerability VCID-dbrh-t8zx-nkd9
29
vulnerability VCID-dj88-f3p8-cfbn
30
vulnerability VCID-dm97-51uu-r7gw
31
vulnerability VCID-dquc-7amf-e7cs
32
vulnerability VCID-dsu7-jjjq-f3e1
33
vulnerability VCID-e72u-tpc3-23g3
34
vulnerability VCID-e7sv-4xc2-m3d5
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ehzg-bzrd-kbcc
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-fy3g-uegw-2bew
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-h63t-9enx-qfdn
41
vulnerability VCID-he5m-6wj4-rbhc
42
vulnerability VCID-hpgq-deze-p7dp
43
vulnerability VCID-j77k-hjgx-5kc5
44
vulnerability VCID-jppe-cbgm-k3cz
45
vulnerability VCID-jqth-wfgx-87cx
46
vulnerability VCID-k4h1-mvnf-1ybx
47
vulnerability VCID-k8af-cg9k-87a9
48
vulnerability VCID-m7w6-b2xu-6uee
49
vulnerability VCID-mnz3-rj21-67ad
50
vulnerability VCID-mqbh-k9n3-nbed
51
vulnerability VCID-mub5-s7h1-57cy
52
vulnerability VCID-n15v-ta9h-6ffb
53
vulnerability VCID-n78p-x7hh-gqcf
54
vulnerability VCID-nt6a-5zkv-pbcm
55
vulnerability VCID-nwxj-3ajk-rkh5
56
vulnerability VCID-pk8d-8u15-5bfq
57
vulnerability VCID-pnfa-cksc-43de
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-qb4j-9tz7-m7a2
61
vulnerability VCID-rdrs-mhaw-b3ge
62
vulnerability VCID-rzw5-8d1u-sfam
63
vulnerability VCID-s64f-x81f-b7ce
64
vulnerability VCID-shqd-udhm-pff8
65
vulnerability VCID-sr3p-pdxy-4yhu
66
vulnerability VCID-stzu-sxe6-5yf5
67
vulnerability VCID-t1n7-eswt-73gw
68
vulnerability VCID-t3jn-vwbx-u7cr
69
vulnerability VCID-tmrt-6fxw-5ugh
70
vulnerability VCID-tqf5-2fsm-8fch
71
vulnerability VCID-tw1y-t4qj-j3d1
72
vulnerability VCID-vndb-w8e1-4ugv
73
vulnerability VCID-vxj6-wvyz-zbaq
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vybh-pxr3-17hn
76
vulnerability VCID-wea9-egep-h7g5
77
vulnerability VCID-wge3-kxdq-f3bz
78
vulnerability VCID-wkm6-cgc8-bfa8
79
vulnerability VCID-wr5t-xqnn-gkcj
80
vulnerability VCID-wxps-mnue-6bbh
81
vulnerability VCID-xa4m-xpa9-v7h8
82
vulnerability VCID-xh7y-56vy-5ud8
83
vulnerability VCID-xqew-bx7v-1qfk
84
vulnerability VCID-y32z-2d3f-gkgw
85
vulnerability VCID-zdq2-dhb2-6kaq
86
vulnerability VCID-zkea-ge1t-z7gn
87
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1
aliases GHSA-5gr6-97fv-52cc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrt1-aj9v-2kb6
38
url VCID-wge3-kxdq-f3bz
vulnerability_id VCID-wge3-kxdq-f3bz
summary Information Disclosure in TYPO3 CMS.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-5jgb-dsyx-hyb4
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-6b5q-vzs3-pkcc
4
vulnerability VCID-bajy-qbwq-fufn
5
vulnerability VCID-bnne-7p2q-eqd2
6
vulnerability VCID-bxjw-7426-gyb8
7
vulnerability VCID-dbrh-t8zx-nkd9
8
vulnerability VCID-dm97-51uu-r7gw
9
vulnerability VCID-dsu7-jjjq-f3e1
10
vulnerability VCID-ehzg-bzrd-kbcc
11
vulnerability VCID-f963-qur3-2qb7
12
vulnerability VCID-gcnj-6qb6-pbgz
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-n15v-ta9h-6ffb
15
vulnerability VCID-n78p-x7hh-gqcf
16
vulnerability VCID-nwxj-3ajk-rkh5
17
vulnerability VCID-pk8d-8u15-5bfq
18
vulnerability VCID-rdrs-mhaw-b3ge
19
vulnerability VCID-sr3p-pdxy-4yhu
20
vulnerability VCID-t3jn-vwbx-u7cr
21
vulnerability VCID-tmrt-6fxw-5ugh
22
vulnerability VCID-tw1y-t4qj-j3d1
23
vulnerability VCID-vndb-w8e1-4ugv
24
vulnerability VCID-wr5t-xqnn-gkcj
25
vulnerability VCID-wxps-mnue-6bbh
26
vulnerability VCID-xa4m-xpa9-v7h8
27
vulnerability VCID-xqew-bx7v-1qfk
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.0
purl pkg:composer/typo3/cms@8.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1jp6-qjpr-xfev
2
vulnerability VCID-1kae-ffj3-xyc7
3
vulnerability VCID-28bf-jvah-zkhw
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-9jj4-ec9n-qbhs
20
vulnerability VCID-a49c-fqrj-nbb3
21
vulnerability VCID-axaf-45kr-kbfe
22
vulnerability VCID-bajy-qbwq-fufn
23
vulnerability VCID-bnne-7p2q-eqd2
24
vulnerability VCID-bxjw-7426-gyb8
25
vulnerability VCID-byp6-edft-fbhm
26
vulnerability VCID-c2tm-eqmm-1ugt
27
vulnerability VCID-cm14-t8uv-k3es
28
vulnerability VCID-cmka-8484-27bu
29
vulnerability VCID-dbrh-t8zx-nkd9
30
vulnerability VCID-dj88-f3p8-cfbn
31
vulnerability VCID-dm97-51uu-r7gw
32
vulnerability VCID-dquc-7amf-e7cs
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e72u-tpc3-23g3
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ehzg-bzrd-kbcc
37
vulnerability VCID-ekfd-wp8z-d7e1
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-fy3g-uegw-2bew
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-h63t-9enx-qfdn
42
vulnerability VCID-he5m-6wj4-rbhc
43
vulnerability VCID-j77k-hjgx-5kc5
44
vulnerability VCID-jppe-cbgm-k3cz
45
vulnerability VCID-jqth-wfgx-87cx
46
vulnerability VCID-k4h1-mvnf-1ybx
47
vulnerability VCID-k8af-cg9k-87a9
48
vulnerability VCID-m7w6-b2xu-6uee
49
vulnerability VCID-mnz3-rj21-67ad
50
vulnerability VCID-mqbh-k9n3-nbed
51
vulnerability VCID-mub5-s7h1-57cy
52
vulnerability VCID-n15v-ta9h-6ffb
53
vulnerability VCID-n78p-x7hh-gqcf
54
vulnerability VCID-nwxj-3ajk-rkh5
55
vulnerability VCID-pk8d-8u15-5bfq
56
vulnerability VCID-pnfa-cksc-43de
57
vulnerability VCID-px44-19tj-h7aa
58
vulnerability VCID-q8hy-wjd9-nbgp
59
vulnerability VCID-qb4j-9tz7-m7a2
60
vulnerability VCID-rdrs-mhaw-b3ge
61
vulnerability VCID-rzw5-8d1u-sfam
62
vulnerability VCID-s64f-x81f-b7ce
63
vulnerability VCID-shqd-udhm-pff8
64
vulnerability VCID-sr3p-pdxy-4yhu
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-t1n7-eswt-73gw
67
vulnerability VCID-t3jn-vwbx-u7cr
68
vulnerability VCID-tmrt-6fxw-5ugh
69
vulnerability VCID-tqf5-2fsm-8fch
70
vulnerability VCID-tw1y-t4qj-j3d1
71
vulnerability VCID-vndb-w8e1-4ugv
72
vulnerability VCID-vxj6-wvyz-zbaq
73
vulnerability VCID-vxry-uvph-kbfd
74
vulnerability VCID-vybh-pxr3-17hn
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-wea9-egep-h7g5
77
vulnerability VCID-wkm6-cgc8-bfa8
78
vulnerability VCID-wr5t-xqnn-gkcj
79
vulnerability VCID-wxps-mnue-6bbh
80
vulnerability VCID-xa4m-xpa9-v7h8
81
vulnerability VCID-xh7y-56vy-5ud8
82
vulnerability VCID-xqew-bx7v-1qfk
83
vulnerability VCID-y32z-2d3f-gkgw
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0
aliases 2017-09-05-3
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wge3-kxdq-f3bz
39
url VCID-wr5t-xqnn-gkcj
vulnerability_id VCID-wr5t-xqnn-gkcj
summary 
TYPO3 Cross-Site Scripting in Backend Modal Component
Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9
3
reference_url https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32
4
reference_url https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-007
6
reference_url https://github.com/advisories/GHSA-7q33-hxwj-7p8v
reference_id GHSA-7q33-hxwj-7p8v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7q33-hxwj-7p8v
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-7q33-hxwj-7p8v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wr5t-xqnn-gkcj
40
url VCID-wxps-mnue-6bbh
vulnerability_id VCID-wxps-mnue-6bbh
summary 
TYPO3 Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile.

Template patterns that are affected are

- ###FEUSER_[fieldName]### using system extension felogin
- <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78
3
reference_url https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068
4
reference_url https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-008
6
reference_url https://github.com/advisories/GHSA-2rcw-9hrm-8q7q
reference_id GHSA-2rcw-9hrm-8q7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rcw-9hrm-8q7q
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-2rcw-9hrm-8q7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxps-mnue-6bbh
41
url VCID-xa4m-xpa9-v7h8
vulnerability_id VCID-xa4m-xpa9-v7h8
summary 
TYPO3 Insecure Deserialization in Query Generator & Query View
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
reference_id
reference_type
scores
0
value 0.00746
scoring_system epss
scoring_elements 0.73104
published_at 2026-04-21T12:55:00Z
1
value 0.00746
scoring_system epss
scoring_elements 0.73005
published_at 2026-04-01T12:55:00Z
2
value 0.00746
scoring_system epss
scoring_elements 0.73015
published_at 2026-04-02T12:55:00Z
3
value 0.00746
scoring_system epss
scoring_elements 0.73036
published_at 2026-04-04T12:55:00Z
4
value 0.00746
scoring_system epss
scoring_elements 0.73011
published_at 2026-04-07T12:55:00Z
5
value 0.00746
scoring_system epss
scoring_elements 0.73048
published_at 2026-04-08T12:55:00Z
6
value 0.00746
scoring_system epss
scoring_elements 0.73061
published_at 2026-04-09T12:55:00Z
7
value 0.00746
scoring_system epss
scoring_elements 0.73085
published_at 2026-04-11T12:55:00Z
8
value 0.00746
scoring_system epss
scoring_elements 0.73065
published_at 2026-04-12T12:55:00Z
9
value 0.00746
scoring_system epss
scoring_elements 0.73058
published_at 2026-04-13T12:55:00Z
10
value 0.00746
scoring_system epss
scoring_elements 0.73101
published_at 2026-04-16T12:55:00Z
11
value 0.00746
scoring_system epss
scoring_elements 0.73111
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
4
reference_url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-026
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
7
reference_url https://github.com/advisories/GHSA-rcgc-4xfc-564v
reference_id GHSA-rcgc-4xfc-564v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcgc-4xfc-564v
fixed_packages
0
url pkg:composer/typo3/cms@8.7.30
purl pkg:composer/typo3/cms@8.7.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-ekfd-wp8z-d7e1
5
vulnerability VCID-f963-qur3-2qb7
6
vulnerability VCID-he5m-6wj4-rbhc
7
vulnerability VCID-mnz3-rj21-67ad
8
vulnerability VCID-n15v-ta9h-6ffb
9
vulnerability VCID-s64f-x81f-b7ce
10
vulnerability VCID-t1n7-eswt-73gw
11
vulnerability VCID-t3jn-vwbx-u7cr
12
vulnerability VCID-vyvy-y3cw-hbgr
13
vulnerability VCID-xh7y-56vy-5ud8
14
vulnerability VCID-y32z-2d3f-gkgw
15
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30
1
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mn6-mdmz-4yd9
1
vulnerability VCID-543x-cnbz-1kb9
2
vulnerability VCID-58js-jzm4-4fc7
3
vulnerability VCID-5jgb-dsyx-hyb4
4
vulnerability VCID-5kzs-ex81-bbaj
5
vulnerability VCID-5paq-5frf-43ed
6
vulnerability VCID-6a9t-8dmn-s3bv
7
vulnerability VCID-7kjw-j8st-mqfr
8
vulnerability VCID-a49c-fqrj-nbb3
9
vulnerability VCID-bajy-qbwq-fufn
10
vulnerability VCID-d8d1-sat6-muhe
11
vulnerability VCID-dsu7-jjjq-f3e1
12
vulnerability VCID-ekfd-wp8z-d7e1
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-he5m-6wj4-rbhc
15
vulnerability VCID-mnz3-rj21-67ad
16
vulnerability VCID-n15v-ta9h-6ffb
17
vulnerability VCID-phgh-sd4m-zbdx
18
vulnerability VCID-s64f-x81f-b7ce
19
vulnerability VCID-sw7v-fbjk-13hy
20
vulnerability VCID-t1n7-eswt-73gw
21
vulnerability VCID-t3jn-vwbx-u7cr
22
vulnerability VCID-ve7g-8st5-wffb
23
vulnerability VCID-vyvy-y3cw-hbgr
24
vulnerability VCID-xh7y-56vy-5ud8
25
vulnerability VCID-y32z-2d3f-gkgw
26
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
2
url pkg:composer/typo3/cms@10.2.1
purl pkg:composer/typo3/cms@10.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-2mn6-mdmz-4yd9
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-543x-cnbz-1kb9
4
vulnerability VCID-58js-jzm4-4fc7
5
vulnerability VCID-5jgb-dsyx-hyb4
6
vulnerability VCID-5kzs-ex81-bbaj
7
vulnerability VCID-5paq-5frf-43ed
8
vulnerability VCID-6a9t-8dmn-s3bv
9
vulnerability VCID-7kjw-j8st-mqfr
10
vulnerability VCID-8sdd-b1bn-cuhx
11
vulnerability VCID-a49c-fqrj-nbb3
12
vulnerability VCID-a89c-jvwa-6kh5
13
vulnerability VCID-av8u-rvzq-4fc7
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-cdjv-fp71-y3dv
16
vulnerability VCID-d8d1-sat6-muhe
17
vulnerability VCID-dhrm-uxuv-zfaj
18
vulnerability VCID-dsu7-jjjq-f3e1
19
vulnerability VCID-e32h-8q61-hbgc
20
vulnerability VCID-ekfd-wp8z-d7e1
21
vulnerability VCID-f963-qur3-2qb7
22
vulnerability VCID-he5m-6wj4-rbhc
23
vulnerability VCID-mnz3-rj21-67ad
24
vulnerability VCID-n15v-ta9h-6ffb
25
vulnerability VCID-phgh-sd4m-zbdx
26
vulnerability VCID-remd-55jh-r3g5
27
vulnerability VCID-s55j-8hbt-akhn
28
vulnerability VCID-s64f-x81f-b7ce
29
vulnerability VCID-sw7v-fbjk-13hy
30
vulnerability VCID-t1n7-eswt-73gw
31
vulnerability VCID-t3jn-vwbx-u7cr
32
vulnerability VCID-usmv-r64u-m7cb
33
vulnerability VCID-ve7g-8st5-wffb
34
vulnerability VCID-vwb2-a84s-5qak
35
vulnerability VCID-vyvy-y3cw-hbgr
36
vulnerability VCID-w13x-3rp9-wyej
37
vulnerability VCID-xh7y-56vy-5ud8
38
vulnerability VCID-y32z-2d3f-gkgw
39
vulnerability VCID-yj9g-uz1a-jkf2
40
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1
3
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-2mn6-mdmz-4yd9
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-543x-cnbz-1kb9
4
vulnerability VCID-58js-jzm4-4fc7
5
vulnerability VCID-5jgb-dsyx-hyb4
6
vulnerability VCID-5kzs-ex81-bbaj
7
vulnerability VCID-5paq-5frf-43ed
8
vulnerability VCID-6a9t-8dmn-s3bv
9
vulnerability VCID-7kjw-j8st-mqfr
10
vulnerability VCID-8sdd-b1bn-cuhx
11
vulnerability VCID-a49c-fqrj-nbb3
12
vulnerability VCID-a89c-jvwa-6kh5
13
vulnerability VCID-av8u-rvzq-4fc7
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-cdjv-fp71-y3dv
16
vulnerability VCID-d8d1-sat6-muhe
17
vulnerability VCID-dhrm-uxuv-zfaj
18
vulnerability VCID-dsu7-jjjq-f3e1
19
vulnerability VCID-e32h-8q61-hbgc
20
vulnerability VCID-ekfd-wp8z-d7e1
21
vulnerability VCID-f963-qur3-2qb7
22
vulnerability VCID-he5m-6wj4-rbhc
23
vulnerability VCID-mnz3-rj21-67ad
24
vulnerability VCID-n15v-ta9h-6ffb
25
vulnerability VCID-phgh-sd4m-zbdx
26
vulnerability VCID-remd-55jh-r3g5
27
vulnerability VCID-s55j-8hbt-akhn
28
vulnerability VCID-s64f-x81f-b7ce
29
vulnerability VCID-sw7v-fbjk-13hy
30
vulnerability VCID-t1n7-eswt-73gw
31
vulnerability VCID-t3jn-vwbx-u7cr
32
vulnerability VCID-usmv-r64u-m7cb
33
vulnerability VCID-ve7g-8st5-wffb
34
vulnerability VCID-vwb2-a84s-5qak
35
vulnerability VCID-vyvy-y3cw-hbgr
36
vulnerability VCID-w13x-3rp9-wyej
37
vulnerability VCID-xh7y-56vy-5ud8
38
vulnerability VCID-y32z-2d3f-gkgw
39
vulnerability VCID-yj9g-uz1a-jkf2
40
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19849, GHSA-rcgc-4xfc-564v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa4m-xpa9-v7h8
42
url VCID-xqew-bx7v-1qfk
vulnerability_id VCID-xqew-bx7v-1qfk
summary 
TYPO3 Denial of Service in Frontend Record Registration
TYPO3’s built-in record registration functionality (aka `basic shopping cart`) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create  an arbitrary amount of individual session-data records in the database.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-7.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-7.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/05011d1248c54d00960e344fd920a6246da92415
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/05011d1248c54d00960e344fd920a6246da92415
3
reference_url https://github.com/TYPO3/typo3/commit/fc2b4b9fb978088267f83e73cd401d4371dd40e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fc2b4b9fb978088267f83e73cd401d4371dd40e3
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-012
5
reference_url https://github.com/advisories/GHSA-g585-crjf-vhwq
reference_id GHSA-g585-crjf-vhwq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g585-crjf-vhwq
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
aliases GHSA-g585-crjf-vhwq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqew-bx7v-1qfk
43
url VCID-y32z-2d3f-gkgw
vulnerability_id VCID-y32z-2d3f-gkgw
summary 
Cross-site Scripting
TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.51797
published_at 2026-04-04T12:55:00Z
1
value 0.00284
scoring_system epss
scoring_elements 0.51855
published_at 2026-04-21T12:55:00Z
2
value 0.00284
scoring_system epss
scoring_elements 0.51874
published_at 2026-04-18T12:55:00Z
3
value 0.00284
scoring_system epss
scoring_elements 0.51867
published_at 2026-04-16T12:55:00Z
4
value 0.00284
scoring_system epss
scoring_elements 0.51825
published_at 2026-04-13T12:55:00Z
5
value 0.00284
scoring_system epss
scoring_elements 0.5184
published_at 2026-04-12T12:55:00Z
6
value 0.00284
scoring_system epss
scoring_elements 0.51809
published_at 2026-04-09T12:55:00Z
7
value 0.00284
scoring_system epss
scoring_elements 0.51722
published_at 2026-04-01T12:55:00Z
8
value 0.00284
scoring_system epss
scoring_elements 0.51812
published_at 2026-04-08T12:55:00Z
9
value 0.00284
scoring_system epss
scoring_elements 0.51757
published_at 2026-04-07T12:55:00Z
10
value 0.00284
scoring_system epss
scoring_elements 0.51771
published_at 2026-04-02T12:55:00Z
11
value 0.00284
scoring_system epss
scoring_elements 0.5186
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
reference_id CVE-2021-32768
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
7
reference_url https://github.com/advisories/GHSA-c5c9-8c6m-727v
reference_id GHSA-c5c9-8c6m-727v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5c9-8c6m-727v
fixed_packages
0
url pkg:composer/typo3/cms@7.6.53
purl pkg:composer/typo3/cms@7.6.53
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.53
1
url pkg:composer/typo3/cms@8.7.42
purl pkg:composer/typo3/cms@8.7.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.42
2
url pkg:composer/typo3/cms@9.5.29
purl pkg:composer/typo3/cms@9.5.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-bajy-qbwq-fufn
2
vulnerability VCID-mnz3-rj21-67ad
3
vulnerability VCID-t1n7-eswt-73gw
4
vulnerability VCID-ve7g-8st5-wffb
5
vulnerability VCID-vyvy-y3cw-hbgr
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.29
3
url pkg:composer/typo3/cms@10.4.19
purl pkg:composer/typo3/cms@10.4.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-8sdd-b1bn-cuhx
4
vulnerability VCID-av8u-rvzq-4fc7
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-e32h-8q61-hbgc
7
vulnerability VCID-mnz3-rj21-67ad
8
vulnerability VCID-remd-55jh-r3g5
9
vulnerability VCID-s55j-8hbt-akhn
10
vulnerability VCID-t1n7-eswt-73gw
11
vulnerability VCID-ve7g-8st5-wffb
12
vulnerability VCID-vwb2-a84s-5qak
13
vulnerability VCID-vyvy-y3cw-hbgr
14
vulnerability VCID-w13x-3rp9-wyej
15
vulnerability VCID-yj9g-uz1a-jkf2
16
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.19
4
url pkg:composer/typo3/cms@11.3.2
purl pkg:composer/typo3/cms@11.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-8sdd-b1bn-cuhx
4
vulnerability VCID-av8u-rvzq-4fc7
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-e32h-8q61-hbgc
7
vulnerability VCID-jjbn-6efk-nud2
8
vulnerability VCID-mnz3-rj21-67ad
9
vulnerability VCID-remd-55jh-r3g5
10
vulnerability VCID-s55j-8hbt-akhn
11
vulnerability VCID-t1n7-eswt-73gw
12
vulnerability VCID-uyeu-a3xr-fkh4
13
vulnerability VCID-ve7g-8st5-wffb
14
vulnerability VCID-vwb2-a84s-5qak
15
vulnerability VCID-vyvy-y3cw-hbgr
16
vulnerability VCID-w13x-3rp9-wyej
17
vulnerability VCID-yj9g-uz1a-jkf2
18
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.2
aliases CVE-2021-32768, GHSA-c5c9-8c6m-727v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y32z-2d3f-gkgw
44
url VCID-zdq2-dhb2-6kaq
vulnerability_id VCID-zdq2-dhb2-6kaq
summary 
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
### Problem
Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary.

### Solution
Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

### References
* [TYPO3-CORE-SA-2022-013](https://typo3.org/security/advisory/typo3-core-sa-2022-013)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
reference_id
reference_type
scores
0
value 0.00229
scoring_system epss
scoring_elements 0.45749
published_at 2026-04-08T12:55:00Z
1
value 0.00229
scoring_system epss
scoring_elements 0.4579
published_at 2026-04-18T12:55:00Z
2
value 0.00229
scoring_system epss
scoring_elements 0.45795
published_at 2026-04-16T12:55:00Z
3
value 0.00229
scoring_system epss
scoring_elements 0.45746
published_at 2026-04-13T12:55:00Z
4
value 0.00229
scoring_system epss
scoring_elements 0.45738
published_at 2026-04-21T12:55:00Z
5
value 0.00229
scoring_system epss
scoring_elements 0.45768
published_at 2026-04-11T12:55:00Z
6
value 0.00229
scoring_system epss
scoring_elements 0.45745
published_at 2026-04-09T12:55:00Z
7
value 0.00229
scoring_system epss
scoring_elements 0.45724
published_at 2026-04-02T12:55:00Z
8
value 0.00229
scoring_system epss
scoring_elements 0.45744
published_at 2026-04-04T12:55:00Z
9
value 0.00229
scoring_system epss
scoring_elements 0.45693
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T18:48:00Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-013
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-013
8
reference_url https://github.com/advisories/GHSA-jfp7-79g7-89rf
reference_id GHSA-jfp7-79g7-89rf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfp7-79g7-89rf
fixed_packages
0
url pkg:composer/typo3/cms@10.4.33
purl pkg:composer/typo3/cms@10.4.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.33
1
url pkg:composer/typo3/cms@11.5.20
purl pkg:composer/typo3/cms@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.20
2
url pkg:composer/typo3/cms@12.1.1
purl pkg:composer/typo3/cms@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@12.1.1
aliases CVE-2022-23501, GHSA-jfp7-79g7-89rf, GMS-2022-8134
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zdq2-dhb2-6kaq
45
url VCID-zspb-bd6j-wyd2
vulnerability_id VCID-zspb-bd6j-wyd2
summary Security Misconfiguration in Install Tool Cookie.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-bajy-qbwq-fufn
3
vulnerability VCID-dsu7-jjjq-f3e1
4
vulnerability VCID-f963-qur3-2qb7
5
vulnerability VCID-gcnj-6qb6-pbgz
6
vulnerability VCID-mnz3-rj21-67ad
7
vulnerability VCID-n15v-ta9h-6ffb
8
vulnerability VCID-t3jn-vwbx-u7cr
9
vulnerability VCID-xa4m-xpa9-v7h8
10
vulnerability VCID-y32z-2d3f-gkgw
11
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4ack-haf2-cfbe
6
vulnerability VCID-551q-gpyd-ffe8
7
vulnerability VCID-5jgb-dsyx-hyb4
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5qfv-y43v-akdm
10
vulnerability VCID-6487-15z5-pkd4
11
vulnerability VCID-9g62-zd1x-3bdg
12
vulnerability VCID-9gpp-ez8w-rqav
13
vulnerability VCID-axaf-45kr-kbfe
14
vulnerability VCID-bajy-qbwq-fufn
15
vulnerability VCID-c2tm-eqmm-1ugt
16
vulnerability VCID-cm14-t8uv-k3es
17
vulnerability VCID-cmka-8484-27bu
18
vulnerability VCID-dj88-f3p8-cfbn
19
vulnerability VCID-dsu7-jjjq-f3e1
20
vulnerability VCID-e72u-tpc3-23g3
21
vulnerability VCID-eajg-ctpd-2bby
22
vulnerability VCID-ekfd-wp8z-d7e1
23
vulnerability VCID-f963-qur3-2qb7
24
vulnerability VCID-gcnj-6qb6-pbgz
25
vulnerability VCID-he5m-6wj4-rbhc
26
vulnerability VCID-j77k-hjgx-5kc5
27
vulnerability VCID-jppe-cbgm-k3cz
28
vulnerability VCID-k4h1-mvnf-1ybx
29
vulnerability VCID-k8af-cg9k-87a9
30
vulnerability VCID-m7w6-b2xu-6uee
31
vulnerability VCID-mnz3-rj21-67ad
32
vulnerability VCID-n15v-ta9h-6ffb
33
vulnerability VCID-px44-19tj-h7aa
34
vulnerability VCID-q8hy-wjd9-nbgp
35
vulnerability VCID-s64f-x81f-b7ce
36
vulnerability VCID-shqd-udhm-pff8
37
vulnerability VCID-stzu-sxe6-5yf5
38
vulnerability VCID-t1n7-eswt-73gw
39
vulnerability VCID-t3jn-vwbx-u7cr
40
vulnerability VCID-tqf5-2fsm-8fch
41
vulnerability VCID-vxj6-wvyz-zbaq
42
vulnerability VCID-vxry-uvph-kbfd
43
vulnerability VCID-vybh-pxr3-17hn
44
vulnerability VCID-vyvy-y3cw-hbgr
45
vulnerability VCID-wea9-egep-h7g5
46
vulnerability VCID-xa4m-xpa9-v7h8
47
vulnerability VCID-xh7y-56vy-5ud8
48
vulnerability VCID-y32z-2d3f-gkgw
49
vulnerability VCID-zdq2-dhb2-6kaq
50
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-2meq-x4kd-bbdn
3
vulnerability VCID-2mn6-mdmz-4yd9
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-4ack-haf2-cfbe
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-543x-cnbz-1kb9
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-58js-jzm4-4fc7
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5kzs-ex81-bbaj
13
vulnerability VCID-5paq-5frf-43ed
14
vulnerability VCID-6487-15z5-pkd4
15
vulnerability VCID-6a9t-8dmn-s3bv
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-a49c-fqrj-nbb3
19
vulnerability VCID-anfj-pmkg-skhe
20
vulnerability VCID-axaf-45kr-kbfe
21
vulnerability VCID-bajy-qbwq-fufn
22
vulnerability VCID-c2tm-eqmm-1ugt
23
vulnerability VCID-cm14-t8uv-k3es
24
vulnerability VCID-cmka-8484-27bu
25
vulnerability VCID-d8d1-sat6-muhe
26
vulnerability VCID-dcy2-efyc-6qgq
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dsu7-jjjq-f3e1
29
vulnerability VCID-e72u-tpc3-23g3
30
vulnerability VCID-eajg-ctpd-2bby
31
vulnerability VCID-ekfd-wp8z-d7e1
32
vulnerability VCID-f963-qur3-2qb7
33
vulnerability VCID-gcnj-6qb6-pbgz
34
vulnerability VCID-he5m-6wj4-rbhc
35
vulnerability VCID-jppe-cbgm-k3cz
36
vulnerability VCID-k4h1-mvnf-1ybx
37
vulnerability VCID-k8af-cg9k-87a9
38
vulnerability VCID-kc67-7kf7-s3d7
39
vulnerability VCID-kj9x-psfz-2ug1
40
vulnerability VCID-m7w6-b2xu-6uee
41
vulnerability VCID-mnz3-rj21-67ad
42
vulnerability VCID-n15v-ta9h-6ffb
43
vulnerability VCID-p715-yexd-jfgc
44
vulnerability VCID-phgh-sd4m-zbdx
45
vulnerability VCID-px44-19tj-h7aa
46
vulnerability VCID-q8hy-wjd9-nbgp
47
vulnerability VCID-raxk-rm9v-hubn
48
vulnerability VCID-s64f-x81f-b7ce
49
vulnerability VCID-shqd-udhm-pff8
50
vulnerability VCID-stzu-sxe6-5yf5
51
vulnerability VCID-sw7v-fbjk-13hy
52
vulnerability VCID-t1n7-eswt-73gw
53
vulnerability VCID-t3jn-vwbx-u7cr
54
vulnerability VCID-tqf5-2fsm-8fch
55
vulnerability VCID-u9bx-8e86-wbew
56
vulnerability VCID-ve7g-8st5-wffb
57
vulnerability VCID-vxj6-wvyz-zbaq
58
vulnerability VCID-vxry-uvph-kbfd
59
vulnerability VCID-vybh-pxr3-17hn
60
vulnerability VCID-vyvy-y3cw-hbgr
61
vulnerability VCID-wea9-egep-h7g5
62
vulnerability VCID-xa4m-xpa9-v7h8
63
vulnerability VCID-xh7y-56vy-5ud8
64
vulnerability VCID-xtdg-uj46-rkcm
65
vulnerability VCID-xwc2-z7hx-4qa7
66
vulnerability VCID-y32z-2d3f-gkgw
67
vulnerability VCID-zdq2-dhb2-6kaq
68
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases 2018-12-11-4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zspb-bd6j-wyd2
Fixing_vulnerabilities
0
url VCID-1jcy-nx8g-z3d3
vulnerability_id VCID-1jcy-nx8g-z3d3
summary 
Insecure Deserialization
Insecure Unserialize in TYPO3 Backend.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/
fixed_packages
0
url pkg:composer/typo3/cms@6.2.29
purl pkg:composer/typo3/cms@6.2.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-dsu7-jjjq-f3e1
2
vulnerability VCID-f963-qur3-2qb7
3
vulnerability VCID-gcnj-6qb6-pbgz
4
vulnerability VCID-hv3n-j8ck-1ufx
5
vulnerability VCID-nwxj-3ajk-rkh5
6
vulnerability VCID-q9ak-qcq6-qfhy
7
vulnerability VCID-re9h-ze98-rbhu
8
vulnerability VCID-xa4m-xpa9-v7h8
9
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.29
1
url pkg:composer/typo3/cms@7.0.0
purl pkg:composer/typo3/cms@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ng4-5tkh-g7h5
1
vulnerability VCID-28bf-jvah-zkhw
2
vulnerability VCID-2rhx-afay-97da
3
vulnerability VCID-37wu-bjfj-k7eg
4
vulnerability VCID-4etp-u4pt-v7hm
5
vulnerability VCID-51ba-3ag9-rucn
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5paq-5frf-43ed
8
vulnerability VCID-6b5q-vzs3-pkcc
9
vulnerability VCID-6gms-w48j-4ffh
10
vulnerability VCID-6pvx-1qan-ukef
11
vulnerability VCID-6spw-66jg-syb1
12
vulnerability VCID-7zx9-8afq-y3hc
13
vulnerability VCID-99uu-rfrf-bqa7
14
vulnerability VCID-asym-tgh2-1kg8
15
vulnerability VCID-b45y-dr1a-7qd7
16
vulnerability VCID-b5ht-z6zp-pbht
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-bnne-7p2q-eqd2
19
vulnerability VCID-buax-rz7x-r7c2
20
vulnerability VCID-bxjw-7426-gyb8
21
vulnerability VCID-cczn-x8q7-k7ba
22
vulnerability VCID-cjgc-q6p5-2ydc
23
vulnerability VCID-ck23-cxn6-bbf3
24
vulnerability VCID-dbrh-t8zx-nkd9
25
vulnerability VCID-dm97-51uu-r7gw
26
vulnerability VCID-dsu7-jjjq-f3e1
27
vulnerability VCID-ehzg-bzrd-kbcc
28
vulnerability VCID-f4pm-9tq5-q3ch
29
vulnerability VCID-gcnj-6qb6-pbgz
30
vulnerability VCID-h958-d3pm-kfcs
31
vulnerability VCID-kgcq-paqm-9ya6
32
vulnerability VCID-kpze-14jy-xud9
33
vulnerability VCID-kqbk-4q4z-nkec
34
vulnerability VCID-mnz3-rj21-67ad
35
vulnerability VCID-n15v-ta9h-6ffb
36
vulnerability VCID-n78p-x7hh-gqcf
37
vulnerability VCID-ne8w-dpjw-7qf1
38
vulnerability VCID-nwxj-3ajk-rkh5
39
vulnerability VCID-pgzu-kxuj-j3fh
40
vulnerability VCID-pk8d-8u15-5bfq
41
vulnerability VCID-q6dx-uskc-y3hs
42
vulnerability VCID-qemc-8kj8-r3cd
43
vulnerability VCID-rdrs-mhaw-b3ge
44
vulnerability VCID-re9h-ze98-rbhu
45
vulnerability VCID-rwgf-2pfh-ufdz
46
vulnerability VCID-se8w-fv8x-tqde
47
vulnerability VCID-sr3p-pdxy-4yhu
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-tmrt-6fxw-5ugh
50
vulnerability VCID-tw1y-t4qj-j3d1
51
vulnerability VCID-vbbx-pk8m-jfhd
52
vulnerability VCID-vndb-w8e1-4ugv
53
vulnerability VCID-wr5t-xqnn-gkcj
54
vulnerability VCID-ww44-zmx7-47ft
55
vulnerability VCID-wxps-mnue-6bbh
56
vulnerability VCID-xa4m-xpa9-v7h8
57
vulnerability VCID-xhq3-ts9t-sbdy
58
vulnerability VCID-xkpp-psz2-2kag
59
vulnerability VCID-xp55-jxjr-zqcb
60
vulnerability VCID-xqew-bx7v-1qfk
61
vulnerability VCID-y32z-2d3f-gkgw
62
vulnerability VCID-zdq2-dhb2-6kaq
63
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.0
2
url pkg:composer/typo3/cms@7.6.13
purl pkg:composer/typo3/cms@7.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-2fs8-bscc-3ye2
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6b5q-vzs3-pkcc
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-bnne-7p2q-eqd2
7
vulnerability VCID-bxjw-7426-gyb8
8
vulnerability VCID-dbrh-t8zx-nkd9
9
vulnerability VCID-dm97-51uu-r7gw
10
vulnerability VCID-dsu7-jjjq-f3e1
11
vulnerability VCID-ehzg-bzrd-kbcc
12
vulnerability VCID-ep6t-zwd1-4bb3
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-fy3g-uegw-2bew
15
vulnerability VCID-gcnj-6qb6-pbgz
16
vulnerability VCID-h63t-9enx-qfdn
17
vulnerability VCID-hpgq-deze-p7dp
18
vulnerability VCID-hv3n-j8ck-1ufx
19
vulnerability VCID-jqth-wfgx-87cx
20
vulnerability VCID-mnz3-rj21-67ad
21
vulnerability VCID-mqbh-k9n3-nbed
22
vulnerability VCID-mub5-s7h1-57cy
23
vulnerability VCID-n15v-ta9h-6ffb
24
vulnerability VCID-n78p-x7hh-gqcf
25
vulnerability VCID-nt6a-5zkv-pbcm
26
vulnerability VCID-nwxj-3ajk-rkh5
27
vulnerability VCID-pk8d-8u15-5bfq
28
vulnerability VCID-pnfa-cksc-43de
29
vulnerability VCID-q9ak-qcq6-qfhy
30
vulnerability VCID-rdrs-mhaw-b3ge
31
vulnerability VCID-rzw5-8d1u-sfam
32
vulnerability VCID-sr3p-pdxy-4yhu
33
vulnerability VCID-t3jn-vwbx-u7cr
34
vulnerability VCID-tmrt-6fxw-5ugh
35
vulnerability VCID-tw1y-t4qj-j3d1
36
vulnerability VCID-vndb-w8e1-4ugv
37
vulnerability VCID-vrt1-aj9v-2kb6
38
vulnerability VCID-wge3-kxdq-f3bz
39
vulnerability VCID-wr5t-xqnn-gkcj
40
vulnerability VCID-wxps-mnue-6bbh
41
vulnerability VCID-xa4m-xpa9-v7h8
42
vulnerability VCID-xqew-bx7v-1qfk
43
vulnerability VCID-y32z-2d3f-gkgw
44
vulnerability VCID-zdq2-dhb2-6kaq
45
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13
3
url pkg:composer/typo3/cms@8.4.1
purl pkg:composer/typo3/cms@8.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-28bf-jvah-zkhw
3
vulnerability VCID-2fs8-bscc-3ye2
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-c2tm-eqmm-1ugt
24
vulnerability VCID-cm14-t8uv-k3es
25
vulnerability VCID-cmka-8484-27bu
26
vulnerability VCID-dbrh-t8zx-nkd9
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dquc-7amf-e7cs
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-e7sv-4xc2-m3d5
33
vulnerability VCID-eajg-ctpd-2bby
34
vulnerability VCID-ehzg-bzrd-kbcc
35
vulnerability VCID-ekfd-wp8z-d7e1
36
vulnerability VCID-ep6t-zwd1-4bb3
37
vulnerability VCID-euk5-hagy-xqfz
38
vulnerability VCID-fy3g-uegw-2bew
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-h63t-9enx-qfdn
41
vulnerability VCID-he5m-6wj4-rbhc
42
vulnerability VCID-hpgq-deze-p7dp
43
vulnerability VCID-hv3n-j8ck-1ufx
44
vulnerability VCID-j77k-hjgx-5kc5
45
vulnerability VCID-jppe-cbgm-k3cz
46
vulnerability VCID-jqth-wfgx-87cx
47
vulnerability VCID-k4h1-mvnf-1ybx
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-m7w6-b2xu-6uee
50
vulnerability VCID-mnz3-rj21-67ad
51
vulnerability VCID-mqbh-k9n3-nbed
52
vulnerability VCID-mub5-s7h1-57cy
53
vulnerability VCID-n15v-ta9h-6ffb
54
vulnerability VCID-n78p-x7hh-gqcf
55
vulnerability VCID-nt6a-5zkv-pbcm
56
vulnerability VCID-nwxj-3ajk-rkh5
57
vulnerability VCID-pk8d-8u15-5bfq
58
vulnerability VCID-pnfa-cksc-43de
59
vulnerability VCID-px44-19tj-h7aa
60
vulnerability VCID-q8hy-wjd9-nbgp
61
vulnerability VCID-q9ak-qcq6-qfhy
62
vulnerability VCID-qb4j-9tz7-m7a2
63
vulnerability VCID-rdrs-mhaw-b3ge
64
vulnerability VCID-rzw5-8d1u-sfam
65
vulnerability VCID-s64f-x81f-b7ce
66
vulnerability VCID-shqd-udhm-pff8
67
vulnerability VCID-sr3p-pdxy-4yhu
68
vulnerability VCID-stzu-sxe6-5yf5
69
vulnerability VCID-t1n7-eswt-73gw
70
vulnerability VCID-t3jn-vwbx-u7cr
71
vulnerability VCID-tgma-cyvk-97ay
72
vulnerability VCID-tmrt-6fxw-5ugh
73
vulnerability VCID-tqf5-2fsm-8fch
74
vulnerability VCID-tw1y-t4qj-j3d1
75
vulnerability VCID-uw2r-3gvq-bbcq
76
vulnerability VCID-vndb-w8e1-4ugv
77
vulnerability VCID-vrt1-aj9v-2kb6
78
vulnerability VCID-vxj6-wvyz-zbaq
79
vulnerability VCID-vxry-uvph-kbfd
80
vulnerability VCID-vybh-pxr3-17hn
81
vulnerability VCID-wea9-egep-h7g5
82
vulnerability VCID-wge3-kxdq-f3bz
83
vulnerability VCID-wr5t-xqnn-gkcj
84
vulnerability VCID-wxps-mnue-6bbh
85
vulnerability VCID-xa4m-xpa9-v7h8
86
vulnerability VCID-xh7y-56vy-5ud8
87
vulnerability VCID-xqew-bx7v-1qfk
88
vulnerability VCID-y32z-2d3f-gkgw
89
vulnerability VCID-zdq2-dhb2-6kaq
90
vulnerability VCID-zkea-ge1t-z7gn
91
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1
aliases 2016-11-22-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jcy-nx8g-z3d3
1
url VCID-1qjx-grvf-y7bk
vulnerability_id VCID-1qjx-grvf-y7bk
summary 
Insecure Unserialize in TYPO3 Backend
Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-11-22-1.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-11-22-1.yaml
1
reference_url https://github.com/advisories/GHSA-c7rj-92xr-wprg
reference_id GHSA-c7rj-92xr-wprg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7rj-92xr-wprg
fixed_packages
0
url pkg:composer/typo3/cms@6.2.29
purl pkg:composer/typo3/cms@6.2.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-dsu7-jjjq-f3e1
2
vulnerability VCID-f963-qur3-2qb7
3
vulnerability VCID-gcnj-6qb6-pbgz
4
vulnerability VCID-hv3n-j8ck-1ufx
5
vulnerability VCID-nwxj-3ajk-rkh5
6
vulnerability VCID-q9ak-qcq6-qfhy
7
vulnerability VCID-re9h-ze98-rbhu
8
vulnerability VCID-xa4m-xpa9-v7h8
9
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.29
1
url pkg:composer/typo3/cms@7.6.13
purl pkg:composer/typo3/cms@7.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-2fs8-bscc-3ye2
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6b5q-vzs3-pkcc
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-bnne-7p2q-eqd2
7
vulnerability VCID-bxjw-7426-gyb8
8
vulnerability VCID-dbrh-t8zx-nkd9
9
vulnerability VCID-dm97-51uu-r7gw
10
vulnerability VCID-dsu7-jjjq-f3e1
11
vulnerability VCID-ehzg-bzrd-kbcc
12
vulnerability VCID-ep6t-zwd1-4bb3
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-fy3g-uegw-2bew
15
vulnerability VCID-gcnj-6qb6-pbgz
16
vulnerability VCID-h63t-9enx-qfdn
17
vulnerability VCID-hpgq-deze-p7dp
18
vulnerability VCID-hv3n-j8ck-1ufx
19
vulnerability VCID-jqth-wfgx-87cx
20
vulnerability VCID-mnz3-rj21-67ad
21
vulnerability VCID-mqbh-k9n3-nbed
22
vulnerability VCID-mub5-s7h1-57cy
23
vulnerability VCID-n15v-ta9h-6ffb
24
vulnerability VCID-n78p-x7hh-gqcf
25
vulnerability VCID-nt6a-5zkv-pbcm
26
vulnerability VCID-nwxj-3ajk-rkh5
27
vulnerability VCID-pk8d-8u15-5bfq
28
vulnerability VCID-pnfa-cksc-43de
29
vulnerability VCID-q9ak-qcq6-qfhy
30
vulnerability VCID-rdrs-mhaw-b3ge
31
vulnerability VCID-rzw5-8d1u-sfam
32
vulnerability VCID-sr3p-pdxy-4yhu
33
vulnerability VCID-t3jn-vwbx-u7cr
34
vulnerability VCID-tmrt-6fxw-5ugh
35
vulnerability VCID-tw1y-t4qj-j3d1
36
vulnerability VCID-vndb-w8e1-4ugv
37
vulnerability VCID-vrt1-aj9v-2kb6
38
vulnerability VCID-wge3-kxdq-f3bz
39
vulnerability VCID-wr5t-xqnn-gkcj
40
vulnerability VCID-wxps-mnue-6bbh
41
vulnerability VCID-xa4m-xpa9-v7h8
42
vulnerability VCID-xqew-bx7v-1qfk
43
vulnerability VCID-y32z-2d3f-gkgw
44
vulnerability VCID-zdq2-dhb2-6kaq
45
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13
2
url pkg:composer/typo3/cms@8.4.1
purl pkg:composer/typo3/cms@8.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-28bf-jvah-zkhw
3
vulnerability VCID-2fs8-bscc-3ye2
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-c2tm-eqmm-1ugt
24
vulnerability VCID-cm14-t8uv-k3es
25
vulnerability VCID-cmka-8484-27bu
26
vulnerability VCID-dbrh-t8zx-nkd9
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dquc-7amf-e7cs
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-e7sv-4xc2-m3d5
33
vulnerability VCID-eajg-ctpd-2bby
34
vulnerability VCID-ehzg-bzrd-kbcc
35
vulnerability VCID-ekfd-wp8z-d7e1
36
vulnerability VCID-ep6t-zwd1-4bb3
37
vulnerability VCID-euk5-hagy-xqfz
38
vulnerability VCID-fy3g-uegw-2bew
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-h63t-9enx-qfdn
41
vulnerability VCID-he5m-6wj4-rbhc
42
vulnerability VCID-hpgq-deze-p7dp
43
vulnerability VCID-hv3n-j8ck-1ufx
44
vulnerability VCID-j77k-hjgx-5kc5
45
vulnerability VCID-jppe-cbgm-k3cz
46
vulnerability VCID-jqth-wfgx-87cx
47
vulnerability VCID-k4h1-mvnf-1ybx
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-m7w6-b2xu-6uee
50
vulnerability VCID-mnz3-rj21-67ad
51
vulnerability VCID-mqbh-k9n3-nbed
52
vulnerability VCID-mub5-s7h1-57cy
53
vulnerability VCID-n15v-ta9h-6ffb
54
vulnerability VCID-n78p-x7hh-gqcf
55
vulnerability VCID-nt6a-5zkv-pbcm
56
vulnerability VCID-nwxj-3ajk-rkh5
57
vulnerability VCID-pk8d-8u15-5bfq
58
vulnerability VCID-pnfa-cksc-43de
59
vulnerability VCID-px44-19tj-h7aa
60
vulnerability VCID-q8hy-wjd9-nbgp
61
vulnerability VCID-q9ak-qcq6-qfhy
62
vulnerability VCID-qb4j-9tz7-m7a2
63
vulnerability VCID-rdrs-mhaw-b3ge
64
vulnerability VCID-rzw5-8d1u-sfam
65
vulnerability VCID-s64f-x81f-b7ce
66
vulnerability VCID-shqd-udhm-pff8
67
vulnerability VCID-sr3p-pdxy-4yhu
68
vulnerability VCID-stzu-sxe6-5yf5
69
vulnerability VCID-t1n7-eswt-73gw
70
vulnerability VCID-t3jn-vwbx-u7cr
71
vulnerability VCID-tgma-cyvk-97ay
72
vulnerability VCID-tmrt-6fxw-5ugh
73
vulnerability VCID-tqf5-2fsm-8fch
74
vulnerability VCID-tw1y-t4qj-j3d1
75
vulnerability VCID-uw2r-3gvq-bbcq
76
vulnerability VCID-vndb-w8e1-4ugv
77
vulnerability VCID-vrt1-aj9v-2kb6
78
vulnerability VCID-vxj6-wvyz-zbaq
79
vulnerability VCID-vxry-uvph-kbfd
80
vulnerability VCID-vybh-pxr3-17hn
81
vulnerability VCID-wea9-egep-h7g5
82
vulnerability VCID-wge3-kxdq-f3bz
83
vulnerability VCID-wr5t-xqnn-gkcj
84
vulnerability VCID-wxps-mnue-6bbh
85
vulnerability VCID-xa4m-xpa9-v7h8
86
vulnerability VCID-xh7y-56vy-5ud8
87
vulnerability VCID-xqew-bx7v-1qfk
88
vulnerability VCID-y32z-2d3f-gkgw
89
vulnerability VCID-zdq2-dhb2-6kaq
90
vulnerability VCID-zkea-ge1t-z7gn
91
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1
aliases GHSA-c7rj-92xr-wprg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qjx-grvf-y7bk
2
url VCID-435j-f3yx-9yep
vulnerability_id VCID-435j-f3yx-9yep
summary Path Traversal in TYPO3 Core.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024/
fixed_packages
0
url pkg:composer/typo3/cms@6.2.29
purl pkg:composer/typo3/cms@6.2.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-dsu7-jjjq-f3e1
2
vulnerability VCID-f963-qur3-2qb7
3
vulnerability VCID-gcnj-6qb6-pbgz
4
vulnerability VCID-hv3n-j8ck-1ufx
5
vulnerability VCID-nwxj-3ajk-rkh5
6
vulnerability VCID-q9ak-qcq6-qfhy
7
vulnerability VCID-re9h-ze98-rbhu
8
vulnerability VCID-xa4m-xpa9-v7h8
9
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.29
1
url pkg:composer/typo3/cms@7.0.0
purl pkg:composer/typo3/cms@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ng4-5tkh-g7h5
1
vulnerability VCID-28bf-jvah-zkhw
2
vulnerability VCID-2rhx-afay-97da
3
vulnerability VCID-37wu-bjfj-k7eg
4
vulnerability VCID-4etp-u4pt-v7hm
5
vulnerability VCID-51ba-3ag9-rucn
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5paq-5frf-43ed
8
vulnerability VCID-6b5q-vzs3-pkcc
9
vulnerability VCID-6gms-w48j-4ffh
10
vulnerability VCID-6pvx-1qan-ukef
11
vulnerability VCID-6spw-66jg-syb1
12
vulnerability VCID-7zx9-8afq-y3hc
13
vulnerability VCID-99uu-rfrf-bqa7
14
vulnerability VCID-asym-tgh2-1kg8
15
vulnerability VCID-b45y-dr1a-7qd7
16
vulnerability VCID-b5ht-z6zp-pbht
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-bnne-7p2q-eqd2
19
vulnerability VCID-buax-rz7x-r7c2
20
vulnerability VCID-bxjw-7426-gyb8
21
vulnerability VCID-cczn-x8q7-k7ba
22
vulnerability VCID-cjgc-q6p5-2ydc
23
vulnerability VCID-ck23-cxn6-bbf3
24
vulnerability VCID-dbrh-t8zx-nkd9
25
vulnerability VCID-dm97-51uu-r7gw
26
vulnerability VCID-dsu7-jjjq-f3e1
27
vulnerability VCID-ehzg-bzrd-kbcc
28
vulnerability VCID-f4pm-9tq5-q3ch
29
vulnerability VCID-gcnj-6qb6-pbgz
30
vulnerability VCID-h958-d3pm-kfcs
31
vulnerability VCID-kgcq-paqm-9ya6
32
vulnerability VCID-kpze-14jy-xud9
33
vulnerability VCID-kqbk-4q4z-nkec
34
vulnerability VCID-mnz3-rj21-67ad
35
vulnerability VCID-n15v-ta9h-6ffb
36
vulnerability VCID-n78p-x7hh-gqcf
37
vulnerability VCID-ne8w-dpjw-7qf1
38
vulnerability VCID-nwxj-3ajk-rkh5
39
vulnerability VCID-pgzu-kxuj-j3fh
40
vulnerability VCID-pk8d-8u15-5bfq
41
vulnerability VCID-q6dx-uskc-y3hs
42
vulnerability VCID-qemc-8kj8-r3cd
43
vulnerability VCID-rdrs-mhaw-b3ge
44
vulnerability VCID-re9h-ze98-rbhu
45
vulnerability VCID-rwgf-2pfh-ufdz
46
vulnerability VCID-se8w-fv8x-tqde
47
vulnerability VCID-sr3p-pdxy-4yhu
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-tmrt-6fxw-5ugh
50
vulnerability VCID-tw1y-t4qj-j3d1
51
vulnerability VCID-vbbx-pk8m-jfhd
52
vulnerability VCID-vndb-w8e1-4ugv
53
vulnerability VCID-wr5t-xqnn-gkcj
54
vulnerability VCID-ww44-zmx7-47ft
55
vulnerability VCID-wxps-mnue-6bbh
56
vulnerability VCID-xa4m-xpa9-v7h8
57
vulnerability VCID-xhq3-ts9t-sbdy
58
vulnerability VCID-xkpp-psz2-2kag
59
vulnerability VCID-xp55-jxjr-zqcb
60
vulnerability VCID-xqew-bx7v-1qfk
61
vulnerability VCID-y32z-2d3f-gkgw
62
vulnerability VCID-zdq2-dhb2-6kaq
63
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.0
2
url pkg:composer/typo3/cms@7.6.13
purl pkg:composer/typo3/cms@7.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-2fs8-bscc-3ye2
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6b5q-vzs3-pkcc
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-bnne-7p2q-eqd2
7
vulnerability VCID-bxjw-7426-gyb8
8
vulnerability VCID-dbrh-t8zx-nkd9
9
vulnerability VCID-dm97-51uu-r7gw
10
vulnerability VCID-dsu7-jjjq-f3e1
11
vulnerability VCID-ehzg-bzrd-kbcc
12
vulnerability VCID-ep6t-zwd1-4bb3
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-fy3g-uegw-2bew
15
vulnerability VCID-gcnj-6qb6-pbgz
16
vulnerability VCID-h63t-9enx-qfdn
17
vulnerability VCID-hpgq-deze-p7dp
18
vulnerability VCID-hv3n-j8ck-1ufx
19
vulnerability VCID-jqth-wfgx-87cx
20
vulnerability VCID-mnz3-rj21-67ad
21
vulnerability VCID-mqbh-k9n3-nbed
22
vulnerability VCID-mub5-s7h1-57cy
23
vulnerability VCID-n15v-ta9h-6ffb
24
vulnerability VCID-n78p-x7hh-gqcf
25
vulnerability VCID-nt6a-5zkv-pbcm
26
vulnerability VCID-nwxj-3ajk-rkh5
27
vulnerability VCID-pk8d-8u15-5bfq
28
vulnerability VCID-pnfa-cksc-43de
29
vulnerability VCID-q9ak-qcq6-qfhy
30
vulnerability VCID-rdrs-mhaw-b3ge
31
vulnerability VCID-rzw5-8d1u-sfam
32
vulnerability VCID-sr3p-pdxy-4yhu
33
vulnerability VCID-t3jn-vwbx-u7cr
34
vulnerability VCID-tmrt-6fxw-5ugh
35
vulnerability VCID-tw1y-t4qj-j3d1
36
vulnerability VCID-vndb-w8e1-4ugv
37
vulnerability VCID-vrt1-aj9v-2kb6
38
vulnerability VCID-wge3-kxdq-f3bz
39
vulnerability VCID-wr5t-xqnn-gkcj
40
vulnerability VCID-wxps-mnue-6bbh
41
vulnerability VCID-xa4m-xpa9-v7h8
42
vulnerability VCID-xqew-bx7v-1qfk
43
vulnerability VCID-y32z-2d3f-gkgw
44
vulnerability VCID-zdq2-dhb2-6kaq
45
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13
3
url pkg:composer/typo3/cms@8.4.1
purl pkg:composer/typo3/cms@8.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-28bf-jvah-zkhw
3
vulnerability VCID-2fs8-bscc-3ye2
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-c2tm-eqmm-1ugt
24
vulnerability VCID-cm14-t8uv-k3es
25
vulnerability VCID-cmka-8484-27bu
26
vulnerability VCID-dbrh-t8zx-nkd9
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dquc-7amf-e7cs
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-e7sv-4xc2-m3d5
33
vulnerability VCID-eajg-ctpd-2bby
34
vulnerability VCID-ehzg-bzrd-kbcc
35
vulnerability VCID-ekfd-wp8z-d7e1
36
vulnerability VCID-ep6t-zwd1-4bb3
37
vulnerability VCID-euk5-hagy-xqfz
38
vulnerability VCID-fy3g-uegw-2bew
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-h63t-9enx-qfdn
41
vulnerability VCID-he5m-6wj4-rbhc
42
vulnerability VCID-hpgq-deze-p7dp
43
vulnerability VCID-hv3n-j8ck-1ufx
44
vulnerability VCID-j77k-hjgx-5kc5
45
vulnerability VCID-jppe-cbgm-k3cz
46
vulnerability VCID-jqth-wfgx-87cx
47
vulnerability VCID-k4h1-mvnf-1ybx
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-m7w6-b2xu-6uee
50
vulnerability VCID-mnz3-rj21-67ad
51
vulnerability VCID-mqbh-k9n3-nbed
52
vulnerability VCID-mub5-s7h1-57cy
53
vulnerability VCID-n15v-ta9h-6ffb
54
vulnerability VCID-n78p-x7hh-gqcf
55
vulnerability VCID-nt6a-5zkv-pbcm
56
vulnerability VCID-nwxj-3ajk-rkh5
57
vulnerability VCID-pk8d-8u15-5bfq
58
vulnerability VCID-pnfa-cksc-43de
59
vulnerability VCID-px44-19tj-h7aa
60
vulnerability VCID-q8hy-wjd9-nbgp
61
vulnerability VCID-q9ak-qcq6-qfhy
62
vulnerability VCID-qb4j-9tz7-m7a2
63
vulnerability VCID-rdrs-mhaw-b3ge
64
vulnerability VCID-rzw5-8d1u-sfam
65
vulnerability VCID-s64f-x81f-b7ce
66
vulnerability VCID-shqd-udhm-pff8
67
vulnerability VCID-sr3p-pdxy-4yhu
68
vulnerability VCID-stzu-sxe6-5yf5
69
vulnerability VCID-t1n7-eswt-73gw
70
vulnerability VCID-t3jn-vwbx-u7cr
71
vulnerability VCID-tgma-cyvk-97ay
72
vulnerability VCID-tmrt-6fxw-5ugh
73
vulnerability VCID-tqf5-2fsm-8fch
74
vulnerability VCID-tw1y-t4qj-j3d1
75
vulnerability VCID-uw2r-3gvq-bbcq
76
vulnerability VCID-vndb-w8e1-4ugv
77
vulnerability VCID-vrt1-aj9v-2kb6
78
vulnerability VCID-vxj6-wvyz-zbaq
79
vulnerability VCID-vxry-uvph-kbfd
80
vulnerability VCID-vybh-pxr3-17hn
81
vulnerability VCID-wea9-egep-h7g5
82
vulnerability VCID-wge3-kxdq-f3bz
83
vulnerability VCID-wr5t-xqnn-gkcj
84
vulnerability VCID-wxps-mnue-6bbh
85
vulnerability VCID-xa4m-xpa9-v7h8
86
vulnerability VCID-xh7y-56vy-5ud8
87
vulnerability VCID-xqew-bx7v-1qfk
88
vulnerability VCID-y32z-2d3f-gkgw
89
vulnerability VCID-zdq2-dhb2-6kaq
90
vulnerability VCID-zkea-ge1t-z7gn
91
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1
aliases 2016-11-22-2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-435j-f3yx-9yep
3
url VCID-c6zq-cfg5-u7d9
vulnerability_id VCID-c6zq-cfg5-u7d9
summary 
Path Traversal in TYPO3 Core
Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-11-22-2.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-11-22-2.yaml
1
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024
2
reference_url https://github.com/advisories/GHSA-gj48-w74w-8gvm
reference_id GHSA-gj48-w74w-8gvm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gj48-w74w-8gvm
fixed_packages
0
url pkg:composer/typo3/cms@6.2.29
purl pkg:composer/typo3/cms@6.2.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-dsu7-jjjq-f3e1
2
vulnerability VCID-f963-qur3-2qb7
3
vulnerability VCID-gcnj-6qb6-pbgz
4
vulnerability VCID-hv3n-j8ck-1ufx
5
vulnerability VCID-nwxj-3ajk-rkh5
6
vulnerability VCID-q9ak-qcq6-qfhy
7
vulnerability VCID-re9h-ze98-rbhu
8
vulnerability VCID-xa4m-xpa9-v7h8
9
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.29
1
url pkg:composer/typo3/cms@7.6.13
purl pkg:composer/typo3/cms@7.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-2fs8-bscc-3ye2
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6b5q-vzs3-pkcc
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-bnne-7p2q-eqd2
7
vulnerability VCID-bxjw-7426-gyb8
8
vulnerability VCID-dbrh-t8zx-nkd9
9
vulnerability VCID-dm97-51uu-r7gw
10
vulnerability VCID-dsu7-jjjq-f3e1
11
vulnerability VCID-ehzg-bzrd-kbcc
12
vulnerability VCID-ep6t-zwd1-4bb3
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-fy3g-uegw-2bew
15
vulnerability VCID-gcnj-6qb6-pbgz
16
vulnerability VCID-h63t-9enx-qfdn
17
vulnerability VCID-hpgq-deze-p7dp
18
vulnerability VCID-hv3n-j8ck-1ufx
19
vulnerability VCID-jqth-wfgx-87cx
20
vulnerability VCID-mnz3-rj21-67ad
21
vulnerability VCID-mqbh-k9n3-nbed
22
vulnerability VCID-mub5-s7h1-57cy
23
vulnerability VCID-n15v-ta9h-6ffb
24
vulnerability VCID-n78p-x7hh-gqcf
25
vulnerability VCID-nt6a-5zkv-pbcm
26
vulnerability VCID-nwxj-3ajk-rkh5
27
vulnerability VCID-pk8d-8u15-5bfq
28
vulnerability VCID-pnfa-cksc-43de
29
vulnerability VCID-q9ak-qcq6-qfhy
30
vulnerability VCID-rdrs-mhaw-b3ge
31
vulnerability VCID-rzw5-8d1u-sfam
32
vulnerability VCID-sr3p-pdxy-4yhu
33
vulnerability VCID-t3jn-vwbx-u7cr
34
vulnerability VCID-tmrt-6fxw-5ugh
35
vulnerability VCID-tw1y-t4qj-j3d1
36
vulnerability VCID-vndb-w8e1-4ugv
37
vulnerability VCID-vrt1-aj9v-2kb6
38
vulnerability VCID-wge3-kxdq-f3bz
39
vulnerability VCID-wr5t-xqnn-gkcj
40
vulnerability VCID-wxps-mnue-6bbh
41
vulnerability VCID-xa4m-xpa9-v7h8
42
vulnerability VCID-xqew-bx7v-1qfk
43
vulnerability VCID-y32z-2d3f-gkgw
44
vulnerability VCID-zdq2-dhb2-6kaq
45
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13
2
url pkg:composer/typo3/cms@8.4.1
purl pkg:composer/typo3/cms@8.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-28bf-jvah-zkhw
3
vulnerability VCID-2fs8-bscc-3ye2
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-c2tm-eqmm-1ugt
24
vulnerability VCID-cm14-t8uv-k3es
25
vulnerability VCID-cmka-8484-27bu
26
vulnerability VCID-dbrh-t8zx-nkd9
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dquc-7amf-e7cs
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-e7sv-4xc2-m3d5
33
vulnerability VCID-eajg-ctpd-2bby
34
vulnerability VCID-ehzg-bzrd-kbcc
35
vulnerability VCID-ekfd-wp8z-d7e1
36
vulnerability VCID-ep6t-zwd1-4bb3
37
vulnerability VCID-euk5-hagy-xqfz
38
vulnerability VCID-fy3g-uegw-2bew
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-h63t-9enx-qfdn
41
vulnerability VCID-he5m-6wj4-rbhc
42
vulnerability VCID-hpgq-deze-p7dp
43
vulnerability VCID-hv3n-j8ck-1ufx
44
vulnerability VCID-j77k-hjgx-5kc5
45
vulnerability VCID-jppe-cbgm-k3cz
46
vulnerability VCID-jqth-wfgx-87cx
47
vulnerability VCID-k4h1-mvnf-1ybx
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-m7w6-b2xu-6uee
50
vulnerability VCID-mnz3-rj21-67ad
51
vulnerability VCID-mqbh-k9n3-nbed
52
vulnerability VCID-mub5-s7h1-57cy
53
vulnerability VCID-n15v-ta9h-6ffb
54
vulnerability VCID-n78p-x7hh-gqcf
55
vulnerability VCID-nt6a-5zkv-pbcm
56
vulnerability VCID-nwxj-3ajk-rkh5
57
vulnerability VCID-pk8d-8u15-5bfq
58
vulnerability VCID-pnfa-cksc-43de
59
vulnerability VCID-px44-19tj-h7aa
60
vulnerability VCID-q8hy-wjd9-nbgp
61
vulnerability VCID-q9ak-qcq6-qfhy
62
vulnerability VCID-qb4j-9tz7-m7a2
63
vulnerability VCID-rdrs-mhaw-b3ge
64
vulnerability VCID-rzw5-8d1u-sfam
65
vulnerability VCID-s64f-x81f-b7ce
66
vulnerability VCID-shqd-udhm-pff8
67
vulnerability VCID-sr3p-pdxy-4yhu
68
vulnerability VCID-stzu-sxe6-5yf5
69
vulnerability VCID-t1n7-eswt-73gw
70
vulnerability VCID-t3jn-vwbx-u7cr
71
vulnerability VCID-tgma-cyvk-97ay
72
vulnerability VCID-tmrt-6fxw-5ugh
73
vulnerability VCID-tqf5-2fsm-8fch
74
vulnerability VCID-tw1y-t4qj-j3d1
75
vulnerability VCID-uw2r-3gvq-bbcq
76
vulnerability VCID-vndb-w8e1-4ugv
77
vulnerability VCID-vrt1-aj9v-2kb6
78
vulnerability VCID-vxj6-wvyz-zbaq
79
vulnerability VCID-vxry-uvph-kbfd
80
vulnerability VCID-vybh-pxr3-17hn
81
vulnerability VCID-wea9-egep-h7g5
82
vulnerability VCID-wge3-kxdq-f3bz
83
vulnerability VCID-wr5t-xqnn-gkcj
84
vulnerability VCID-wxps-mnue-6bbh
85
vulnerability VCID-xa4m-xpa9-v7h8
86
vulnerability VCID-xh7y-56vy-5ud8
87
vulnerability VCID-xqew-bx7v-1qfk
88
vulnerability VCID-y32z-2d3f-gkgw
89
vulnerability VCID-zdq2-dhb2-6kaq
90
vulnerability VCID-zkea-ge1t-z7gn
91
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1
aliases GHSA-gj48-w74w-8gvm, GMS-2024-342
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6zq-cfg5-u7d9
4
url VCID-nnh9-udcj-m7fv
vulnerability_id VCID-nnh9-udcj-m7fv
summary 
Path Traversal
Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024
fixed_packages
0
url pkg:composer/typo3/cms@6.2.29
purl pkg:composer/typo3/cms@6.2.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-dsu7-jjjq-f3e1
2
vulnerability VCID-f963-qur3-2qb7
3
vulnerability VCID-gcnj-6qb6-pbgz
4
vulnerability VCID-hv3n-j8ck-1ufx
5
vulnerability VCID-nwxj-3ajk-rkh5
6
vulnerability VCID-q9ak-qcq6-qfhy
7
vulnerability VCID-re9h-ze98-rbhu
8
vulnerability VCID-xa4m-xpa9-v7h8
9
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.29
1
url pkg:composer/typo3/cms@7.0.0
purl pkg:composer/typo3/cms@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ng4-5tkh-g7h5
1
vulnerability VCID-28bf-jvah-zkhw
2
vulnerability VCID-2rhx-afay-97da
3
vulnerability VCID-37wu-bjfj-k7eg
4
vulnerability VCID-4etp-u4pt-v7hm
5
vulnerability VCID-51ba-3ag9-rucn
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5paq-5frf-43ed
8
vulnerability VCID-6b5q-vzs3-pkcc
9
vulnerability VCID-6gms-w48j-4ffh
10
vulnerability VCID-6pvx-1qan-ukef
11
vulnerability VCID-6spw-66jg-syb1
12
vulnerability VCID-7zx9-8afq-y3hc
13
vulnerability VCID-99uu-rfrf-bqa7
14
vulnerability VCID-asym-tgh2-1kg8
15
vulnerability VCID-b45y-dr1a-7qd7
16
vulnerability VCID-b5ht-z6zp-pbht
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-bnne-7p2q-eqd2
19
vulnerability VCID-buax-rz7x-r7c2
20
vulnerability VCID-bxjw-7426-gyb8
21
vulnerability VCID-cczn-x8q7-k7ba
22
vulnerability VCID-cjgc-q6p5-2ydc
23
vulnerability VCID-ck23-cxn6-bbf3
24
vulnerability VCID-dbrh-t8zx-nkd9
25
vulnerability VCID-dm97-51uu-r7gw
26
vulnerability VCID-dsu7-jjjq-f3e1
27
vulnerability VCID-ehzg-bzrd-kbcc
28
vulnerability VCID-f4pm-9tq5-q3ch
29
vulnerability VCID-gcnj-6qb6-pbgz
30
vulnerability VCID-h958-d3pm-kfcs
31
vulnerability VCID-kgcq-paqm-9ya6
32
vulnerability VCID-kpze-14jy-xud9
33
vulnerability VCID-kqbk-4q4z-nkec
34
vulnerability VCID-mnz3-rj21-67ad
35
vulnerability VCID-n15v-ta9h-6ffb
36
vulnerability VCID-n78p-x7hh-gqcf
37
vulnerability VCID-ne8w-dpjw-7qf1
38
vulnerability VCID-nwxj-3ajk-rkh5
39
vulnerability VCID-pgzu-kxuj-j3fh
40
vulnerability VCID-pk8d-8u15-5bfq
41
vulnerability VCID-q6dx-uskc-y3hs
42
vulnerability VCID-qemc-8kj8-r3cd
43
vulnerability VCID-rdrs-mhaw-b3ge
44
vulnerability VCID-re9h-ze98-rbhu
45
vulnerability VCID-rwgf-2pfh-ufdz
46
vulnerability VCID-se8w-fv8x-tqde
47
vulnerability VCID-sr3p-pdxy-4yhu
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-tmrt-6fxw-5ugh
50
vulnerability VCID-tw1y-t4qj-j3d1
51
vulnerability VCID-vbbx-pk8m-jfhd
52
vulnerability VCID-vndb-w8e1-4ugv
53
vulnerability VCID-wr5t-xqnn-gkcj
54
vulnerability VCID-ww44-zmx7-47ft
55
vulnerability VCID-wxps-mnue-6bbh
56
vulnerability VCID-xa4m-xpa9-v7h8
57
vulnerability VCID-xhq3-ts9t-sbdy
58
vulnerability VCID-xkpp-psz2-2kag
59
vulnerability VCID-xp55-jxjr-zqcb
60
vulnerability VCID-xqew-bx7v-1qfk
61
vulnerability VCID-y32z-2d3f-gkgw
62
vulnerability VCID-zdq2-dhb2-6kaq
63
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.0
2
url pkg:composer/typo3/cms@7.6.13
purl pkg:composer/typo3/cms@7.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-2fs8-bscc-3ye2
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6b5q-vzs3-pkcc
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-bnne-7p2q-eqd2
7
vulnerability VCID-bxjw-7426-gyb8
8
vulnerability VCID-dbrh-t8zx-nkd9
9
vulnerability VCID-dm97-51uu-r7gw
10
vulnerability VCID-dsu7-jjjq-f3e1
11
vulnerability VCID-ehzg-bzrd-kbcc
12
vulnerability VCID-ep6t-zwd1-4bb3
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-fy3g-uegw-2bew
15
vulnerability VCID-gcnj-6qb6-pbgz
16
vulnerability VCID-h63t-9enx-qfdn
17
vulnerability VCID-hpgq-deze-p7dp
18
vulnerability VCID-hv3n-j8ck-1ufx
19
vulnerability VCID-jqth-wfgx-87cx
20
vulnerability VCID-mnz3-rj21-67ad
21
vulnerability VCID-mqbh-k9n3-nbed
22
vulnerability VCID-mub5-s7h1-57cy
23
vulnerability VCID-n15v-ta9h-6ffb
24
vulnerability VCID-n78p-x7hh-gqcf
25
vulnerability VCID-nt6a-5zkv-pbcm
26
vulnerability VCID-nwxj-3ajk-rkh5
27
vulnerability VCID-pk8d-8u15-5bfq
28
vulnerability VCID-pnfa-cksc-43de
29
vulnerability VCID-q9ak-qcq6-qfhy
30
vulnerability VCID-rdrs-mhaw-b3ge
31
vulnerability VCID-rzw5-8d1u-sfam
32
vulnerability VCID-sr3p-pdxy-4yhu
33
vulnerability VCID-t3jn-vwbx-u7cr
34
vulnerability VCID-tmrt-6fxw-5ugh
35
vulnerability VCID-tw1y-t4qj-j3d1
36
vulnerability VCID-vndb-w8e1-4ugv
37
vulnerability VCID-vrt1-aj9v-2kb6
38
vulnerability VCID-wge3-kxdq-f3bz
39
vulnerability VCID-wr5t-xqnn-gkcj
40
vulnerability VCID-wxps-mnue-6bbh
41
vulnerability VCID-xa4m-xpa9-v7h8
42
vulnerability VCID-xqew-bx7v-1qfk
43
vulnerability VCID-y32z-2d3f-gkgw
44
vulnerability VCID-zdq2-dhb2-6kaq
45
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13
3
url pkg:composer/typo3/cms@8.4.1
purl pkg:composer/typo3/cms@8.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-28bf-jvah-zkhw
3
vulnerability VCID-2fs8-bscc-3ye2
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-c2tm-eqmm-1ugt
24
vulnerability VCID-cm14-t8uv-k3es
25
vulnerability VCID-cmka-8484-27bu
26
vulnerability VCID-dbrh-t8zx-nkd9
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dquc-7amf-e7cs
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-e7sv-4xc2-m3d5
33
vulnerability VCID-eajg-ctpd-2bby
34
vulnerability VCID-ehzg-bzrd-kbcc
35
vulnerability VCID-ekfd-wp8z-d7e1
36
vulnerability VCID-ep6t-zwd1-4bb3
37
vulnerability VCID-euk5-hagy-xqfz
38
vulnerability VCID-fy3g-uegw-2bew
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-h63t-9enx-qfdn
41
vulnerability VCID-he5m-6wj4-rbhc
42
vulnerability VCID-hpgq-deze-p7dp
43
vulnerability VCID-hv3n-j8ck-1ufx
44
vulnerability VCID-j77k-hjgx-5kc5
45
vulnerability VCID-jppe-cbgm-k3cz
46
vulnerability VCID-jqth-wfgx-87cx
47
vulnerability VCID-k4h1-mvnf-1ybx
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-m7w6-b2xu-6uee
50
vulnerability VCID-mnz3-rj21-67ad
51
vulnerability VCID-mqbh-k9n3-nbed
52
vulnerability VCID-mub5-s7h1-57cy
53
vulnerability VCID-n15v-ta9h-6ffb
54
vulnerability VCID-n78p-x7hh-gqcf
55
vulnerability VCID-nt6a-5zkv-pbcm
56
vulnerability VCID-nwxj-3ajk-rkh5
57
vulnerability VCID-pk8d-8u15-5bfq
58
vulnerability VCID-pnfa-cksc-43de
59
vulnerability VCID-px44-19tj-h7aa
60
vulnerability VCID-q8hy-wjd9-nbgp
61
vulnerability VCID-q9ak-qcq6-qfhy
62
vulnerability VCID-qb4j-9tz7-m7a2
63
vulnerability VCID-rdrs-mhaw-b3ge
64
vulnerability VCID-rzw5-8d1u-sfam
65
vulnerability VCID-s64f-x81f-b7ce
66
vulnerability VCID-shqd-udhm-pff8
67
vulnerability VCID-sr3p-pdxy-4yhu
68
vulnerability VCID-stzu-sxe6-5yf5
69
vulnerability VCID-t1n7-eswt-73gw
70
vulnerability VCID-t3jn-vwbx-u7cr
71
vulnerability VCID-tgma-cyvk-97ay
72
vulnerability VCID-tmrt-6fxw-5ugh
73
vulnerability VCID-tqf5-2fsm-8fch
74
vulnerability VCID-tw1y-t4qj-j3d1
75
vulnerability VCID-uw2r-3gvq-bbcq
76
vulnerability VCID-vndb-w8e1-4ugv
77
vulnerability VCID-vrt1-aj9v-2kb6
78
vulnerability VCID-vxj6-wvyz-zbaq
79
vulnerability VCID-vxry-uvph-kbfd
80
vulnerability VCID-vybh-pxr3-17hn
81
vulnerability VCID-wea9-egep-h7g5
82
vulnerability VCID-wge3-kxdq-f3bz
83
vulnerability VCID-wr5t-xqnn-gkcj
84
vulnerability VCID-wxps-mnue-6bbh
85
vulnerability VCID-xa4m-xpa9-v7h8
86
vulnerability VCID-xh7y-56vy-5ud8
87
vulnerability VCID-xqew-bx7v-1qfk
88
vulnerability VCID-y32z-2d3f-gkgw
89
vulnerability VCID-zdq2-dhb2-6kaq
90
vulnerability VCID-zkea-ge1t-z7gn
91
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1
aliases TYPO3-CORE-SA-2016-024
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nnh9-udcj-m7fv
5
url VCID-prbd-r82t-87dm
vulnerability_id VCID-prbd-r82t-87dm
summary 
Insecure Unserialize in TYPO3 Backend
Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023
fixed_packages
0
url pkg:composer/typo3/cms@6.2.29
purl pkg:composer/typo3/cms@6.2.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5jgb-dsyx-hyb4
1
vulnerability VCID-dsu7-jjjq-f3e1
2
vulnerability VCID-f963-qur3-2qb7
3
vulnerability VCID-gcnj-6qb6-pbgz
4
vulnerability VCID-hv3n-j8ck-1ufx
5
vulnerability VCID-nwxj-3ajk-rkh5
6
vulnerability VCID-q9ak-qcq6-qfhy
7
vulnerability VCID-re9h-ze98-rbhu
8
vulnerability VCID-xa4m-xpa9-v7h8
9
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.29
1
url pkg:composer/typo3/cms@7.0.0
purl pkg:composer/typo3/cms@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ng4-5tkh-g7h5
1
vulnerability VCID-28bf-jvah-zkhw
2
vulnerability VCID-2rhx-afay-97da
3
vulnerability VCID-37wu-bjfj-k7eg
4
vulnerability VCID-4etp-u4pt-v7hm
5
vulnerability VCID-51ba-3ag9-rucn
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5paq-5frf-43ed
8
vulnerability VCID-6b5q-vzs3-pkcc
9
vulnerability VCID-6gms-w48j-4ffh
10
vulnerability VCID-6pvx-1qan-ukef
11
vulnerability VCID-6spw-66jg-syb1
12
vulnerability VCID-7zx9-8afq-y3hc
13
vulnerability VCID-99uu-rfrf-bqa7
14
vulnerability VCID-asym-tgh2-1kg8
15
vulnerability VCID-b45y-dr1a-7qd7
16
vulnerability VCID-b5ht-z6zp-pbht
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-bnne-7p2q-eqd2
19
vulnerability VCID-buax-rz7x-r7c2
20
vulnerability VCID-bxjw-7426-gyb8
21
vulnerability VCID-cczn-x8q7-k7ba
22
vulnerability VCID-cjgc-q6p5-2ydc
23
vulnerability VCID-ck23-cxn6-bbf3
24
vulnerability VCID-dbrh-t8zx-nkd9
25
vulnerability VCID-dm97-51uu-r7gw
26
vulnerability VCID-dsu7-jjjq-f3e1
27
vulnerability VCID-ehzg-bzrd-kbcc
28
vulnerability VCID-f4pm-9tq5-q3ch
29
vulnerability VCID-gcnj-6qb6-pbgz
30
vulnerability VCID-h958-d3pm-kfcs
31
vulnerability VCID-kgcq-paqm-9ya6
32
vulnerability VCID-kpze-14jy-xud9
33
vulnerability VCID-kqbk-4q4z-nkec
34
vulnerability VCID-mnz3-rj21-67ad
35
vulnerability VCID-n15v-ta9h-6ffb
36
vulnerability VCID-n78p-x7hh-gqcf
37
vulnerability VCID-ne8w-dpjw-7qf1
38
vulnerability VCID-nwxj-3ajk-rkh5
39
vulnerability VCID-pgzu-kxuj-j3fh
40
vulnerability VCID-pk8d-8u15-5bfq
41
vulnerability VCID-q6dx-uskc-y3hs
42
vulnerability VCID-qemc-8kj8-r3cd
43
vulnerability VCID-rdrs-mhaw-b3ge
44
vulnerability VCID-re9h-ze98-rbhu
45
vulnerability VCID-rwgf-2pfh-ufdz
46
vulnerability VCID-se8w-fv8x-tqde
47
vulnerability VCID-sr3p-pdxy-4yhu
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-tmrt-6fxw-5ugh
50
vulnerability VCID-tw1y-t4qj-j3d1
51
vulnerability VCID-vbbx-pk8m-jfhd
52
vulnerability VCID-vndb-w8e1-4ugv
53
vulnerability VCID-wr5t-xqnn-gkcj
54
vulnerability VCID-ww44-zmx7-47ft
55
vulnerability VCID-wxps-mnue-6bbh
56
vulnerability VCID-xa4m-xpa9-v7h8
57
vulnerability VCID-xhq3-ts9t-sbdy
58
vulnerability VCID-xkpp-psz2-2kag
59
vulnerability VCID-xp55-jxjr-zqcb
60
vulnerability VCID-xqew-bx7v-1qfk
61
vulnerability VCID-y32z-2d3f-gkgw
62
vulnerability VCID-zdq2-dhb2-6kaq
63
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.0
2
url pkg:composer/typo3/cms@7.6.13
purl pkg:composer/typo3/cms@7.6.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28bf-jvah-zkhw
1
vulnerability VCID-2fs8-bscc-3ye2
2
vulnerability VCID-5jgb-dsyx-hyb4
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-6b5q-vzs3-pkcc
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-bnne-7p2q-eqd2
7
vulnerability VCID-bxjw-7426-gyb8
8
vulnerability VCID-dbrh-t8zx-nkd9
9
vulnerability VCID-dm97-51uu-r7gw
10
vulnerability VCID-dsu7-jjjq-f3e1
11
vulnerability VCID-ehzg-bzrd-kbcc
12
vulnerability VCID-ep6t-zwd1-4bb3
13
vulnerability VCID-f963-qur3-2qb7
14
vulnerability VCID-fy3g-uegw-2bew
15
vulnerability VCID-gcnj-6qb6-pbgz
16
vulnerability VCID-h63t-9enx-qfdn
17
vulnerability VCID-hpgq-deze-p7dp
18
vulnerability VCID-hv3n-j8ck-1ufx
19
vulnerability VCID-jqth-wfgx-87cx
20
vulnerability VCID-mnz3-rj21-67ad
21
vulnerability VCID-mqbh-k9n3-nbed
22
vulnerability VCID-mub5-s7h1-57cy
23
vulnerability VCID-n15v-ta9h-6ffb
24
vulnerability VCID-n78p-x7hh-gqcf
25
vulnerability VCID-nt6a-5zkv-pbcm
26
vulnerability VCID-nwxj-3ajk-rkh5
27
vulnerability VCID-pk8d-8u15-5bfq
28
vulnerability VCID-pnfa-cksc-43de
29
vulnerability VCID-q9ak-qcq6-qfhy
30
vulnerability VCID-rdrs-mhaw-b3ge
31
vulnerability VCID-rzw5-8d1u-sfam
32
vulnerability VCID-sr3p-pdxy-4yhu
33
vulnerability VCID-t3jn-vwbx-u7cr
34
vulnerability VCID-tmrt-6fxw-5ugh
35
vulnerability VCID-tw1y-t4qj-j3d1
36
vulnerability VCID-vndb-w8e1-4ugv
37
vulnerability VCID-vrt1-aj9v-2kb6
38
vulnerability VCID-wge3-kxdq-f3bz
39
vulnerability VCID-wr5t-xqnn-gkcj
40
vulnerability VCID-wxps-mnue-6bbh
41
vulnerability VCID-xa4m-xpa9-v7h8
42
vulnerability VCID-xqew-bx7v-1qfk
43
vulnerability VCID-y32z-2d3f-gkgw
44
vulnerability VCID-zdq2-dhb2-6kaq
45
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13
3
url pkg:composer/typo3/cms@8.4.1
purl pkg:composer/typo3/cms@8.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18dg-eevv-3ug9
1
vulnerability VCID-1kae-ffj3-xyc7
2
vulnerability VCID-28bf-jvah-zkhw
3
vulnerability VCID-2fs8-bscc-3ye2
4
vulnerability VCID-2meq-x4kd-bbdn
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-4ack-haf2-cfbe
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-5jgb-dsyx-hyb4
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5qfv-y43v-akdm
14
vulnerability VCID-5yg8-2cbr-d3as
15
vulnerability VCID-6487-15z5-pkd4
16
vulnerability VCID-6b5q-vzs3-pkcc
17
vulnerability VCID-9g62-zd1x-3bdg
18
vulnerability VCID-9gpp-ez8w-rqav
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-bajy-qbwq-fufn
21
vulnerability VCID-bnne-7p2q-eqd2
22
vulnerability VCID-bxjw-7426-gyb8
23
vulnerability VCID-c2tm-eqmm-1ugt
24
vulnerability VCID-cm14-t8uv-k3es
25
vulnerability VCID-cmka-8484-27bu
26
vulnerability VCID-dbrh-t8zx-nkd9
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dquc-7amf-e7cs
30
vulnerability VCID-dsu7-jjjq-f3e1
31
vulnerability VCID-e72u-tpc3-23g3
32
vulnerability VCID-e7sv-4xc2-m3d5
33
vulnerability VCID-eajg-ctpd-2bby
34
vulnerability VCID-ehzg-bzrd-kbcc
35
vulnerability VCID-ekfd-wp8z-d7e1
36
vulnerability VCID-ep6t-zwd1-4bb3
37
vulnerability VCID-euk5-hagy-xqfz
38
vulnerability VCID-fy3g-uegw-2bew
39
vulnerability VCID-gcnj-6qb6-pbgz
40
vulnerability VCID-h63t-9enx-qfdn
41
vulnerability VCID-he5m-6wj4-rbhc
42
vulnerability VCID-hpgq-deze-p7dp
43
vulnerability VCID-hv3n-j8ck-1ufx
44
vulnerability VCID-j77k-hjgx-5kc5
45
vulnerability VCID-jppe-cbgm-k3cz
46
vulnerability VCID-jqth-wfgx-87cx
47
vulnerability VCID-k4h1-mvnf-1ybx
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-m7w6-b2xu-6uee
50
vulnerability VCID-mnz3-rj21-67ad
51
vulnerability VCID-mqbh-k9n3-nbed
52
vulnerability VCID-mub5-s7h1-57cy
53
vulnerability VCID-n15v-ta9h-6ffb
54
vulnerability VCID-n78p-x7hh-gqcf
55
vulnerability VCID-nt6a-5zkv-pbcm
56
vulnerability VCID-nwxj-3ajk-rkh5
57
vulnerability VCID-pk8d-8u15-5bfq
58
vulnerability VCID-pnfa-cksc-43de
59
vulnerability VCID-px44-19tj-h7aa
60
vulnerability VCID-q8hy-wjd9-nbgp
61
vulnerability VCID-q9ak-qcq6-qfhy
62
vulnerability VCID-qb4j-9tz7-m7a2
63
vulnerability VCID-rdrs-mhaw-b3ge
64
vulnerability VCID-rzw5-8d1u-sfam
65
vulnerability VCID-s64f-x81f-b7ce
66
vulnerability VCID-shqd-udhm-pff8
67
vulnerability VCID-sr3p-pdxy-4yhu
68
vulnerability VCID-stzu-sxe6-5yf5
69
vulnerability VCID-t1n7-eswt-73gw
70
vulnerability VCID-t3jn-vwbx-u7cr
71
vulnerability VCID-tgma-cyvk-97ay
72
vulnerability VCID-tmrt-6fxw-5ugh
73
vulnerability VCID-tqf5-2fsm-8fch
74
vulnerability VCID-tw1y-t4qj-j3d1
75
vulnerability VCID-uw2r-3gvq-bbcq
76
vulnerability VCID-vndb-w8e1-4ugv
77
vulnerability VCID-vrt1-aj9v-2kb6
78
vulnerability VCID-vxj6-wvyz-zbaq
79
vulnerability VCID-vxry-uvph-kbfd
80
vulnerability VCID-vybh-pxr3-17hn
81
vulnerability VCID-wea9-egep-h7g5
82
vulnerability VCID-wge3-kxdq-f3bz
83
vulnerability VCID-wr5t-xqnn-gkcj
84
vulnerability VCID-wxps-mnue-6bbh
85
vulnerability VCID-xa4m-xpa9-v7h8
86
vulnerability VCID-xh7y-56vy-5ud8
87
vulnerability VCID-xqew-bx7v-1qfk
88
vulnerability VCID-y32z-2d3f-gkgw
89
vulnerability VCID-zdq2-dhb2-6kaq
90
vulnerability VCID-zkea-ge1t-z7gn
91
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1
aliases TYPO3-CORE-SA-2016-023
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prbd-r82t-87dm
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13