Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms-core@7.0.0
Typecomposer
Namespacetypo3
Namecms-core
Version7.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.4.41
Latest_non_vulnerable_version14.0.2
Affected_by_vulnerabilities
0
url VCID-12y5-7b81-wkfu
vulnerability_id VCID-12y5-7b81-wkfu
summary 
TYPO3 CMS Authentication Bypass vulnerability
It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-07-12-1.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-07-12-1.yaml
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-001
3
reference_url https://github.com/advisories/GHSA-x4rj-f7m6-42c3
reference_id GHSA-x4rj-f7m6-42c3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4rj-f7m6-42c3
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.30
purl pkg:composer/typo3/cms-core@7.6.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.30
1
url pkg:composer/typo3/cms-core@8.7.17
purl pkg:composer/typo3/cms-core@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3gg5-1921-rbfs
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4btk-jt5n-2ugf
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-551q-gpyd-ffe8
8
vulnerability VCID-5jgb-dsyx-hyb4
9
vulnerability VCID-5mxm-88r9-hfey
10
vulnerability VCID-5paq-5frf-43ed
11
vulnerability VCID-5u4q-m66t-wqcj
12
vulnerability VCID-5z59-dn7p-xbc5
13
vulnerability VCID-6xmj-wbea-r7ex
14
vulnerability VCID-9g62-zd1x-3bdg
15
vulnerability VCID-9gpp-ez8w-rqav
16
vulnerability VCID-9x6r-56xm-n7h7
17
vulnerability VCID-9zqs-hjay-fkev
18
vulnerability VCID-a563-vtwa-hkbr
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-axvk-13qf-tka7
21
vulnerability VCID-b6er-h7dm-3bev
22
vulnerability VCID-b81w-n2ne-z3ee
23
vulnerability VCID-bajy-qbwq-fufn
24
vulnerability VCID-bnne-7p2q-eqd2
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-d99v-v9cj-zfh2
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dsu7-jjjq-f3e1
30
vulnerability VCID-e268-wagv-sbex
31
vulnerability VCID-eajg-ctpd-2bby
32
vulnerability VCID-ehzg-bzrd-kbcc
33
vulnerability VCID-ekfd-wp8z-d7e1
34
vulnerability VCID-f4bv-pzdy-dfcb
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-g4uc-qeb6-myed
37
vulnerability VCID-gcnj-6qb6-pbgz
38
vulnerability VCID-gv1b-xtv4-4yg3
39
vulnerability VCID-h6y3-7gsq-skh2
40
vulnerability VCID-he5m-6wj4-rbhc
41
vulnerability VCID-hhmn-yz5p-xkap
42
vulnerability VCID-j77k-hjgx-5kc5
43
vulnerability VCID-k8af-cg9k-87a9
44
vulnerability VCID-mh4f-vtfj-hbb1
45
vulnerability VCID-mnz3-rj21-67ad
46
vulnerability VCID-n15v-ta9h-6ffb
47
vulnerability VCID-n1cb-8py6-bbhu
48
vulnerability VCID-n78p-x7hh-gqcf
49
vulnerability VCID-n7ng-zkkb-2qaz
50
vulnerability VCID-pmzz-9rws-4ud5
51
vulnerability VCID-pss5-as4b-cyf2
52
vulnerability VCID-px44-19tj-h7aa
53
vulnerability VCID-q8hy-wjd9-nbgp
54
vulnerability VCID-qb4j-9tz7-m7a2
55
vulnerability VCID-rdrs-mhaw-b3ge
56
vulnerability VCID-rwqs-3ktq-qqbd
57
vulnerability VCID-s53a-f91p-huf4
58
vulnerability VCID-s55j-8hbt-akhn
59
vulnerability VCID-s64f-x81f-b7ce
60
vulnerability VCID-stzu-sxe6-5yf5
61
vulnerability VCID-swnc-ke6h-ekew
62
vulnerability VCID-t1n7-eswt-73gw
63
vulnerability VCID-t3jn-vwbx-u7cr
64
vulnerability VCID-taj6-zj2n-5kg8
65
vulnerability VCID-tnjd-pyys-akav
66
vulnerability VCID-tw1y-t4qj-j3d1
67
vulnerability VCID-vxry-uvph-kbfd
68
vulnerability VCID-vyvy-y3cw-hbgr
69
vulnerability VCID-wea9-egep-h7g5
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-y32z-2d3f-gkgw
73
vulnerability VCID-zdq2-dhb2-6kaq
74
vulnerability VCID-zkea-ge1t-z7gn
75
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17
2
url pkg:composer/typo3/cms-core@9.3.2
purl pkg:composer/typo3/cms-core@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3gg5-1921-rbfs
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-461j-9hrc-gfbc
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-4jpa-6fqh-hbfg
9
vulnerability VCID-4mkw-tv16-jyca
10
vulnerability VCID-4t9s-p25a-cfas
11
vulnerability VCID-543x-cnbz-1kb9
12
vulnerability VCID-551q-gpyd-ffe8
13
vulnerability VCID-58js-jzm4-4fc7
14
vulnerability VCID-5jgb-dsyx-hyb4
15
vulnerability VCID-5kzs-ex81-bbaj
16
vulnerability VCID-5paq-5frf-43ed
17
vulnerability VCID-5u4q-m66t-wqcj
18
vulnerability VCID-5z59-dn7p-xbc5
19
vulnerability VCID-65ue-7jd9-23gf
20
vulnerability VCID-6a9t-8dmn-s3bv
21
vulnerability VCID-6xmj-wbea-r7ex
22
vulnerability VCID-8d2m-1ffv-jqe1
23
vulnerability VCID-9g62-zd1x-3bdg
24
vulnerability VCID-9gpp-ez8w-rqav
25
vulnerability VCID-9x6r-56xm-n7h7
26
vulnerability VCID-9zqs-hjay-fkev
27
vulnerability VCID-a49c-fqrj-nbb3
28
vulnerability VCID-a563-vtwa-hkbr
29
vulnerability VCID-axaf-45kr-kbfe
30
vulnerability VCID-axvk-13qf-tka7
31
vulnerability VCID-b6er-h7dm-3bev
32
vulnerability VCID-bajy-qbwq-fufn
33
vulnerability VCID-bnne-7p2q-eqd2
34
vulnerability VCID-cm14-t8uv-k3es
35
vulnerability VCID-d8d1-sat6-muhe
36
vulnerability VCID-d99v-v9cj-zfh2
37
vulnerability VCID-dj88-f3p8-cfbn
38
vulnerability VCID-dm97-51uu-r7gw
39
vulnerability VCID-dmzb-gkdn-6bcm
40
vulnerability VCID-dsu7-jjjq-f3e1
41
vulnerability VCID-e268-wagv-sbex
42
vulnerability VCID-e32h-8q61-hbgc
43
vulnerability VCID-eajg-ctpd-2bby
44
vulnerability VCID-ekfd-wp8z-d7e1
45
vulnerability VCID-f4bv-pzdy-dfcb
46
vulnerability VCID-f963-qur3-2qb7
47
vulnerability VCID-g4uc-qeb6-myed
48
vulnerability VCID-gcnj-6qb6-pbgz
49
vulnerability VCID-gv1b-xtv4-4yg3
50
vulnerability VCID-h6y3-7gsq-skh2
51
vulnerability VCID-he5m-6wj4-rbhc
52
vulnerability VCID-hhmn-yz5p-xkap
53
vulnerability VCID-k8af-cg9k-87a9
54
vulnerability VCID-kj9x-psfz-2ug1
55
vulnerability VCID-mh4f-vtfj-hbb1
56
vulnerability VCID-mnz3-rj21-67ad
57
vulnerability VCID-mud2-s4rc-fuf6
58
vulnerability VCID-n15v-ta9h-6ffb
59
vulnerability VCID-n1cb-8py6-bbhu
60
vulnerability VCID-n78p-x7hh-gqcf
61
vulnerability VCID-n7ng-zkkb-2qaz
62
vulnerability VCID-nubu-f1sc-gbes
63
vulnerability VCID-nxq4-m52q-yuh4
64
vulnerability VCID-p715-yexd-jfgc
65
vulnerability VCID-phgh-sd4m-zbdx
66
vulnerability VCID-pmzz-9rws-4ud5
67
vulnerability VCID-pss5-as4b-cyf2
68
vulnerability VCID-px44-19tj-h7aa
69
vulnerability VCID-q8hy-wjd9-nbgp
70
vulnerability VCID-qb4j-9tz7-m7a2
71
vulnerability VCID-raxk-rm9v-hubn
72
vulnerability VCID-rdrs-mhaw-b3ge
73
vulnerability VCID-remd-55jh-r3g5
74
vulnerability VCID-rwqs-3ktq-qqbd
75
vulnerability VCID-s53a-f91p-huf4
76
vulnerability VCID-s55j-8hbt-akhn
77
vulnerability VCID-s64f-x81f-b7ce
78
vulnerability VCID-stzu-sxe6-5yf5
79
vulnerability VCID-sw7v-fbjk-13hy
80
vulnerability VCID-swnc-ke6h-ekew
81
vulnerability VCID-t1n7-eswt-73gw
82
vulnerability VCID-t3jn-vwbx-u7cr
83
vulnerability VCID-taj6-zj2n-5kg8
84
vulnerability VCID-tnjd-pyys-akav
85
vulnerability VCID-tw1y-t4qj-j3d1
86
vulnerability VCID-u9bx-8e86-wbew
87
vulnerability VCID-ve7g-8st5-wffb
88
vulnerability VCID-vxry-uvph-kbfd
89
vulnerability VCID-vyvy-y3cw-hbgr
90
vulnerability VCID-w13x-3rp9-wyej
91
vulnerability VCID-wea9-egep-h7g5
92
vulnerability VCID-xa4m-xpa9-v7h8
93
vulnerability VCID-xh7y-56vy-5ud8
94
vulnerability VCID-xtdg-uj46-rkcm
95
vulnerability VCID-xy6y-312d-rygj
96
vulnerability VCID-y32z-2d3f-gkgw
97
vulnerability VCID-yzx1-4psv-7bhr
98
vulnerability VCID-zdq2-dhb2-6kaq
99
vulnerability VCID-zkea-ge1t-z7gn
100
vulnerability VCID-zspb-bd6j-wyd2
101
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2
aliases GHSA-x4rj-f7m6-42c3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12y5-7b81-wkfu
1
url VCID-28bf-jvah-zkhw
vulnerability_id VCID-28bf-jvah-zkhw
summary 
Improper Authentication
Authentication Bypass in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.30
purl pkg:composer/typo3/cms-core@7.6.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.30
1
url pkg:composer/typo3/cms-core@8.7.17
purl pkg:composer/typo3/cms-core@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3gg5-1921-rbfs
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4btk-jt5n-2ugf
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-551q-gpyd-ffe8
8
vulnerability VCID-5jgb-dsyx-hyb4
9
vulnerability VCID-5mxm-88r9-hfey
10
vulnerability VCID-5paq-5frf-43ed
11
vulnerability VCID-5u4q-m66t-wqcj
12
vulnerability VCID-5z59-dn7p-xbc5
13
vulnerability VCID-6xmj-wbea-r7ex
14
vulnerability VCID-9g62-zd1x-3bdg
15
vulnerability VCID-9gpp-ez8w-rqav
16
vulnerability VCID-9x6r-56xm-n7h7
17
vulnerability VCID-9zqs-hjay-fkev
18
vulnerability VCID-a563-vtwa-hkbr
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-axvk-13qf-tka7
21
vulnerability VCID-b6er-h7dm-3bev
22
vulnerability VCID-b81w-n2ne-z3ee
23
vulnerability VCID-bajy-qbwq-fufn
24
vulnerability VCID-bnne-7p2q-eqd2
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-d99v-v9cj-zfh2
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dsu7-jjjq-f3e1
30
vulnerability VCID-e268-wagv-sbex
31
vulnerability VCID-eajg-ctpd-2bby
32
vulnerability VCID-ehzg-bzrd-kbcc
33
vulnerability VCID-ekfd-wp8z-d7e1
34
vulnerability VCID-f4bv-pzdy-dfcb
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-g4uc-qeb6-myed
37
vulnerability VCID-gcnj-6qb6-pbgz
38
vulnerability VCID-gv1b-xtv4-4yg3
39
vulnerability VCID-h6y3-7gsq-skh2
40
vulnerability VCID-he5m-6wj4-rbhc
41
vulnerability VCID-hhmn-yz5p-xkap
42
vulnerability VCID-j77k-hjgx-5kc5
43
vulnerability VCID-k8af-cg9k-87a9
44
vulnerability VCID-mh4f-vtfj-hbb1
45
vulnerability VCID-mnz3-rj21-67ad
46
vulnerability VCID-n15v-ta9h-6ffb
47
vulnerability VCID-n1cb-8py6-bbhu
48
vulnerability VCID-n78p-x7hh-gqcf
49
vulnerability VCID-n7ng-zkkb-2qaz
50
vulnerability VCID-pmzz-9rws-4ud5
51
vulnerability VCID-pss5-as4b-cyf2
52
vulnerability VCID-px44-19tj-h7aa
53
vulnerability VCID-q8hy-wjd9-nbgp
54
vulnerability VCID-qb4j-9tz7-m7a2
55
vulnerability VCID-rdrs-mhaw-b3ge
56
vulnerability VCID-rwqs-3ktq-qqbd
57
vulnerability VCID-s53a-f91p-huf4
58
vulnerability VCID-s55j-8hbt-akhn
59
vulnerability VCID-s64f-x81f-b7ce
60
vulnerability VCID-stzu-sxe6-5yf5
61
vulnerability VCID-swnc-ke6h-ekew
62
vulnerability VCID-t1n7-eswt-73gw
63
vulnerability VCID-t3jn-vwbx-u7cr
64
vulnerability VCID-taj6-zj2n-5kg8
65
vulnerability VCID-tnjd-pyys-akav
66
vulnerability VCID-tw1y-t4qj-j3d1
67
vulnerability VCID-vxry-uvph-kbfd
68
vulnerability VCID-vyvy-y3cw-hbgr
69
vulnerability VCID-wea9-egep-h7g5
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-y32z-2d3f-gkgw
73
vulnerability VCID-zdq2-dhb2-6kaq
74
vulnerability VCID-zkea-ge1t-z7gn
75
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17
2
url pkg:composer/typo3/cms-core@9.3.2
purl pkg:composer/typo3/cms-core@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3gg5-1921-rbfs
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-461j-9hrc-gfbc
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-4jpa-6fqh-hbfg
9
vulnerability VCID-4mkw-tv16-jyca
10
vulnerability VCID-4t9s-p25a-cfas
11
vulnerability VCID-543x-cnbz-1kb9
12
vulnerability VCID-551q-gpyd-ffe8
13
vulnerability VCID-58js-jzm4-4fc7
14
vulnerability VCID-5jgb-dsyx-hyb4
15
vulnerability VCID-5kzs-ex81-bbaj
16
vulnerability VCID-5paq-5frf-43ed
17
vulnerability VCID-5u4q-m66t-wqcj
18
vulnerability VCID-5z59-dn7p-xbc5
19
vulnerability VCID-65ue-7jd9-23gf
20
vulnerability VCID-6a9t-8dmn-s3bv
21
vulnerability VCID-6xmj-wbea-r7ex
22
vulnerability VCID-8d2m-1ffv-jqe1
23
vulnerability VCID-9g62-zd1x-3bdg
24
vulnerability VCID-9gpp-ez8w-rqav
25
vulnerability VCID-9x6r-56xm-n7h7
26
vulnerability VCID-9zqs-hjay-fkev
27
vulnerability VCID-a49c-fqrj-nbb3
28
vulnerability VCID-a563-vtwa-hkbr
29
vulnerability VCID-axaf-45kr-kbfe
30
vulnerability VCID-axvk-13qf-tka7
31
vulnerability VCID-b6er-h7dm-3bev
32
vulnerability VCID-bajy-qbwq-fufn
33
vulnerability VCID-bnne-7p2q-eqd2
34
vulnerability VCID-cm14-t8uv-k3es
35
vulnerability VCID-d8d1-sat6-muhe
36
vulnerability VCID-d99v-v9cj-zfh2
37
vulnerability VCID-dj88-f3p8-cfbn
38
vulnerability VCID-dm97-51uu-r7gw
39
vulnerability VCID-dmzb-gkdn-6bcm
40
vulnerability VCID-dsu7-jjjq-f3e1
41
vulnerability VCID-e268-wagv-sbex
42
vulnerability VCID-e32h-8q61-hbgc
43
vulnerability VCID-eajg-ctpd-2bby
44
vulnerability VCID-ekfd-wp8z-d7e1
45
vulnerability VCID-f4bv-pzdy-dfcb
46
vulnerability VCID-f963-qur3-2qb7
47
vulnerability VCID-g4uc-qeb6-myed
48
vulnerability VCID-gcnj-6qb6-pbgz
49
vulnerability VCID-gv1b-xtv4-4yg3
50
vulnerability VCID-h6y3-7gsq-skh2
51
vulnerability VCID-he5m-6wj4-rbhc
52
vulnerability VCID-hhmn-yz5p-xkap
53
vulnerability VCID-k8af-cg9k-87a9
54
vulnerability VCID-kj9x-psfz-2ug1
55
vulnerability VCID-mh4f-vtfj-hbb1
56
vulnerability VCID-mnz3-rj21-67ad
57
vulnerability VCID-mud2-s4rc-fuf6
58
vulnerability VCID-n15v-ta9h-6ffb
59
vulnerability VCID-n1cb-8py6-bbhu
60
vulnerability VCID-n78p-x7hh-gqcf
61
vulnerability VCID-n7ng-zkkb-2qaz
62
vulnerability VCID-nubu-f1sc-gbes
63
vulnerability VCID-nxq4-m52q-yuh4
64
vulnerability VCID-p715-yexd-jfgc
65
vulnerability VCID-phgh-sd4m-zbdx
66
vulnerability VCID-pmzz-9rws-4ud5
67
vulnerability VCID-pss5-as4b-cyf2
68
vulnerability VCID-px44-19tj-h7aa
69
vulnerability VCID-q8hy-wjd9-nbgp
70
vulnerability VCID-qb4j-9tz7-m7a2
71
vulnerability VCID-raxk-rm9v-hubn
72
vulnerability VCID-rdrs-mhaw-b3ge
73
vulnerability VCID-remd-55jh-r3g5
74
vulnerability VCID-rwqs-3ktq-qqbd
75
vulnerability VCID-s53a-f91p-huf4
76
vulnerability VCID-s55j-8hbt-akhn
77
vulnerability VCID-s64f-x81f-b7ce
78
vulnerability VCID-stzu-sxe6-5yf5
79
vulnerability VCID-sw7v-fbjk-13hy
80
vulnerability VCID-swnc-ke6h-ekew
81
vulnerability VCID-t1n7-eswt-73gw
82
vulnerability VCID-t3jn-vwbx-u7cr
83
vulnerability VCID-taj6-zj2n-5kg8
84
vulnerability VCID-tnjd-pyys-akav
85
vulnerability VCID-tw1y-t4qj-j3d1
86
vulnerability VCID-u9bx-8e86-wbew
87
vulnerability VCID-ve7g-8st5-wffb
88
vulnerability VCID-vxry-uvph-kbfd
89
vulnerability VCID-vyvy-y3cw-hbgr
90
vulnerability VCID-w13x-3rp9-wyej
91
vulnerability VCID-wea9-egep-h7g5
92
vulnerability VCID-xa4m-xpa9-v7h8
93
vulnerability VCID-xh7y-56vy-5ud8
94
vulnerability VCID-xtdg-uj46-rkcm
95
vulnerability VCID-xy6y-312d-rygj
96
vulnerability VCID-y32z-2d3f-gkgw
97
vulnerability VCID-yzx1-4psv-7bhr
98
vulnerability VCID-zdq2-dhb2-6kaq
99
vulnerability VCID-zkea-ge1t-z7gn
100
vulnerability VCID-zspb-bd6j-wyd2
101
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2
aliases 2018-07-12-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28bf-jvah-zkhw
2
url VCID-5jgb-dsyx-hyb4
vulnerability_id VCID-5jgb-dsyx-hyb4
summary 
Open Redirection in Login Handling
### Problem
It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.

### Solution
Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.

### Credits
Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue.

### References
* [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48641
published_at 2026-04-18T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48529
published_at 2026-04-01T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48564
published_at 2026-04-02T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.48587
published_at 2026-04-04T12:55:00Z
4
value 0.00253
scoring_system epss
scoring_elements 0.48539
published_at 2026-04-07T12:55:00Z
5
value 0.00253
scoring_system epss
scoring_elements 0.48593
published_at 2026-04-08T12:55:00Z
6
value 0.00253
scoring_system epss
scoring_elements 0.48589
published_at 2026-04-09T12:55:00Z
7
value 0.00253
scoring_system epss
scoring_elements 0.4861
published_at 2026-04-11T12:55:00Z
8
value 0.00253
scoring_system epss
scoring_elements 0.48584
published_at 2026-04-12T12:55:00Z
9
value 0.00253
scoring_system epss
scoring_elements 0.48596
published_at 2026-04-13T12:55:00Z
10
value 0.00253
scoring_system epss
scoring_elements 0.48646
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
5
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-001
7
reference_url https://github.com/advisories/GHSA-4jhw-2p6j-5wmp
reference_id GHSA-4jhw-2p6j-5wmp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4jhw-2p6j-5wmp
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.51
purl pkg:composer/typo3/cms-core@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n15v-ta9h-6ffb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.51
1
url pkg:composer/typo3/cms-core@8.7.40
purl pkg:composer/typo3/cms-core@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ekfd-wp8z-d7e1
1
vulnerability VCID-n15v-ta9h-6ffb
2
vulnerability VCID-s64f-x81f-b7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40
2
url pkg:composer/typo3/cms-core@9.5.25
purl pkg:composer/typo3/cms-core@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jpa-6fqh-hbfg
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-65ue-7jd9-23gf
4
vulnerability VCID-6a9t-8dmn-s3bv
5
vulnerability VCID-8d2m-1ffv-jqe1
6
vulnerability VCID-axvk-13qf-tka7
7
vulnerability VCID-b6er-h7dm-3bev
8
vulnerability VCID-bajy-qbwq-fufn
9
vulnerability VCID-e32h-8q61-hbgc
10
vulnerability VCID-ekfd-wp8z-d7e1
11
vulnerability VCID-g4uc-qeb6-myed
12
vulnerability VCID-gv1b-xtv4-4yg3
13
vulnerability VCID-h6y3-7gsq-skh2
14
vulnerability VCID-mnz3-rj21-67ad
15
vulnerability VCID-mud2-s4rc-fuf6
16
vulnerability VCID-n15v-ta9h-6ffb
17
vulnerability VCID-n7ng-zkkb-2qaz
18
vulnerability VCID-nubu-f1sc-gbes
19
vulnerability VCID-remd-55jh-r3g5
20
vulnerability VCID-s55j-8hbt-akhn
21
vulnerability VCID-s64f-x81f-b7ce
22
vulnerability VCID-t1n7-eswt-73gw
23
vulnerability VCID-taj6-zj2n-5kg8
24
vulnerability VCID-ve7g-8st5-wffb
25
vulnerability VCID-vyvy-y3cw-hbgr
26
vulnerability VCID-w13x-3rp9-wyej
27
vulnerability VCID-xy6y-312d-rygj
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zn99-ywte-33g6
31
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25
3
url pkg:composer/typo3/cms-core@10.4.14
purl pkg:composer/typo3/cms-core@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-6a9t-8dmn-s3bv
7
vulnerability VCID-8d2m-1ffv-jqe1
8
vulnerability VCID-8sdd-b1bn-cuhx
9
vulnerability VCID-av8u-rvzq-4fc7
10
vulnerability VCID-axvk-13qf-tka7
11
vulnerability VCID-b6er-h7dm-3bev
12
vulnerability VCID-bajy-qbwq-fufn
13
vulnerability VCID-e32h-8q61-hbgc
14
vulnerability VCID-ekfd-wp8z-d7e1
15
vulnerability VCID-g4uc-qeb6-myed
16
vulnerability VCID-gv1b-xtv4-4yg3
17
vulnerability VCID-gyyu-n3b1-zbcj
18
vulnerability VCID-h6y3-7gsq-skh2
19
vulnerability VCID-mnz3-rj21-67ad
20
vulnerability VCID-mud2-s4rc-fuf6
21
vulnerability VCID-n15v-ta9h-6ffb
22
vulnerability VCID-n7ng-zkkb-2qaz
23
vulnerability VCID-nubu-f1sc-gbes
24
vulnerability VCID-remd-55jh-r3g5
25
vulnerability VCID-s55j-8hbt-akhn
26
vulnerability VCID-s64f-x81f-b7ce
27
vulnerability VCID-t1n7-eswt-73gw
28
vulnerability VCID-taj6-zj2n-5kg8
29
vulnerability VCID-ve7g-8st5-wffb
30
vulnerability VCID-vwb2-a84s-5qak
31
vulnerability VCID-vyvy-y3cw-hbgr
32
vulnerability VCID-w13x-3rp9-wyej
33
vulnerability VCID-xy6y-312d-rygj
34
vulnerability VCID-y32z-2d3f-gkgw
35
vulnerability VCID-zdq2-dhb2-6kaq
36
vulnerability VCID-zn99-ywte-33g6
37
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14
4
url pkg:composer/typo3/cms-core@11.1.1
purl pkg:composer/typo3/cms-core@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-6a9t-8dmn-s3bv
7
vulnerability VCID-8d2m-1ffv-jqe1
8
vulnerability VCID-8sdd-b1bn-cuhx
9
vulnerability VCID-av8u-rvzq-4fc7
10
vulnerability VCID-axvk-13qf-tka7
11
vulnerability VCID-b6er-h7dm-3bev
12
vulnerability VCID-bajy-qbwq-fufn
13
vulnerability VCID-e32h-8q61-hbgc
14
vulnerability VCID-ekfd-wp8z-d7e1
15
vulnerability VCID-g4uc-qeb6-myed
16
vulnerability VCID-gv1b-xtv4-4yg3
17
vulnerability VCID-gyyu-n3b1-zbcj
18
vulnerability VCID-h6y3-7gsq-skh2
19
vulnerability VCID-mnz3-rj21-67ad
20
vulnerability VCID-mud2-s4rc-fuf6
21
vulnerability VCID-n15v-ta9h-6ffb
22
vulnerability VCID-n7ng-zkkb-2qaz
23
vulnerability VCID-nubu-f1sc-gbes
24
vulnerability VCID-remd-55jh-r3g5
25
vulnerability VCID-s55j-8hbt-akhn
26
vulnerability VCID-s64f-x81f-b7ce
27
vulnerability VCID-t1n7-eswt-73gw
28
vulnerability VCID-taj6-zj2n-5kg8
29
vulnerability VCID-uyeu-a3xr-fkh4
30
vulnerability VCID-ve7g-8st5-wffb
31
vulnerability VCID-vwb2-a84s-5qak
32
vulnerability VCID-vyvy-y3cw-hbgr
33
vulnerability VCID-w13x-3rp9-wyej
34
vulnerability VCID-xy6y-312d-rygj
35
vulnerability VCID-y32z-2d3f-gkgw
36
vulnerability VCID-zdq2-dhb2-6kaq
37
vulnerability VCID-zn99-ywte-33g6
38
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1
aliases CVE-2021-21338, GHSA-4jhw-2p6j-5wmp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jgb-dsyx-hyb4
3
url VCID-5paq-5frf-43ed
vulnerability_id VCID-5paq-5frf-43ed
summary 
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)

### Problem
It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.71682
published_at 2026-04-02T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.7173
published_at 2026-04-12T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.71747
published_at 2026-04-11T12:55:00Z
3
value 0.00687
scoring_system epss
scoring_elements 0.71723
published_at 2026-04-09T12:55:00Z
4
value 0.00687
scoring_system epss
scoring_elements 0.71712
published_at 2026-04-08T12:55:00Z
5
value 0.00687
scoring_system epss
scoring_elements 0.71673
published_at 2026-04-07T12:55:00Z
6
value 0.00687
scoring_system epss
scoring_elements 0.717
published_at 2026-04-04T12:55:00Z
7
value 0.00687
scoring_system epss
scoring_elements 0.71762
published_at 2026-04-18T12:55:00Z
8
value 0.00687
scoring_system epss
scoring_elements 0.71756
published_at 2026-04-16T12:55:00Z
9
value 0.00687
scoring_system epss
scoring_elements 0.71713
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
5
reference_url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-009
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-009
9
reference_url https://github.com/advisories/GHSA-9c6w-55cp-5w25
reference_id GHSA-9c6w-55cp-5w25
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c6w-55cp-5w25
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.58
purl pkg:composer/typo3/cms-core@7.6.58
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.58
1
url pkg:composer/typo3/cms-core@8.7.48
purl pkg:composer/typo3/cms-core@8.7.48
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.48
2
url pkg:composer/typo3/cms-core@9.5.37
purl pkg:composer/typo3/cms-core@9.5.37
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.37
3
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
4
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases CVE-2022-36107, GHSA-9c6w-55cp-5w25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5paq-5frf-43ed
4
url VCID-6xmj-wbea-r7ex
vulnerability_id VCID-6xmj-wbea-r7ex
summary 
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (*.youtube and *.vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-6.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-6.yaml
1
reference_url https://github.com/TYPO3-CMS/core/commit/9b2ecd2a402a76e17b78f78ed2ac9b7fff36d201
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/9b2ecd2a402a76e17b78f78ed2ac9b7fff36d201
2
reference_url https://github.com/TYPO3-CMS/core/commit/aa2dcb340bc7f2b815c8eee02cf54e100f82f3e7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/aa2dcb340bc7f2b815c8eee02cf54e100f82f3e7
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-011
4
reference_url https://github.com/advisories/GHSA-29m4-mx89-3mjg
reference_id GHSA-29m4-mx89-3mjg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29m4-mx89-3mjg
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases GHSA-29m4-mx89-3mjg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xmj-wbea-r7ex
5
url VCID-a563-vtwa-hkbr
vulnerability_id VCID-a563-vtwa-hkbr
summary 
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated users.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-5.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-5.yaml
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-010
3
reference_url https://github.com/advisories/GHSA-66c2-7g4p-wx4p
reference_id GHSA-66c2-7g4p-wx4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66c2-7g4p-wx4p
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases GHSA-66c2-7g4p-wx4p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a563-vtwa-hkbr
6
url VCID-ampc-h88c-afh2
vulnerability_id VCID-ampc-h88c-afh2
summary 
Information Exposure
Extbase in TYPO3 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5091
reference_id
reference_type
scores
0
value 0.02369
scoring_system epss
scoring_elements 0.84909
published_at 2026-04-04T12:55:00Z
1
value 0.02369
scoring_system epss
scoring_elements 0.84975
published_at 2026-04-18T12:55:00Z
2
value 0.02369
scoring_system epss
scoring_elements 0.84974
published_at 2026-04-16T12:55:00Z
3
value 0.02369
scoring_system epss
scoring_elements 0.84952
published_at 2026-04-13T12:55:00Z
4
value 0.02369
scoring_system epss
scoring_elements 0.84957
published_at 2026-04-12T12:55:00Z
5
value 0.02369
scoring_system epss
scoring_elements 0.84959
published_at 2026-04-11T12:55:00Z
6
value 0.02369
scoring_system epss
scoring_elements 0.84943
published_at 2026-04-09T12:55:00Z
7
value 0.02369
scoring_system epss
scoring_elements 0.84936
published_at 2026-04-08T12:55:00Z
8
value 0.02369
scoring_system epss
scoring_elements 0.84876
published_at 2026-04-01T12:55:00Z
9
value 0.02369
scoring_system epss
scoring_elements 0.84891
published_at 2026-04-02T12:55:00Z
10
value 0.02369
scoring_system epss
scoring_elements 0.84913
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5091
1
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013
2
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
3
reference_url http://www.openwall.com/lists/oss-security/2016/05/25/4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/25/4
4
reference_url http://www.openwall.com/lists/oss-security/2016/05/26/2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/26/2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5091
reference_id CVE-2016-5091
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-5091
6
reference_url https://github.com/advisories/GHSA-jxg5-35fj-ccwf
reference_id GHSA-jxg5-35fj-ccwf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jxg5-35fj-ccwf
fixed_packages
0
url pkg:composer/typo3/cms-core@7.0.1
purl pkg:composer/typo3/cms-core@7.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.0.1
1
url pkg:composer/typo3/cms-core@7.6.9
purl pkg:composer/typo3/cms-core@7.6.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.9
2
url pkg:composer/typo3/cms-core@8.1.2
purl pkg:composer/typo3/cms-core@8.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.1.2
aliases CVE-2016-5091, GHSA-jxg5-35fj-ccwf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ampc-h88c-afh2
7
url VCID-b6er-h7dm-3bev
vulnerability_id VCID-b6er-h7dm-3bev
summary 
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)

### Problem
Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://github.com/TYPO3/html-sanitizer).

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-011](https://typo3.org/security/advisory/typo3-core-sa-2022-011)
* [GHSA-47m6-46mj-p235](https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235)
references
0
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
1
reference_url https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
2
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
3
reference_url https://github.com/advisories/GHSA-gqqf-g5r7-84vf
reference_id GHSA-gqqf-g5r7-84vf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqqf-g5r7-84vf
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.58
purl pkg:composer/typo3/cms-core@7.6.58
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.58
1
url pkg:composer/typo3/cms-core@8.7.48
purl pkg:composer/typo3/cms-core@8.7.48
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.48
2
url pkg:composer/typo3/cms-core@9.5.37
purl pkg:composer/typo3/cms-core@9.5.37
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.37
3
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
4
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases GHSA-gqqf-g5r7-84vf, GMS-2022-4096
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6er-h7dm-3bev
8
url VCID-b81w-n2ne-z3ee
vulnerability_id VCID-b81w-n2ne-z3ee
summary 
TYPO3 Denial of Service in Frontend Record Registration
TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create  an arbitrary amount of individual session-data records in the database.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-7.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-7.yaml
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://github.com/TYPO3-CMS/core/commit/5a44f93e9233e8f72159f9a67db26ed4bd5a10e0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/5a44f93e9233e8f72159f9a67db26ed4bd5a10e0
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-012
4
reference_url https://github.com/advisories/GHSA-hjx5-v9xg-7h25
reference_id GHSA-hjx5-v9xg-7h25
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hjx5-v9xg-7h25
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
aliases GHSA-hjx5-v9xg-7h25
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b81w-n2ne-z3ee
9
url VCID-bajy-qbwq-fufn
vulnerability_id VCID-bajy-qbwq-fufn
summary 
Insertion of Sensitive Information into Log File in typo3/cms-core
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace.

### Solution
Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

### Credits
Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
reference_id
reference_type
scores
0
value 0.00391
scoring_system epss
scoring_elements 0.60107
published_at 2026-04-02T12:55:00Z
1
value 0.00391
scoring_system epss
scoring_elements 0.60201
published_at 2026-04-18T12:55:00Z
2
value 0.00391
scoring_system epss
scoring_elements 0.60194
published_at 2026-04-16T12:55:00Z
3
value 0.00391
scoring_system epss
scoring_elements 0.60155
published_at 2026-04-13T12:55:00Z
4
value 0.00391
scoring_system epss
scoring_elements 0.60173
published_at 2026-04-12T12:55:00Z
5
value 0.00391
scoring_system epss
scoring_elements 0.60187
published_at 2026-04-11T12:55:00Z
6
value 0.00391
scoring_system epss
scoring_elements 0.60165
published_at 2026-04-09T12:55:00Z
7
value 0.00391
scoring_system epss
scoring_elements 0.60151
published_at 2026-04-08T12:55:00Z
8
value 0.00391
scoring_system epss
scoring_elements 0.60101
published_at 2026-04-07T12:55:00Z
9
value 0.00391
scoring_system epss
scoring_elements 0.60132
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
2
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
3
reference_url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-002
7
reference_url https://github.com/advisories/GHSA-fh99-4pgr-8j99
reference_id GHSA-fh99-4pgr-8j99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh99-4pgr-8j99
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.57
purl pkg:composer/typo3/cms-core@7.6.57
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-b6er-h7dm-3bev
2
vulnerability VCID-mnz3-rj21-67ad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.57
1
url pkg:composer/typo3/cms-core@8.7.47
purl pkg:composer/typo3/cms-core@8.7.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-b6er-h7dm-3bev
2
vulnerability VCID-mnz3-rj21-67ad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.47
2
url pkg:composer/typo3/cms-core@9.5.35
purl pkg:composer/typo3/cms-core@9.5.35
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.35
3
url pkg:composer/typo3/cms-core@10.4.29
purl pkg:composer/typo3/cms-core@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4t9s-p25a-cfas
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-65ue-7jd9-23gf
5
vulnerability VCID-8d2m-1ffv-jqe1
6
vulnerability VCID-8sdd-b1bn-cuhx
7
vulnerability VCID-av8u-rvzq-4fc7
8
vulnerability VCID-axvk-13qf-tka7
9
vulnerability VCID-b6er-h7dm-3bev
10
vulnerability VCID-g4uc-qeb6-myed
11
vulnerability VCID-gv1b-xtv4-4yg3
12
vulnerability VCID-gyyu-n3b1-zbcj
13
vulnerability VCID-h6y3-7gsq-skh2
14
vulnerability VCID-mnz3-rj21-67ad
15
vulnerability VCID-mud2-s4rc-fuf6
16
vulnerability VCID-n7ng-zkkb-2qaz
17
vulnerability VCID-nubu-f1sc-gbes
18
vulnerability VCID-t1n7-eswt-73gw
19
vulnerability VCID-taj6-zj2n-5kg8
20
vulnerability VCID-ve7g-8st5-wffb
21
vulnerability VCID-vwb2-a84s-5qak
22
vulnerability VCID-vyvy-y3cw-hbgr
23
vulnerability VCID-w13x-3rp9-wyej
24
vulnerability VCID-xy6y-312d-rygj
25
vulnerability VCID-zdq2-dhb2-6kaq
26
vulnerability VCID-zn99-ywte-33g6
27
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29
4
url pkg:composer/typo3/cms-core@11.5.11
purl pkg:composer/typo3/cms-core@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4t9s-p25a-cfas
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-65ue-7jd9-23gf
5
vulnerability VCID-8d2m-1ffv-jqe1
6
vulnerability VCID-8sdd-b1bn-cuhx
7
vulnerability VCID-av8u-rvzq-4fc7
8
vulnerability VCID-axvk-13qf-tka7
9
vulnerability VCID-b6er-h7dm-3bev
10
vulnerability VCID-g4uc-qeb6-myed
11
vulnerability VCID-gv1b-xtv4-4yg3
12
vulnerability VCID-gyyu-n3b1-zbcj
13
vulnerability VCID-h6y3-7gsq-skh2
14
vulnerability VCID-mnz3-rj21-67ad
15
vulnerability VCID-mud2-s4rc-fuf6
16
vulnerability VCID-n7ng-zkkb-2qaz
17
vulnerability VCID-nubu-f1sc-gbes
18
vulnerability VCID-t1n7-eswt-73gw
19
vulnerability VCID-taj6-zj2n-5kg8
20
vulnerability VCID-tnxn-p13f-yuah
21
vulnerability VCID-ve7g-8st5-wffb
22
vulnerability VCID-vwb2-a84s-5qak
23
vulnerability VCID-vyvy-y3cw-hbgr
24
vulnerability VCID-w13x-3rp9-wyej
25
vulnerability VCID-xy6y-312d-rygj
26
vulnerability VCID-zdq2-dhb2-6kaq
27
vulnerability VCID-zn99-ywte-33g6
28
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11
aliases CVE-2022-31047, GHSA-fh99-4pgr-8j99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bajy-qbwq-fufn
10
url VCID-bnne-7p2q-eqd2
vulnerability_id VCID-bnne-7p2q-eqd2
summary 
Uncontrolled Resource Consumption
Denial of Service in Online Media Asset Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases 2018-12-11-6
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnne-7p2q-eqd2
11
url VCID-dm97-51uu-r7gw
vulnerability_id VCID-dm97-51uu-r7gw
summary 
Cross-site Scripting
Cross-Site Scripting in Online Media Asset Rendering.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases 2018-12-11-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dm97-51uu-r7gw
12
url VCID-dsu7-jjjq-f3e1
vulnerability_id VCID-dsu7-jjjq-f3e1
summary 
Cleartext storage of session identifier
### Problem
User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system.

### Solution
Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.

### Credits
Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32688
published_at 2026-04-18T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32671
published_at 2026-04-01T12:55:00Z
2
value 0.00132
scoring_system epss
scoring_elements 0.32804
published_at 2026-04-02T12:55:00Z
3
value 0.00132
scoring_system epss
scoring_elements 0.3284
published_at 2026-04-04T12:55:00Z
4
value 0.00132
scoring_system epss
scoring_elements 0.32661
published_at 2026-04-07T12:55:00Z
5
value 0.00132
scoring_system epss
scoring_elements 0.32709
published_at 2026-04-08T12:55:00Z
6
value 0.00132
scoring_system epss
scoring_elements 0.32735
published_at 2026-04-09T12:55:00Z
7
value 0.00132
scoring_system epss
scoring_elements 0.32736
published_at 2026-04-11T12:55:00Z
8
value 0.00132
scoring_system epss
scoring_elements 0.327
published_at 2026-04-12T12:55:00Z
9
value 0.00132
scoring_system epss
scoring_elements 0.32672
published_at 2026-04-13T12:55:00Z
10
value 0.00132
scoring_system epss
scoring_elements 0.32711
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
5
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-006
7
reference_url https://github.com/advisories/GHSA-qx3w-4864-94ch
reference_id GHSA-qx3w-4864-94ch
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qx3w-4864-94ch
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.51
purl pkg:composer/typo3/cms-core@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n15v-ta9h-6ffb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.51
1
url pkg:composer/typo3/cms-core@8.7.40
purl pkg:composer/typo3/cms-core@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ekfd-wp8z-d7e1
1
vulnerability VCID-n15v-ta9h-6ffb
2
vulnerability VCID-s64f-x81f-b7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40
2
url pkg:composer/typo3/cms-core@9.5.25
purl pkg:composer/typo3/cms-core@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jpa-6fqh-hbfg
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-65ue-7jd9-23gf
4
vulnerability VCID-6a9t-8dmn-s3bv
5
vulnerability VCID-8d2m-1ffv-jqe1
6
vulnerability VCID-axvk-13qf-tka7
7
vulnerability VCID-b6er-h7dm-3bev
8
vulnerability VCID-bajy-qbwq-fufn
9
vulnerability VCID-e32h-8q61-hbgc
10
vulnerability VCID-ekfd-wp8z-d7e1
11
vulnerability VCID-g4uc-qeb6-myed
12
vulnerability VCID-gv1b-xtv4-4yg3
13
vulnerability VCID-h6y3-7gsq-skh2
14
vulnerability VCID-mnz3-rj21-67ad
15
vulnerability VCID-mud2-s4rc-fuf6
16
vulnerability VCID-n15v-ta9h-6ffb
17
vulnerability VCID-n7ng-zkkb-2qaz
18
vulnerability VCID-nubu-f1sc-gbes
19
vulnerability VCID-remd-55jh-r3g5
20
vulnerability VCID-s55j-8hbt-akhn
21
vulnerability VCID-s64f-x81f-b7ce
22
vulnerability VCID-t1n7-eswt-73gw
23
vulnerability VCID-taj6-zj2n-5kg8
24
vulnerability VCID-ve7g-8st5-wffb
25
vulnerability VCID-vyvy-y3cw-hbgr
26
vulnerability VCID-w13x-3rp9-wyej
27
vulnerability VCID-xy6y-312d-rygj
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zn99-ywte-33g6
31
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25
3
url pkg:composer/typo3/cms-core@10.4.14
purl pkg:composer/typo3/cms-core@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-6a9t-8dmn-s3bv
7
vulnerability VCID-8d2m-1ffv-jqe1
8
vulnerability VCID-8sdd-b1bn-cuhx
9
vulnerability VCID-av8u-rvzq-4fc7
10
vulnerability VCID-axvk-13qf-tka7
11
vulnerability VCID-b6er-h7dm-3bev
12
vulnerability VCID-bajy-qbwq-fufn
13
vulnerability VCID-e32h-8q61-hbgc
14
vulnerability VCID-ekfd-wp8z-d7e1
15
vulnerability VCID-g4uc-qeb6-myed
16
vulnerability VCID-gv1b-xtv4-4yg3
17
vulnerability VCID-gyyu-n3b1-zbcj
18
vulnerability VCID-h6y3-7gsq-skh2
19
vulnerability VCID-mnz3-rj21-67ad
20
vulnerability VCID-mud2-s4rc-fuf6
21
vulnerability VCID-n15v-ta9h-6ffb
22
vulnerability VCID-n7ng-zkkb-2qaz
23
vulnerability VCID-nubu-f1sc-gbes
24
vulnerability VCID-remd-55jh-r3g5
25
vulnerability VCID-s55j-8hbt-akhn
26
vulnerability VCID-s64f-x81f-b7ce
27
vulnerability VCID-t1n7-eswt-73gw
28
vulnerability VCID-taj6-zj2n-5kg8
29
vulnerability VCID-ve7g-8st5-wffb
30
vulnerability VCID-vwb2-a84s-5qak
31
vulnerability VCID-vyvy-y3cw-hbgr
32
vulnerability VCID-w13x-3rp9-wyej
33
vulnerability VCID-xy6y-312d-rygj
34
vulnerability VCID-y32z-2d3f-gkgw
35
vulnerability VCID-zdq2-dhb2-6kaq
36
vulnerability VCID-zn99-ywte-33g6
37
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14
4
url pkg:composer/typo3/cms-core@11.1.1
purl pkg:composer/typo3/cms-core@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-6a9t-8dmn-s3bv
7
vulnerability VCID-8d2m-1ffv-jqe1
8
vulnerability VCID-8sdd-b1bn-cuhx
9
vulnerability VCID-av8u-rvzq-4fc7
10
vulnerability VCID-axvk-13qf-tka7
11
vulnerability VCID-b6er-h7dm-3bev
12
vulnerability VCID-bajy-qbwq-fufn
13
vulnerability VCID-e32h-8q61-hbgc
14
vulnerability VCID-ekfd-wp8z-d7e1
15
vulnerability VCID-g4uc-qeb6-myed
16
vulnerability VCID-gv1b-xtv4-4yg3
17
vulnerability VCID-gyyu-n3b1-zbcj
18
vulnerability VCID-h6y3-7gsq-skh2
19
vulnerability VCID-mnz3-rj21-67ad
20
vulnerability VCID-mud2-s4rc-fuf6
21
vulnerability VCID-n15v-ta9h-6ffb
22
vulnerability VCID-n7ng-zkkb-2qaz
23
vulnerability VCID-nubu-f1sc-gbes
24
vulnerability VCID-remd-55jh-r3g5
25
vulnerability VCID-s55j-8hbt-akhn
26
vulnerability VCID-s64f-x81f-b7ce
27
vulnerability VCID-t1n7-eswt-73gw
28
vulnerability VCID-taj6-zj2n-5kg8
29
vulnerability VCID-uyeu-a3xr-fkh4
30
vulnerability VCID-ve7g-8st5-wffb
31
vulnerability VCID-vwb2-a84s-5qak
32
vulnerability VCID-vyvy-y3cw-hbgr
33
vulnerability VCID-w13x-3rp9-wyej
34
vulnerability VCID-xy6y-312d-rygj
35
vulnerability VCID-y32z-2d3f-gkgw
36
vulnerability VCID-zdq2-dhb2-6kaq
37
vulnerability VCID-zn99-ywte-33g6
38
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1
aliases CVE-2021-21339, GHSA-qx3w-4864-94ch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsu7-jjjq-f3e1
13
url VCID-ebpa-58em-wqam
vulnerability_id VCID-ebpa-58em-wqam
summary 
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-07-12-2.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-07-12-2.yaml
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://github.com/TYPO3-CMS/core/commit/81c6e9e6e49ee4f924bd340fb007d271fa44aa16
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/81c6e9e6e49ee4f924bd340fb007d271fa44aa16
3
reference_url https://github.com/TYPO3-CMS/core/commit/854d03841b42123ab744c2591199b76ce65a8e45
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/854d03841b42123ab744c2591199b76ce65a8e45
4
reference_url https://github.com/TYPO3-CMS/core/commit/aa4e270d04313fe7d8ea508a9c694db83875e981
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/aa4e270d04313fe7d8ea508a9c694db83875e981
5
reference_url https://github.com/TYPO3-CMS/core/commit/dd0487bd8b4ec7204dbfff2b5812d797102a1778
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/dd0487bd8b4ec7204dbfff2b5812d797102a1778
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-002
7
reference_url https://github.com/advisories/GHSA-cc97-g92w-jm65
reference_id GHSA-cc97-g92w-jm65
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cc97-g92w-jm65
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.30
purl pkg:composer/typo3/cms-core@7.6.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.30
1
url pkg:composer/typo3/cms-core@8.7.17
purl pkg:composer/typo3/cms-core@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3gg5-1921-rbfs
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4btk-jt5n-2ugf
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-551q-gpyd-ffe8
8
vulnerability VCID-5jgb-dsyx-hyb4
9
vulnerability VCID-5mxm-88r9-hfey
10
vulnerability VCID-5paq-5frf-43ed
11
vulnerability VCID-5u4q-m66t-wqcj
12
vulnerability VCID-5z59-dn7p-xbc5
13
vulnerability VCID-6xmj-wbea-r7ex
14
vulnerability VCID-9g62-zd1x-3bdg
15
vulnerability VCID-9gpp-ez8w-rqav
16
vulnerability VCID-9x6r-56xm-n7h7
17
vulnerability VCID-9zqs-hjay-fkev
18
vulnerability VCID-a563-vtwa-hkbr
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-axvk-13qf-tka7
21
vulnerability VCID-b6er-h7dm-3bev
22
vulnerability VCID-b81w-n2ne-z3ee
23
vulnerability VCID-bajy-qbwq-fufn
24
vulnerability VCID-bnne-7p2q-eqd2
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-d99v-v9cj-zfh2
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dsu7-jjjq-f3e1
30
vulnerability VCID-e268-wagv-sbex
31
vulnerability VCID-eajg-ctpd-2bby
32
vulnerability VCID-ehzg-bzrd-kbcc
33
vulnerability VCID-ekfd-wp8z-d7e1
34
vulnerability VCID-f4bv-pzdy-dfcb
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-g4uc-qeb6-myed
37
vulnerability VCID-gcnj-6qb6-pbgz
38
vulnerability VCID-gv1b-xtv4-4yg3
39
vulnerability VCID-h6y3-7gsq-skh2
40
vulnerability VCID-he5m-6wj4-rbhc
41
vulnerability VCID-hhmn-yz5p-xkap
42
vulnerability VCID-j77k-hjgx-5kc5
43
vulnerability VCID-k8af-cg9k-87a9
44
vulnerability VCID-mh4f-vtfj-hbb1
45
vulnerability VCID-mnz3-rj21-67ad
46
vulnerability VCID-n15v-ta9h-6ffb
47
vulnerability VCID-n1cb-8py6-bbhu
48
vulnerability VCID-n78p-x7hh-gqcf
49
vulnerability VCID-n7ng-zkkb-2qaz
50
vulnerability VCID-pmzz-9rws-4ud5
51
vulnerability VCID-pss5-as4b-cyf2
52
vulnerability VCID-px44-19tj-h7aa
53
vulnerability VCID-q8hy-wjd9-nbgp
54
vulnerability VCID-qb4j-9tz7-m7a2
55
vulnerability VCID-rdrs-mhaw-b3ge
56
vulnerability VCID-rwqs-3ktq-qqbd
57
vulnerability VCID-s53a-f91p-huf4
58
vulnerability VCID-s55j-8hbt-akhn
59
vulnerability VCID-s64f-x81f-b7ce
60
vulnerability VCID-stzu-sxe6-5yf5
61
vulnerability VCID-swnc-ke6h-ekew
62
vulnerability VCID-t1n7-eswt-73gw
63
vulnerability VCID-t3jn-vwbx-u7cr
64
vulnerability VCID-taj6-zj2n-5kg8
65
vulnerability VCID-tnjd-pyys-akav
66
vulnerability VCID-tw1y-t4qj-j3d1
67
vulnerability VCID-vxry-uvph-kbfd
68
vulnerability VCID-vyvy-y3cw-hbgr
69
vulnerability VCID-wea9-egep-h7g5
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-y32z-2d3f-gkgw
73
vulnerability VCID-zdq2-dhb2-6kaq
74
vulnerability VCID-zkea-ge1t-z7gn
75
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17
2
url pkg:composer/typo3/cms-core@9.3.2
purl pkg:composer/typo3/cms-core@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3gg5-1921-rbfs
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-461j-9hrc-gfbc
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-4jpa-6fqh-hbfg
9
vulnerability VCID-4mkw-tv16-jyca
10
vulnerability VCID-4t9s-p25a-cfas
11
vulnerability VCID-543x-cnbz-1kb9
12
vulnerability VCID-551q-gpyd-ffe8
13
vulnerability VCID-58js-jzm4-4fc7
14
vulnerability VCID-5jgb-dsyx-hyb4
15
vulnerability VCID-5kzs-ex81-bbaj
16
vulnerability VCID-5paq-5frf-43ed
17
vulnerability VCID-5u4q-m66t-wqcj
18
vulnerability VCID-5z59-dn7p-xbc5
19
vulnerability VCID-65ue-7jd9-23gf
20
vulnerability VCID-6a9t-8dmn-s3bv
21
vulnerability VCID-6xmj-wbea-r7ex
22
vulnerability VCID-8d2m-1ffv-jqe1
23
vulnerability VCID-9g62-zd1x-3bdg
24
vulnerability VCID-9gpp-ez8w-rqav
25
vulnerability VCID-9x6r-56xm-n7h7
26
vulnerability VCID-9zqs-hjay-fkev
27
vulnerability VCID-a49c-fqrj-nbb3
28
vulnerability VCID-a563-vtwa-hkbr
29
vulnerability VCID-axaf-45kr-kbfe
30
vulnerability VCID-axvk-13qf-tka7
31
vulnerability VCID-b6er-h7dm-3bev
32
vulnerability VCID-bajy-qbwq-fufn
33
vulnerability VCID-bnne-7p2q-eqd2
34
vulnerability VCID-cm14-t8uv-k3es
35
vulnerability VCID-d8d1-sat6-muhe
36
vulnerability VCID-d99v-v9cj-zfh2
37
vulnerability VCID-dj88-f3p8-cfbn
38
vulnerability VCID-dm97-51uu-r7gw
39
vulnerability VCID-dmzb-gkdn-6bcm
40
vulnerability VCID-dsu7-jjjq-f3e1
41
vulnerability VCID-e268-wagv-sbex
42
vulnerability VCID-e32h-8q61-hbgc
43
vulnerability VCID-eajg-ctpd-2bby
44
vulnerability VCID-ekfd-wp8z-d7e1
45
vulnerability VCID-f4bv-pzdy-dfcb
46
vulnerability VCID-f963-qur3-2qb7
47
vulnerability VCID-g4uc-qeb6-myed
48
vulnerability VCID-gcnj-6qb6-pbgz
49
vulnerability VCID-gv1b-xtv4-4yg3
50
vulnerability VCID-h6y3-7gsq-skh2
51
vulnerability VCID-he5m-6wj4-rbhc
52
vulnerability VCID-hhmn-yz5p-xkap
53
vulnerability VCID-k8af-cg9k-87a9
54
vulnerability VCID-kj9x-psfz-2ug1
55
vulnerability VCID-mh4f-vtfj-hbb1
56
vulnerability VCID-mnz3-rj21-67ad
57
vulnerability VCID-mud2-s4rc-fuf6
58
vulnerability VCID-n15v-ta9h-6ffb
59
vulnerability VCID-n1cb-8py6-bbhu
60
vulnerability VCID-n78p-x7hh-gqcf
61
vulnerability VCID-n7ng-zkkb-2qaz
62
vulnerability VCID-nubu-f1sc-gbes
63
vulnerability VCID-nxq4-m52q-yuh4
64
vulnerability VCID-p715-yexd-jfgc
65
vulnerability VCID-phgh-sd4m-zbdx
66
vulnerability VCID-pmzz-9rws-4ud5
67
vulnerability VCID-pss5-as4b-cyf2
68
vulnerability VCID-px44-19tj-h7aa
69
vulnerability VCID-q8hy-wjd9-nbgp
70
vulnerability VCID-qb4j-9tz7-m7a2
71
vulnerability VCID-raxk-rm9v-hubn
72
vulnerability VCID-rdrs-mhaw-b3ge
73
vulnerability VCID-remd-55jh-r3g5
74
vulnerability VCID-rwqs-3ktq-qqbd
75
vulnerability VCID-s53a-f91p-huf4
76
vulnerability VCID-s55j-8hbt-akhn
77
vulnerability VCID-s64f-x81f-b7ce
78
vulnerability VCID-stzu-sxe6-5yf5
79
vulnerability VCID-sw7v-fbjk-13hy
80
vulnerability VCID-swnc-ke6h-ekew
81
vulnerability VCID-t1n7-eswt-73gw
82
vulnerability VCID-t3jn-vwbx-u7cr
83
vulnerability VCID-taj6-zj2n-5kg8
84
vulnerability VCID-tnjd-pyys-akav
85
vulnerability VCID-tw1y-t4qj-j3d1
86
vulnerability VCID-u9bx-8e86-wbew
87
vulnerability VCID-ve7g-8st5-wffb
88
vulnerability VCID-vxry-uvph-kbfd
89
vulnerability VCID-vyvy-y3cw-hbgr
90
vulnerability VCID-w13x-3rp9-wyej
91
vulnerability VCID-wea9-egep-h7g5
92
vulnerability VCID-xa4m-xpa9-v7h8
93
vulnerability VCID-xh7y-56vy-5ud8
94
vulnerability VCID-xtdg-uj46-rkcm
95
vulnerability VCID-xy6y-312d-rygj
96
vulnerability VCID-y32z-2d3f-gkgw
97
vulnerability VCID-yzx1-4psv-7bhr
98
vulnerability VCID-zdq2-dhb2-6kaq
99
vulnerability VCID-zkea-ge1t-z7gn
100
vulnerability VCID-zspb-bd6j-wyd2
101
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2
aliases GHSA-cc97-g92w-jm65
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebpa-58em-wqam
14
url VCID-ehzg-bzrd-kbcc
vulnerability_id VCID-ehzg-bzrd-kbcc
summary 
Uncontrolled Resource Consumption
Denial of Service in Frontend Record Registration.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.0.0
purl pkg:composer/typo3/cms-core@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12y5-7b81-wkfu
1
vulnerability VCID-21e8-x7mp-hugk
2
vulnerability VCID-28bf-jvah-zkhw
3
vulnerability VCID-2meq-x4kd-bbdn
4
vulnerability VCID-2mn6-mdmz-4yd9
5
vulnerability VCID-3gg5-1921-rbfs
6
vulnerability VCID-3n2r-awja-dug9
7
vulnerability VCID-3v4n-fzxa-bfaw
8
vulnerability VCID-461j-9hrc-gfbc
9
vulnerability VCID-4btk-jt5n-2ugf
10
vulnerability VCID-4hsv-y3rz-e3a2
11
vulnerability VCID-4jpa-6fqh-hbfg
12
vulnerability VCID-4mkw-tv16-jyca
13
vulnerability VCID-4t9s-p25a-cfas
14
vulnerability VCID-543x-cnbz-1kb9
15
vulnerability VCID-551q-gpyd-ffe8
16
vulnerability VCID-58js-jzm4-4fc7
17
vulnerability VCID-5jgb-dsyx-hyb4
18
vulnerability VCID-5kzs-ex81-bbaj
19
vulnerability VCID-5paq-5frf-43ed
20
vulnerability VCID-5u4q-m66t-wqcj
21
vulnerability VCID-5z59-dn7p-xbc5
22
vulnerability VCID-65ue-7jd9-23gf
23
vulnerability VCID-6a9t-8dmn-s3bv
24
vulnerability VCID-6xmj-wbea-r7ex
25
vulnerability VCID-7kjw-j8st-mqfr
26
vulnerability VCID-8d2m-1ffv-jqe1
27
vulnerability VCID-9g62-zd1x-3bdg
28
vulnerability VCID-9gpp-ez8w-rqav
29
vulnerability VCID-9jj4-ec9n-qbhs
30
vulnerability VCID-9x6r-56xm-n7h7
31
vulnerability VCID-9zqs-hjay-fkev
32
vulnerability VCID-a49c-fqrj-nbb3
33
vulnerability VCID-a563-vtwa-hkbr
34
vulnerability VCID-axaf-45kr-kbfe
35
vulnerability VCID-axvk-13qf-tka7
36
vulnerability VCID-ayw6-8pn4-17eb
37
vulnerability VCID-b6er-h7dm-3bev
38
vulnerability VCID-bajy-qbwq-fufn
39
vulnerability VCID-bnne-7p2q-eqd2
40
vulnerability VCID-cm14-t8uv-k3es
41
vulnerability VCID-d8d1-sat6-muhe
42
vulnerability VCID-d99v-v9cj-zfh2
43
vulnerability VCID-dj88-f3p8-cfbn
44
vulnerability VCID-dm97-51uu-r7gw
45
vulnerability VCID-dsu7-jjjq-f3e1
46
vulnerability VCID-e268-wagv-sbex
47
vulnerability VCID-e32h-8q61-hbgc
48
vulnerability VCID-eajg-ctpd-2bby
49
vulnerability VCID-ebpa-58em-wqam
50
vulnerability VCID-ekfd-wp8z-d7e1
51
vulnerability VCID-f1rq-qudk-zkf2
52
vulnerability VCID-f4bv-pzdy-dfcb
53
vulnerability VCID-f963-qur3-2qb7
54
vulnerability VCID-g4uc-qeb6-myed
55
vulnerability VCID-gcnj-6qb6-pbgz
56
vulnerability VCID-gv1b-xtv4-4yg3
57
vulnerability VCID-h6y3-7gsq-skh2
58
vulnerability VCID-he5m-6wj4-rbhc
59
vulnerability VCID-hhmn-yz5p-xkap
60
vulnerability VCID-k8af-cg9k-87a9
61
vulnerability VCID-kj9x-psfz-2ug1
62
vulnerability VCID-m7w6-b2xu-6uee
63
vulnerability VCID-mh4f-vtfj-hbb1
64
vulnerability VCID-mnz3-rj21-67ad
65
vulnerability VCID-mud2-s4rc-fuf6
66
vulnerability VCID-n15v-ta9h-6ffb
67
vulnerability VCID-n1cb-8py6-bbhu
68
vulnerability VCID-n78p-x7hh-gqcf
69
vulnerability VCID-n7ng-zkkb-2qaz
70
vulnerability VCID-nubu-f1sc-gbes
71
vulnerability VCID-nxq4-m52q-yuh4
72
vulnerability VCID-p715-yexd-jfgc
73
vulnerability VCID-phgh-sd4m-zbdx
74
vulnerability VCID-pmzz-9rws-4ud5
75
vulnerability VCID-pss5-as4b-cyf2
76
vulnerability VCID-px44-19tj-h7aa
77
vulnerability VCID-q8hy-wjd9-nbgp
78
vulnerability VCID-qb4j-9tz7-m7a2
79
vulnerability VCID-qeus-f4wj-rubr
80
vulnerability VCID-qzyk-7877-27a3
81
vulnerability VCID-raxk-rm9v-hubn
82
vulnerability VCID-rdrs-mhaw-b3ge
83
vulnerability VCID-remd-55jh-r3g5
84
vulnerability VCID-rwqs-3ktq-qqbd
85
vulnerability VCID-s53a-f91p-huf4
86
vulnerability VCID-s55j-8hbt-akhn
87
vulnerability VCID-s64f-x81f-b7ce
88
vulnerability VCID-sr3p-pdxy-4yhu
89
vulnerability VCID-stzu-sxe6-5yf5
90
vulnerability VCID-sw7v-fbjk-13hy
91
vulnerability VCID-swnc-ke6h-ekew
92
vulnerability VCID-t1n7-eswt-73gw
93
vulnerability VCID-t3jn-vwbx-u7cr
94
vulnerability VCID-taj6-zj2n-5kg8
95
vulnerability VCID-tnjd-pyys-akav
96
vulnerability VCID-tw1y-t4qj-j3d1
97
vulnerability VCID-u9bx-8e86-wbew
98
vulnerability VCID-ve7g-8st5-wffb
99
vulnerability VCID-vxry-uvph-kbfd
100
vulnerability VCID-vyvy-y3cw-hbgr
101
vulnerability VCID-w13x-3rp9-wyej
102
vulnerability VCID-wea9-egep-h7g5
103
vulnerability VCID-wkm6-cgc8-bfa8
104
vulnerability VCID-xa4m-xpa9-v7h8
105
vulnerability VCID-xh7y-56vy-5ud8
106
vulnerability VCID-xtdg-uj46-rkcm
107
vulnerability VCID-xy6y-312d-rygj
108
vulnerability VCID-y32z-2d3f-gkgw
109
vulnerability VCID-zdq2-dhb2-6kaq
110
vulnerability VCID-zkea-ge1t-z7gn
111
vulnerability VCID-zspb-bd6j-wyd2
112
vulnerability VCID-zw9b-6vkf-3fc6
113
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0
aliases 2018-12-11-7
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehzg-bzrd-kbcc
15
url VCID-mnz3-rj21-67ad
vulnerability_id VCID-mnz3-rj21-67ad
summary 
TYPO3 CMS vulnerable to User Enumeration via Response Timing
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts.

Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.51649
published_at 2026-04-02T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.51712
published_at 2026-04-12T12:55:00Z
2
value 0.00283
scoring_system epss
scoring_elements 0.51734
published_at 2026-04-11T12:55:00Z
3
value 0.00283
scoring_system epss
scoring_elements 0.51685
published_at 2026-04-09T12:55:00Z
4
value 0.00283
scoring_system epss
scoring_elements 0.51689
published_at 2026-04-08T12:55:00Z
5
value 0.00283
scoring_system epss
scoring_elements 0.51634
published_at 2026-04-07T12:55:00Z
6
value 0.00283
scoring_system epss
scoring_elements 0.51674
published_at 2026-04-04T12:55:00Z
7
value 0.00283
scoring_system epss
scoring_elements 0.51744
published_at 2026-04-18T12:55:00Z
8
value 0.00283
scoring_system epss
scoring_elements 0.51737
published_at 2026-04-16T12:55:00Z
9
value 0.00283
scoring_system epss
scoring_elements 0.51696
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
5
reference_url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-007
9
reference_url https://github.com/advisories/GHSA-m392-235j-9r7r
reference_id GHSA-m392-235j-9r7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m392-235j-9r7r
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.58
purl pkg:composer/typo3/cms-core@7.6.58
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.58
1
url pkg:composer/typo3/cms-core@8.7.48
purl pkg:composer/typo3/cms-core@8.7.48
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.48
2
url pkg:composer/typo3/cms-core@9.5.37
purl pkg:composer/typo3/cms-core@9.5.37
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.37
3
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
4
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases CVE-2022-36105, GHSA-m392-235j-9r7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnz3-rj21-67ad
16
url VCID-n15v-ta9h-6ffb
vulnerability_id VCID-n15v-ta9h-6ffb
summary 
Inclusion of Sensitive Information in Log Files
TYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.55519
published_at 2026-04-01T12:55:00Z
1
value 0.00327
scoring_system epss
scoring_elements 0.55701
published_at 2026-04-18T12:55:00Z
2
value 0.00327
scoring_system epss
scoring_elements 0.55697
published_at 2026-04-16T12:55:00Z
3
value 0.00327
scoring_system epss
scoring_elements 0.55658
published_at 2026-04-13T12:55:00Z
4
value 0.00327
scoring_system epss
scoring_elements 0.55676
published_at 2026-04-12T12:55:00Z
5
value 0.00327
scoring_system epss
scoring_elements 0.55696
published_at 2026-04-11T12:55:00Z
6
value 0.00327
scoring_system epss
scoring_elements 0.55687
published_at 2026-04-09T12:55:00Z
7
value 0.00327
scoring_system epss
scoring_elements 0.55684
published_at 2026-04-08T12:55:00Z
8
value 0.00327
scoring_system epss
scoring_elements 0.55632
published_at 2026-04-07T12:55:00Z
9
value 0.00327
scoring_system epss
scoring_elements 0.55654
published_at 2026-04-04T12:55:00Z
10
value 0.00327
scoring_system epss
scoring_elements 0.5563
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
5
reference_url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-012
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-012
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
reference_id CVE-2021-32767
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
10
reference_url https://github.com/advisories/GHSA-34fr-fhqr-7235
reference_id GHSA-34fr-fhqr-7235
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34fr-fhqr-7235
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.52
purl pkg:composer/typo3/cms-core@7.6.52
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y32z-2d3f-gkgw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.52
1
url pkg:composer/typo3/cms-core@8.7.41
purl pkg:composer/typo3/cms-core@8.7.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y32z-2d3f-gkgw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.41
2
url pkg:composer/typo3/cms-core@9.5.28
purl pkg:composer/typo3/cms-core@9.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jpa-6fqh-hbfg
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-65ue-7jd9-23gf
4
vulnerability VCID-8d2m-1ffv-jqe1
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-b6er-h7dm-3bev
7
vulnerability VCID-bajy-qbwq-fufn
8
vulnerability VCID-e32h-8q61-hbgc
9
vulnerability VCID-ekfd-wp8z-d7e1
10
vulnerability VCID-g4uc-qeb6-myed
11
vulnerability VCID-gv1b-xtv4-4yg3
12
vulnerability VCID-h6y3-7gsq-skh2
13
vulnerability VCID-mnz3-rj21-67ad
14
vulnerability VCID-mud2-s4rc-fuf6
15
vulnerability VCID-n7ng-zkkb-2qaz
16
vulnerability VCID-nubu-f1sc-gbes
17
vulnerability VCID-remd-55jh-r3g5
18
vulnerability VCID-s55j-8hbt-akhn
19
vulnerability VCID-s64f-x81f-b7ce
20
vulnerability VCID-t1n7-eswt-73gw
21
vulnerability VCID-taj6-zj2n-5kg8
22
vulnerability VCID-ve7g-8st5-wffb
23
vulnerability VCID-vyvy-y3cw-hbgr
24
vulnerability VCID-w13x-3rp9-wyej
25
vulnerability VCID-xy6y-312d-rygj
26
vulnerability VCID-y32z-2d3f-gkgw
27
vulnerability VCID-zdq2-dhb2-6kaq
28
vulnerability VCID-zn99-ywte-33g6
29
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.28
3
url pkg:composer/typo3/cms-core@10.4.18
purl pkg:composer/typo3/cms-core@10.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-8d2m-1ffv-jqe1
7
vulnerability VCID-8sdd-b1bn-cuhx
8
vulnerability VCID-av8u-rvzq-4fc7
9
vulnerability VCID-axvk-13qf-tka7
10
vulnerability VCID-b6er-h7dm-3bev
11
vulnerability VCID-bajy-qbwq-fufn
12
vulnerability VCID-e32h-8q61-hbgc
13
vulnerability VCID-g4uc-qeb6-myed
14
vulnerability VCID-gv1b-xtv4-4yg3
15
vulnerability VCID-gyyu-n3b1-zbcj
16
vulnerability VCID-h6y3-7gsq-skh2
17
vulnerability VCID-mnz3-rj21-67ad
18
vulnerability VCID-mud2-s4rc-fuf6
19
vulnerability VCID-n7ng-zkkb-2qaz
20
vulnerability VCID-nubu-f1sc-gbes
21
vulnerability VCID-remd-55jh-r3g5
22
vulnerability VCID-s55j-8hbt-akhn
23
vulnerability VCID-t1n7-eswt-73gw
24
vulnerability VCID-taj6-zj2n-5kg8
25
vulnerability VCID-ve7g-8st5-wffb
26
vulnerability VCID-vwb2-a84s-5qak
27
vulnerability VCID-vyvy-y3cw-hbgr
28
vulnerability VCID-w13x-3rp9-wyej
29
vulnerability VCID-xy6y-312d-rygj
30
vulnerability VCID-y32z-2d3f-gkgw
31
vulnerability VCID-zdq2-dhb2-6kaq
32
vulnerability VCID-zn99-ywte-33g6
33
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.18
4
url pkg:composer/typo3/cms-core@11.3.1
purl pkg:composer/typo3/cms-core@11.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-8d2m-1ffv-jqe1
7
vulnerability VCID-8sdd-b1bn-cuhx
8
vulnerability VCID-av8u-rvzq-4fc7
9
vulnerability VCID-axvk-13qf-tka7
10
vulnerability VCID-b6er-h7dm-3bev
11
vulnerability VCID-bajy-qbwq-fufn
12
vulnerability VCID-e32h-8q61-hbgc
13
vulnerability VCID-g4uc-qeb6-myed
14
vulnerability VCID-gv1b-xtv4-4yg3
15
vulnerability VCID-gyyu-n3b1-zbcj
16
vulnerability VCID-h6y3-7gsq-skh2
17
vulnerability VCID-jjbn-6efk-nud2
18
vulnerability VCID-mnz3-rj21-67ad
19
vulnerability VCID-mud2-s4rc-fuf6
20
vulnerability VCID-n7ng-zkkb-2qaz
21
vulnerability VCID-nubu-f1sc-gbes
22
vulnerability VCID-remd-55jh-r3g5
23
vulnerability VCID-s55j-8hbt-akhn
24
vulnerability VCID-t1n7-eswt-73gw
25
vulnerability VCID-taj6-zj2n-5kg8
26
vulnerability VCID-uyeu-a3xr-fkh4
27
vulnerability VCID-ve7g-8st5-wffb
28
vulnerability VCID-vwb2-a84s-5qak
29
vulnerability VCID-vyvy-y3cw-hbgr
30
vulnerability VCID-w13x-3rp9-wyej
31
vulnerability VCID-xy6y-312d-rygj
32
vulnerability VCID-y32z-2d3f-gkgw
33
vulnerability VCID-zdq2-dhb2-6kaq
34
vulnerability VCID-zn99-ywte-33g6
35
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.1
aliases CVE-2021-32767, GHSA-34fr-fhqr-7235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n15v-ta9h-6ffb
17
url VCID-n1cb-8py6-bbhu
vulnerability_id VCID-n1cb-8py6-bbhu
summary 
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-4.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-4.yaml
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-009
3
reference_url https://github.com/advisories/GHSA-ppvg-hw62-6ph9
reference_id GHSA-ppvg-hw62-6ph9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ppvg-hw62-6ph9
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases GHSA-ppvg-hw62-6ph9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1cb-8py6-bbhu
18
url VCID-n78p-x7hh-gqcf
vulnerability_id VCID-n78p-x7hh-gqcf
summary Information Disclosure in Install Tool.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases 2018-12-11-5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n78p-x7hh-gqcf
19
url VCID-rdrs-mhaw-b3ge
vulnerability_id VCID-rdrs-mhaw-b3ge
summary 
Cross-site Scripting
Cross-Site Scripting in Frontend User Login.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases 2018-12-11-3
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdrs-mhaw-b3ge
20
url VCID-re9h-ze98-rbhu
vulnerability_id VCID-re9h-ze98-rbhu
summary 
Typo3 Cross-Site Scripting in Flash component (ELTS)
TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8091
reference_id
reference_type
scores
0
value 0.20517
scoring_system epss
scoring_elements 0.95573
published_at 2026-04-18T12:55:00Z
1
value 0.20517
scoring_system epss
scoring_elements 0.95524
published_at 2026-04-01T12:55:00Z
2
value 0.20517
scoring_system epss
scoring_elements 0.95532
published_at 2026-04-02T12:55:00Z
3
value 0.20517
scoring_system epss
scoring_elements 0.95538
published_at 2026-04-04T12:55:00Z
4
value 0.20517
scoring_system epss
scoring_elements 0.95542
published_at 2026-04-07T12:55:00Z
5
value 0.20517
scoring_system epss
scoring_elements 0.95549
published_at 2026-04-08T12:55:00Z
6
value 0.20517
scoring_system epss
scoring_elements 0.95552
published_at 2026-04-09T12:55:00Z
7
value 0.20517
scoring_system epss
scoring_elements 0.95556
published_at 2026-04-11T12:55:00Z
8
value 0.20517
scoring_system epss
scoring_elements 0.95557
published_at 2026-04-12T12:55:00Z
9
value 0.20517
scoring_system epss
scoring_elements 0.95559
published_at 2026-04-13T12:55:00Z
10
value 0.20517
scoring_system epss
scoring_elements 0.95567
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8091
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst
3
reference_url https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8091
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8091
5
reference_url https://typo3.org/security/advisory/typo3-psa-2019-003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-psa-2019-003
6
reference_url https://typo3.org/security/advisory/typo3-psa-2019-003/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-psa-2019-003/
7
reference_url https://www.purplemet.com/blog/typo3-xss-vulnerability
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.purplemet.com/blog/typo3-xss-vulnerability
8
reference_url https://github.com/advisories/GHSA-qvhv-pwww-53jj
reference_id GHSA-qvhv-pwww-53jj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvhv-pwww-53jj
fixed_packages
0
url pkg:composer/typo3/cms-core@8.7.7
purl pkg:composer/typo3/cms-core@8.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12y5-7b81-wkfu
1
vulnerability VCID-21e8-x7mp-hugk
2
vulnerability VCID-28bf-jvah-zkhw
3
vulnerability VCID-2meq-x4kd-bbdn
4
vulnerability VCID-3gg5-1921-rbfs
5
vulnerability VCID-3n2r-awja-dug9
6
vulnerability VCID-3v4n-fzxa-bfaw
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-4jpa-6fqh-hbfg
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-5jgb-dsyx-hyb4
11
vulnerability VCID-5mxm-88r9-hfey
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5u4q-m66t-wqcj
14
vulnerability VCID-5z59-dn7p-xbc5
15
vulnerability VCID-6xmj-wbea-r7ex
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-9x6r-56xm-n7h7
20
vulnerability VCID-9zqs-hjay-fkev
21
vulnerability VCID-a563-vtwa-hkbr
22
vulnerability VCID-axaf-45kr-kbfe
23
vulnerability VCID-axvk-13qf-tka7
24
vulnerability VCID-ayw6-8pn4-17eb
25
vulnerability VCID-b6er-h7dm-3bev
26
vulnerability VCID-b81w-n2ne-z3ee
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-bnne-7p2q-eqd2
29
vulnerability VCID-cm14-t8uv-k3es
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dm97-51uu-r7gw
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e268-wagv-sbex
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ebpa-58em-wqam
37
vulnerability VCID-ehzg-bzrd-kbcc
38
vulnerability VCID-ekfd-wp8z-d7e1
39
vulnerability VCID-f4bv-pzdy-dfcb
40
vulnerability VCID-f963-qur3-2qb7
41
vulnerability VCID-g4uc-qeb6-myed
42
vulnerability VCID-gcnj-6qb6-pbgz
43
vulnerability VCID-gv1b-xtv4-4yg3
44
vulnerability VCID-h6y3-7gsq-skh2
45
vulnerability VCID-he5m-6wj4-rbhc
46
vulnerability VCID-hhmn-yz5p-xkap
47
vulnerability VCID-j77k-hjgx-5kc5
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-mh4f-vtfj-hbb1
50
vulnerability VCID-mnz3-rj21-67ad
51
vulnerability VCID-n15v-ta9h-6ffb
52
vulnerability VCID-n1cb-8py6-bbhu
53
vulnerability VCID-n78p-x7hh-gqcf
54
vulnerability VCID-n7ng-zkkb-2qaz
55
vulnerability VCID-pmzz-9rws-4ud5
56
vulnerability VCID-pss5-as4b-cyf2
57
vulnerability VCID-px44-19tj-h7aa
58
vulnerability VCID-q8hy-wjd9-nbgp
59
vulnerability VCID-qb4j-9tz7-m7a2
60
vulnerability VCID-rdrs-mhaw-b3ge
61
vulnerability VCID-rwqs-3ktq-qqbd
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-sr3p-pdxy-4yhu
66
vulnerability VCID-stzu-sxe6-5yf5
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-tw1y-t4qj-j3d1
73
vulnerability VCID-vxry-uvph-kbfd
74
vulnerability VCID-vyvy-y3cw-hbgr
75
vulnerability VCID-wea9-egep-h7g5
76
vulnerability VCID-wkm6-cgc8-bfa8
77
vulnerability VCID-xa4m-xpa9-v7h8
78
vulnerability VCID-xh7y-56vy-5ud8
79
vulnerability VCID-y32z-2d3f-gkgw
80
vulnerability VCID-zdq2-dhb2-6kaq
81
vulnerability VCID-zkea-ge1t-z7gn
82
vulnerability VCID-zspb-bd6j-wyd2
83
vulnerability VCID-zw9b-6vkf-3fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.7
aliases CVE-2020-8091, GHSA-qvhv-pwww-53jj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-re9h-ze98-rbhu
21
url VCID-s55j-8hbt-akhn
vulnerability_id VCID-s55j-8hbt-akhn
summary 
Information Disclosure via Export Module
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.0)

### Problem
The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have access.

### Solution
Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.

ℹ️  **Strong security defaults - Manual actions required**
Following User TSconfig setting would allow using the export functionality for particular users:
```
options.impexp.enableExportForNonAdminUser = 1
```

### Credits
Thanks to TYPO3 core merger Lina Wolf who reported this issue and to TYPO3 security member Torben Hansen  who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-001](https://typo3.org/security/advisory/typo3-core-sa-2022-001)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31046
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.35391
published_at 2026-04-08T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35437
published_at 2026-04-02T12:55:00Z
2
value 0.00148
scoring_system epss
scoring_elements 0.35387
published_at 2026-04-18T12:55:00Z
3
value 0.00148
scoring_system epss
scoring_elements 0.35398
published_at 2026-04-16T12:55:00Z
4
value 0.00148
scoring_system epss
scoring_elements 0.35359
published_at 2026-04-13T12:55:00Z
5
value 0.00148
scoring_system epss
scoring_elements 0.35381
published_at 2026-04-12T12:55:00Z
6
value 0.00148
scoring_system epss
scoring_elements 0.35417
published_at 2026-04-11T12:55:00Z
7
value 0.00148
scoring_system epss
scoring_elements 0.35416
published_at 2026-04-09T12:55:00Z
8
value 0.00148
scoring_system epss
scoring_elements 0.35461
published_at 2026-04-04T12:55:00Z
9
value 0.00148
scoring_system epss
scoring_elements 0.35345
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31046
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31046.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31046.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31046.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31046.yaml
3
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
4
reference_url https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/
url https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31046
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31046
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-001
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-001
8
reference_url https://github.com/advisories/GHSA-8gmv-9hwg-w89g
reference_id GHSA-8gmv-9hwg-w89g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8gmv-9hwg-w89g
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.57
purl pkg:composer/typo3/cms-core@7.6.57
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-b6er-h7dm-3bev
2
vulnerability VCID-mnz3-rj21-67ad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.57
1
url pkg:composer/typo3/cms-core@8.7.47
purl pkg:composer/typo3/cms-core@8.7.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-b6er-h7dm-3bev
2
vulnerability VCID-mnz3-rj21-67ad
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.47
2
url pkg:composer/typo3/cms-core@9.5.35
purl pkg:composer/typo3/cms-core@9.5.35
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.35
3
url pkg:composer/typo3/cms-core@10.4.29
purl pkg:composer/typo3/cms-core@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4t9s-p25a-cfas
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-65ue-7jd9-23gf
5
vulnerability VCID-8d2m-1ffv-jqe1
6
vulnerability VCID-8sdd-b1bn-cuhx
7
vulnerability VCID-av8u-rvzq-4fc7
8
vulnerability VCID-axvk-13qf-tka7
9
vulnerability VCID-b6er-h7dm-3bev
10
vulnerability VCID-g4uc-qeb6-myed
11
vulnerability VCID-gv1b-xtv4-4yg3
12
vulnerability VCID-gyyu-n3b1-zbcj
13
vulnerability VCID-h6y3-7gsq-skh2
14
vulnerability VCID-mnz3-rj21-67ad
15
vulnerability VCID-mud2-s4rc-fuf6
16
vulnerability VCID-n7ng-zkkb-2qaz
17
vulnerability VCID-nubu-f1sc-gbes
18
vulnerability VCID-t1n7-eswt-73gw
19
vulnerability VCID-taj6-zj2n-5kg8
20
vulnerability VCID-ve7g-8st5-wffb
21
vulnerability VCID-vwb2-a84s-5qak
22
vulnerability VCID-vyvy-y3cw-hbgr
23
vulnerability VCID-w13x-3rp9-wyej
24
vulnerability VCID-xy6y-312d-rygj
25
vulnerability VCID-zdq2-dhb2-6kaq
26
vulnerability VCID-zn99-ywte-33g6
27
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29
4
url pkg:composer/typo3/cms-core@11.5.11
purl pkg:composer/typo3/cms-core@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4t9s-p25a-cfas
3
vulnerability VCID-5paq-5frf-43ed
4
vulnerability VCID-65ue-7jd9-23gf
5
vulnerability VCID-8d2m-1ffv-jqe1
6
vulnerability VCID-8sdd-b1bn-cuhx
7
vulnerability VCID-av8u-rvzq-4fc7
8
vulnerability VCID-axvk-13qf-tka7
9
vulnerability VCID-b6er-h7dm-3bev
10
vulnerability VCID-g4uc-qeb6-myed
11
vulnerability VCID-gv1b-xtv4-4yg3
12
vulnerability VCID-gyyu-n3b1-zbcj
13
vulnerability VCID-h6y3-7gsq-skh2
14
vulnerability VCID-mnz3-rj21-67ad
15
vulnerability VCID-mud2-s4rc-fuf6
16
vulnerability VCID-n7ng-zkkb-2qaz
17
vulnerability VCID-nubu-f1sc-gbes
18
vulnerability VCID-t1n7-eswt-73gw
19
vulnerability VCID-taj6-zj2n-5kg8
20
vulnerability VCID-tnxn-p13f-yuah
21
vulnerability VCID-ve7g-8st5-wffb
22
vulnerability VCID-vwb2-a84s-5qak
23
vulnerability VCID-vyvy-y3cw-hbgr
24
vulnerability VCID-w13x-3rp9-wyej
25
vulnerability VCID-xy6y-312d-rygj
26
vulnerability VCID-zdq2-dhb2-6kaq
27
vulnerability VCID-zn99-ywte-33g6
28
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11
aliases CVE-2022-31046, GHSA-8gmv-9hwg-w89g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s55j-8hbt-akhn
22
url VCID-sr3p-pdxy-4yhu
vulnerability_id VCID-sr3p-pdxy-4yhu
summary Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.30
purl pkg:composer/typo3/cms-core@7.6.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.30
1
url pkg:composer/typo3/cms-core@8.7.17
purl pkg:composer/typo3/cms-core@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3gg5-1921-rbfs
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-4btk-jt5n-2ugf
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-551q-gpyd-ffe8
8
vulnerability VCID-5jgb-dsyx-hyb4
9
vulnerability VCID-5mxm-88r9-hfey
10
vulnerability VCID-5paq-5frf-43ed
11
vulnerability VCID-5u4q-m66t-wqcj
12
vulnerability VCID-5z59-dn7p-xbc5
13
vulnerability VCID-6xmj-wbea-r7ex
14
vulnerability VCID-9g62-zd1x-3bdg
15
vulnerability VCID-9gpp-ez8w-rqav
16
vulnerability VCID-9x6r-56xm-n7h7
17
vulnerability VCID-9zqs-hjay-fkev
18
vulnerability VCID-a563-vtwa-hkbr
19
vulnerability VCID-axaf-45kr-kbfe
20
vulnerability VCID-axvk-13qf-tka7
21
vulnerability VCID-b6er-h7dm-3bev
22
vulnerability VCID-b81w-n2ne-z3ee
23
vulnerability VCID-bajy-qbwq-fufn
24
vulnerability VCID-bnne-7p2q-eqd2
25
vulnerability VCID-cm14-t8uv-k3es
26
vulnerability VCID-d99v-v9cj-zfh2
27
vulnerability VCID-dj88-f3p8-cfbn
28
vulnerability VCID-dm97-51uu-r7gw
29
vulnerability VCID-dsu7-jjjq-f3e1
30
vulnerability VCID-e268-wagv-sbex
31
vulnerability VCID-eajg-ctpd-2bby
32
vulnerability VCID-ehzg-bzrd-kbcc
33
vulnerability VCID-ekfd-wp8z-d7e1
34
vulnerability VCID-f4bv-pzdy-dfcb
35
vulnerability VCID-f963-qur3-2qb7
36
vulnerability VCID-g4uc-qeb6-myed
37
vulnerability VCID-gcnj-6qb6-pbgz
38
vulnerability VCID-gv1b-xtv4-4yg3
39
vulnerability VCID-h6y3-7gsq-skh2
40
vulnerability VCID-he5m-6wj4-rbhc
41
vulnerability VCID-hhmn-yz5p-xkap
42
vulnerability VCID-j77k-hjgx-5kc5
43
vulnerability VCID-k8af-cg9k-87a9
44
vulnerability VCID-mh4f-vtfj-hbb1
45
vulnerability VCID-mnz3-rj21-67ad
46
vulnerability VCID-n15v-ta9h-6ffb
47
vulnerability VCID-n1cb-8py6-bbhu
48
vulnerability VCID-n78p-x7hh-gqcf
49
vulnerability VCID-n7ng-zkkb-2qaz
50
vulnerability VCID-pmzz-9rws-4ud5
51
vulnerability VCID-pss5-as4b-cyf2
52
vulnerability VCID-px44-19tj-h7aa
53
vulnerability VCID-q8hy-wjd9-nbgp
54
vulnerability VCID-qb4j-9tz7-m7a2
55
vulnerability VCID-rdrs-mhaw-b3ge
56
vulnerability VCID-rwqs-3ktq-qqbd
57
vulnerability VCID-s53a-f91p-huf4
58
vulnerability VCID-s55j-8hbt-akhn
59
vulnerability VCID-s64f-x81f-b7ce
60
vulnerability VCID-stzu-sxe6-5yf5
61
vulnerability VCID-swnc-ke6h-ekew
62
vulnerability VCID-t1n7-eswt-73gw
63
vulnerability VCID-t3jn-vwbx-u7cr
64
vulnerability VCID-taj6-zj2n-5kg8
65
vulnerability VCID-tnjd-pyys-akav
66
vulnerability VCID-tw1y-t4qj-j3d1
67
vulnerability VCID-vxry-uvph-kbfd
68
vulnerability VCID-vyvy-y3cw-hbgr
69
vulnerability VCID-wea9-egep-h7g5
70
vulnerability VCID-xa4m-xpa9-v7h8
71
vulnerability VCID-xh7y-56vy-5ud8
72
vulnerability VCID-y32z-2d3f-gkgw
73
vulnerability VCID-zdq2-dhb2-6kaq
74
vulnerability VCID-zkea-ge1t-z7gn
75
vulnerability VCID-zspb-bd6j-wyd2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17
2
url pkg:composer/typo3/cms-core@9.3.2
purl pkg:composer/typo3/cms-core@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3gg5-1921-rbfs
4
vulnerability VCID-3n2r-awja-dug9
5
vulnerability VCID-3v4n-fzxa-bfaw
6
vulnerability VCID-461j-9hrc-gfbc
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-4jpa-6fqh-hbfg
9
vulnerability VCID-4mkw-tv16-jyca
10
vulnerability VCID-4t9s-p25a-cfas
11
vulnerability VCID-543x-cnbz-1kb9
12
vulnerability VCID-551q-gpyd-ffe8
13
vulnerability VCID-58js-jzm4-4fc7
14
vulnerability VCID-5jgb-dsyx-hyb4
15
vulnerability VCID-5kzs-ex81-bbaj
16
vulnerability VCID-5paq-5frf-43ed
17
vulnerability VCID-5u4q-m66t-wqcj
18
vulnerability VCID-5z59-dn7p-xbc5
19
vulnerability VCID-65ue-7jd9-23gf
20
vulnerability VCID-6a9t-8dmn-s3bv
21
vulnerability VCID-6xmj-wbea-r7ex
22
vulnerability VCID-8d2m-1ffv-jqe1
23
vulnerability VCID-9g62-zd1x-3bdg
24
vulnerability VCID-9gpp-ez8w-rqav
25
vulnerability VCID-9x6r-56xm-n7h7
26
vulnerability VCID-9zqs-hjay-fkev
27
vulnerability VCID-a49c-fqrj-nbb3
28
vulnerability VCID-a563-vtwa-hkbr
29
vulnerability VCID-axaf-45kr-kbfe
30
vulnerability VCID-axvk-13qf-tka7
31
vulnerability VCID-b6er-h7dm-3bev
32
vulnerability VCID-bajy-qbwq-fufn
33
vulnerability VCID-bnne-7p2q-eqd2
34
vulnerability VCID-cm14-t8uv-k3es
35
vulnerability VCID-d8d1-sat6-muhe
36
vulnerability VCID-d99v-v9cj-zfh2
37
vulnerability VCID-dj88-f3p8-cfbn
38
vulnerability VCID-dm97-51uu-r7gw
39
vulnerability VCID-dmzb-gkdn-6bcm
40
vulnerability VCID-dsu7-jjjq-f3e1
41
vulnerability VCID-e268-wagv-sbex
42
vulnerability VCID-e32h-8q61-hbgc
43
vulnerability VCID-eajg-ctpd-2bby
44
vulnerability VCID-ekfd-wp8z-d7e1
45
vulnerability VCID-f4bv-pzdy-dfcb
46
vulnerability VCID-f963-qur3-2qb7
47
vulnerability VCID-g4uc-qeb6-myed
48
vulnerability VCID-gcnj-6qb6-pbgz
49
vulnerability VCID-gv1b-xtv4-4yg3
50
vulnerability VCID-h6y3-7gsq-skh2
51
vulnerability VCID-he5m-6wj4-rbhc
52
vulnerability VCID-hhmn-yz5p-xkap
53
vulnerability VCID-k8af-cg9k-87a9
54
vulnerability VCID-kj9x-psfz-2ug1
55
vulnerability VCID-mh4f-vtfj-hbb1
56
vulnerability VCID-mnz3-rj21-67ad
57
vulnerability VCID-mud2-s4rc-fuf6
58
vulnerability VCID-n15v-ta9h-6ffb
59
vulnerability VCID-n1cb-8py6-bbhu
60
vulnerability VCID-n78p-x7hh-gqcf
61
vulnerability VCID-n7ng-zkkb-2qaz
62
vulnerability VCID-nubu-f1sc-gbes
63
vulnerability VCID-nxq4-m52q-yuh4
64
vulnerability VCID-p715-yexd-jfgc
65
vulnerability VCID-phgh-sd4m-zbdx
66
vulnerability VCID-pmzz-9rws-4ud5
67
vulnerability VCID-pss5-as4b-cyf2
68
vulnerability VCID-px44-19tj-h7aa
69
vulnerability VCID-q8hy-wjd9-nbgp
70
vulnerability VCID-qb4j-9tz7-m7a2
71
vulnerability VCID-raxk-rm9v-hubn
72
vulnerability VCID-rdrs-mhaw-b3ge
73
vulnerability VCID-remd-55jh-r3g5
74
vulnerability VCID-rwqs-3ktq-qqbd
75
vulnerability VCID-s53a-f91p-huf4
76
vulnerability VCID-s55j-8hbt-akhn
77
vulnerability VCID-s64f-x81f-b7ce
78
vulnerability VCID-stzu-sxe6-5yf5
79
vulnerability VCID-sw7v-fbjk-13hy
80
vulnerability VCID-swnc-ke6h-ekew
81
vulnerability VCID-t1n7-eswt-73gw
82
vulnerability VCID-t3jn-vwbx-u7cr
83
vulnerability VCID-taj6-zj2n-5kg8
84
vulnerability VCID-tnjd-pyys-akav
85
vulnerability VCID-tw1y-t4qj-j3d1
86
vulnerability VCID-u9bx-8e86-wbew
87
vulnerability VCID-ve7g-8st5-wffb
88
vulnerability VCID-vxry-uvph-kbfd
89
vulnerability VCID-vyvy-y3cw-hbgr
90
vulnerability VCID-w13x-3rp9-wyej
91
vulnerability VCID-wea9-egep-h7g5
92
vulnerability VCID-xa4m-xpa9-v7h8
93
vulnerability VCID-xh7y-56vy-5ud8
94
vulnerability VCID-xtdg-uj46-rkcm
95
vulnerability VCID-xy6y-312d-rygj
96
vulnerability VCID-y32z-2d3f-gkgw
97
vulnerability VCID-yzx1-4psv-7bhr
98
vulnerability VCID-zdq2-dhb2-6kaq
99
vulnerability VCID-zkea-ge1t-z7gn
100
vulnerability VCID-zspb-bd6j-wyd2
101
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2
aliases 2018-07-12-2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sr3p-pdxy-4yhu
23
url VCID-t3jn-vwbx-u7cr
vulnerability_id VCID-t3jn-vwbx-u7cr
summary 
Cross-Site Scripting in Content Preview (CType menu)
### Problem
It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.

### Solution
Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.

### Credits
Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue.

### References
* [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.56917
published_at 2026-04-18T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.56779
published_at 2026-04-01T12:55:00Z
2
value 0.00342
scoring_system epss
scoring_elements 0.56873
published_at 2026-04-02T12:55:00Z
3
value 0.00342
scoring_system epss
scoring_elements 0.56895
published_at 2026-04-04T12:55:00Z
4
value 0.00342
scoring_system epss
scoring_elements 0.56871
published_at 2026-04-07T12:55:00Z
5
value 0.00342
scoring_system epss
scoring_elements 0.56922
published_at 2026-04-08T12:55:00Z
6
value 0.00342
scoring_system epss
scoring_elements 0.56926
published_at 2026-04-09T12:55:00Z
7
value 0.00342
scoring_system epss
scoring_elements 0.56935
published_at 2026-04-11T12:55:00Z
8
value 0.00342
scoring_system epss
scoring_elements 0.56914
published_at 2026-04-12T12:55:00Z
9
value 0.00342
scoring_system epss
scoring_elements 0.56891
published_at 2026-04-13T12:55:00Z
10
value 0.00342
scoring_system epss
scoring_elements 0.56921
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
5
reference_url https://packagist.org/packages/typo3/cms-backend
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-backend
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-008
7
reference_url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.51
purl pkg:composer/typo3/cms-core@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n15v-ta9h-6ffb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.51
1
url pkg:composer/typo3/cms-core@8.7.40
purl pkg:composer/typo3/cms-core@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ekfd-wp8z-d7e1
1
vulnerability VCID-n15v-ta9h-6ffb
2
vulnerability VCID-s64f-x81f-b7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40
2
url pkg:composer/typo3/cms-core@9.5.25
purl pkg:composer/typo3/cms-core@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jpa-6fqh-hbfg
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-65ue-7jd9-23gf
4
vulnerability VCID-6a9t-8dmn-s3bv
5
vulnerability VCID-8d2m-1ffv-jqe1
6
vulnerability VCID-axvk-13qf-tka7
7
vulnerability VCID-b6er-h7dm-3bev
8
vulnerability VCID-bajy-qbwq-fufn
9
vulnerability VCID-e32h-8q61-hbgc
10
vulnerability VCID-ekfd-wp8z-d7e1
11
vulnerability VCID-g4uc-qeb6-myed
12
vulnerability VCID-gv1b-xtv4-4yg3
13
vulnerability VCID-h6y3-7gsq-skh2
14
vulnerability VCID-mnz3-rj21-67ad
15
vulnerability VCID-mud2-s4rc-fuf6
16
vulnerability VCID-n15v-ta9h-6ffb
17
vulnerability VCID-n7ng-zkkb-2qaz
18
vulnerability VCID-nubu-f1sc-gbes
19
vulnerability VCID-remd-55jh-r3g5
20
vulnerability VCID-s55j-8hbt-akhn
21
vulnerability VCID-s64f-x81f-b7ce
22
vulnerability VCID-t1n7-eswt-73gw
23
vulnerability VCID-taj6-zj2n-5kg8
24
vulnerability VCID-ve7g-8st5-wffb
25
vulnerability VCID-vyvy-y3cw-hbgr
26
vulnerability VCID-w13x-3rp9-wyej
27
vulnerability VCID-xy6y-312d-rygj
28
vulnerability VCID-y32z-2d3f-gkgw
29
vulnerability VCID-zdq2-dhb2-6kaq
30
vulnerability VCID-zn99-ywte-33g6
31
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25
3
url pkg:composer/typo3/cms-core@10.4.14
purl pkg:composer/typo3/cms-core@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-6a9t-8dmn-s3bv
7
vulnerability VCID-8d2m-1ffv-jqe1
8
vulnerability VCID-8sdd-b1bn-cuhx
9
vulnerability VCID-av8u-rvzq-4fc7
10
vulnerability VCID-axvk-13qf-tka7
11
vulnerability VCID-b6er-h7dm-3bev
12
vulnerability VCID-bajy-qbwq-fufn
13
vulnerability VCID-e32h-8q61-hbgc
14
vulnerability VCID-ekfd-wp8z-d7e1
15
vulnerability VCID-g4uc-qeb6-myed
16
vulnerability VCID-gv1b-xtv4-4yg3
17
vulnerability VCID-gyyu-n3b1-zbcj
18
vulnerability VCID-h6y3-7gsq-skh2
19
vulnerability VCID-mnz3-rj21-67ad
20
vulnerability VCID-mud2-s4rc-fuf6
21
vulnerability VCID-n15v-ta9h-6ffb
22
vulnerability VCID-n7ng-zkkb-2qaz
23
vulnerability VCID-nubu-f1sc-gbes
24
vulnerability VCID-remd-55jh-r3g5
25
vulnerability VCID-s55j-8hbt-akhn
26
vulnerability VCID-s64f-x81f-b7ce
27
vulnerability VCID-t1n7-eswt-73gw
28
vulnerability VCID-taj6-zj2n-5kg8
29
vulnerability VCID-ve7g-8st5-wffb
30
vulnerability VCID-vwb2-a84s-5qak
31
vulnerability VCID-vyvy-y3cw-hbgr
32
vulnerability VCID-w13x-3rp9-wyej
33
vulnerability VCID-xy6y-312d-rygj
34
vulnerability VCID-y32z-2d3f-gkgw
35
vulnerability VCID-zdq2-dhb2-6kaq
36
vulnerability VCID-zn99-ywte-33g6
37
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14
4
url pkg:composer/typo3/cms-core@11.1.1
purl pkg:composer/typo3/cms-core@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-6a9t-8dmn-s3bv
7
vulnerability VCID-8d2m-1ffv-jqe1
8
vulnerability VCID-8sdd-b1bn-cuhx
9
vulnerability VCID-av8u-rvzq-4fc7
10
vulnerability VCID-axvk-13qf-tka7
11
vulnerability VCID-b6er-h7dm-3bev
12
vulnerability VCID-bajy-qbwq-fufn
13
vulnerability VCID-e32h-8q61-hbgc
14
vulnerability VCID-ekfd-wp8z-d7e1
15
vulnerability VCID-g4uc-qeb6-myed
16
vulnerability VCID-gv1b-xtv4-4yg3
17
vulnerability VCID-gyyu-n3b1-zbcj
18
vulnerability VCID-h6y3-7gsq-skh2
19
vulnerability VCID-mnz3-rj21-67ad
20
vulnerability VCID-mud2-s4rc-fuf6
21
vulnerability VCID-n15v-ta9h-6ffb
22
vulnerability VCID-n7ng-zkkb-2qaz
23
vulnerability VCID-nubu-f1sc-gbes
24
vulnerability VCID-remd-55jh-r3g5
25
vulnerability VCID-s55j-8hbt-akhn
26
vulnerability VCID-s64f-x81f-b7ce
27
vulnerability VCID-t1n7-eswt-73gw
28
vulnerability VCID-taj6-zj2n-5kg8
29
vulnerability VCID-uyeu-a3xr-fkh4
30
vulnerability VCID-ve7g-8st5-wffb
31
vulnerability VCID-vwb2-a84s-5qak
32
vulnerability VCID-vyvy-y3cw-hbgr
33
vulnerability VCID-w13x-3rp9-wyej
34
vulnerability VCID-xy6y-312d-rygj
35
vulnerability VCID-y32z-2d3f-gkgw
36
vulnerability VCID-zdq2-dhb2-6kaq
37
vulnerability VCID-zn99-ywte-33g6
38
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1
aliases CVE-2021-21370, GHSA-x7hc-x7fm-f7qh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t3jn-vwbx-u7cr
24
url VCID-tw1y-t4qj-j3d1
vulnerability_id VCID-tw1y-t4qj-j3d1
summary 
Cross-site Scripting
Cross-Site Scripting in Backend Modal Component.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases 2018-12-11-2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tw1y-t4qj-j3d1
25
url VCID-y32z-2d3f-gkgw
vulnerability_id VCID-y32z-2d3f-gkgw
summary 
Cross-site Scripting
TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.51812
published_at 2026-04-08T12:55:00Z
1
value 0.00284
scoring_system epss
scoring_elements 0.51874
published_at 2026-04-18T12:55:00Z
2
value 0.00284
scoring_system epss
scoring_elements 0.51867
published_at 2026-04-16T12:55:00Z
3
value 0.00284
scoring_system epss
scoring_elements 0.51825
published_at 2026-04-13T12:55:00Z
4
value 0.00284
scoring_system epss
scoring_elements 0.5184
published_at 2026-04-12T12:55:00Z
5
value 0.00284
scoring_system epss
scoring_elements 0.5186
published_at 2026-04-11T12:55:00Z
6
value 0.00284
scoring_system epss
scoring_elements 0.51771
published_at 2026-04-02T12:55:00Z
7
value 0.00284
scoring_system epss
scoring_elements 0.51797
published_at 2026-04-04T12:55:00Z
8
value 0.00284
scoring_system epss
scoring_elements 0.51757
published_at 2026-04-07T12:55:00Z
9
value 0.00284
scoring_system epss
scoring_elements 0.51722
published_at 2026-04-01T12:55:00Z
10
value 0.00284
scoring_system epss
scoring_elements 0.51809
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
reference_id CVE-2021-32768
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
7
reference_url https://github.com/advisories/GHSA-c5c9-8c6m-727v
reference_id GHSA-c5c9-8c6m-727v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5c9-8c6m-727v
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.53
purl pkg:composer/typo3/cms-core@7.6.53
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.53
1
url pkg:composer/typo3/cms-core@8.7.42
purl pkg:composer/typo3/cms-core@8.7.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.42
2
url pkg:composer/typo3/cms-core@9.5.29
purl pkg:composer/typo3/cms-core@9.5.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4jpa-6fqh-hbfg
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-65ue-7jd9-23gf
4
vulnerability VCID-8d2m-1ffv-jqe1
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-b6er-h7dm-3bev
7
vulnerability VCID-bajy-qbwq-fufn
8
vulnerability VCID-e32h-8q61-hbgc
9
vulnerability VCID-g4uc-qeb6-myed
10
vulnerability VCID-gv1b-xtv4-4yg3
11
vulnerability VCID-h6y3-7gsq-skh2
12
vulnerability VCID-mnz3-rj21-67ad
13
vulnerability VCID-mud2-s4rc-fuf6
14
vulnerability VCID-n7ng-zkkb-2qaz
15
vulnerability VCID-nubu-f1sc-gbes
16
vulnerability VCID-remd-55jh-r3g5
17
vulnerability VCID-s55j-8hbt-akhn
18
vulnerability VCID-t1n7-eswt-73gw
19
vulnerability VCID-taj6-zj2n-5kg8
20
vulnerability VCID-ve7g-8st5-wffb
21
vulnerability VCID-vyvy-y3cw-hbgr
22
vulnerability VCID-w13x-3rp9-wyej
23
vulnerability VCID-xy6y-312d-rygj
24
vulnerability VCID-zdq2-dhb2-6kaq
25
vulnerability VCID-zn99-ywte-33g6
26
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.29
3
url pkg:composer/typo3/cms-core@10.4.19
purl pkg:composer/typo3/cms-core@10.4.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-8d2m-1ffv-jqe1
7
vulnerability VCID-8sdd-b1bn-cuhx
8
vulnerability VCID-av8u-rvzq-4fc7
9
vulnerability VCID-axvk-13qf-tka7
10
vulnerability VCID-b6er-h7dm-3bev
11
vulnerability VCID-bajy-qbwq-fufn
12
vulnerability VCID-e32h-8q61-hbgc
13
vulnerability VCID-g4uc-qeb6-myed
14
vulnerability VCID-gv1b-xtv4-4yg3
15
vulnerability VCID-gyyu-n3b1-zbcj
16
vulnerability VCID-h6y3-7gsq-skh2
17
vulnerability VCID-mnz3-rj21-67ad
18
vulnerability VCID-mud2-s4rc-fuf6
19
vulnerability VCID-n7ng-zkkb-2qaz
20
vulnerability VCID-nubu-f1sc-gbes
21
vulnerability VCID-remd-55jh-r3g5
22
vulnerability VCID-s55j-8hbt-akhn
23
vulnerability VCID-t1n7-eswt-73gw
24
vulnerability VCID-taj6-zj2n-5kg8
25
vulnerability VCID-ve7g-8st5-wffb
26
vulnerability VCID-vwb2-a84s-5qak
27
vulnerability VCID-vyvy-y3cw-hbgr
28
vulnerability VCID-w13x-3rp9-wyej
29
vulnerability VCID-xy6y-312d-rygj
30
vulnerability VCID-zdq2-dhb2-6kaq
31
vulnerability VCID-zn99-ywte-33g6
32
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.19
4
url pkg:composer/typo3/cms-core@11.3.2
purl pkg:composer/typo3/cms-core@11.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-1yxw-saf5-wue7
2
vulnerability VCID-4jpa-6fqh-hbfg
3
vulnerability VCID-4t9s-p25a-cfas
4
vulnerability VCID-5paq-5frf-43ed
5
vulnerability VCID-65ue-7jd9-23gf
6
vulnerability VCID-8d2m-1ffv-jqe1
7
vulnerability VCID-8sdd-b1bn-cuhx
8
vulnerability VCID-av8u-rvzq-4fc7
9
vulnerability VCID-axvk-13qf-tka7
10
vulnerability VCID-b6er-h7dm-3bev
11
vulnerability VCID-bajy-qbwq-fufn
12
vulnerability VCID-e32h-8q61-hbgc
13
vulnerability VCID-g4uc-qeb6-myed
14
vulnerability VCID-gv1b-xtv4-4yg3
15
vulnerability VCID-gyyu-n3b1-zbcj
16
vulnerability VCID-h6y3-7gsq-skh2
17
vulnerability VCID-jjbn-6efk-nud2
18
vulnerability VCID-mnz3-rj21-67ad
19
vulnerability VCID-mud2-s4rc-fuf6
20
vulnerability VCID-n7ng-zkkb-2qaz
21
vulnerability VCID-nubu-f1sc-gbes
22
vulnerability VCID-remd-55jh-r3g5
23
vulnerability VCID-s55j-8hbt-akhn
24
vulnerability VCID-t1n7-eswt-73gw
25
vulnerability VCID-taj6-zj2n-5kg8
26
vulnerability VCID-uyeu-a3xr-fkh4
27
vulnerability VCID-ve7g-8st5-wffb
28
vulnerability VCID-vwb2-a84s-5qak
29
vulnerability VCID-vyvy-y3cw-hbgr
30
vulnerability VCID-w13x-3rp9-wyej
31
vulnerability VCID-xy6y-312d-rygj
32
vulnerability VCID-zdq2-dhb2-6kaq
33
vulnerability VCID-zn99-ywte-33g6
34
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.2
aliases CVE-2021-32768, GHSA-c5c9-8c6m-727v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y32z-2d3f-gkgw
26
url VCID-zspb-bd6j-wyd2
vulnerability_id VCID-zspb-bd6j-wyd2
summary Security Misconfiguration in Install Tool Cookie.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases 2018-12-11-4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zspb-bd6j-wyd2
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.0.0