Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms-core@7.1.0
Typecomposer
Namespacetypo3
Namecms-core
Version7.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.4.41
Latest_non_vulnerable_version14.0.2
Affected_by_vulnerabilities
0
url VCID-5z59-dn7p-xbc5
vulnerability_id VCID-5z59-dn7p-xbc5
summary 
TYPO3 Cross-Site Scripting in Backend Modal Component
Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-2.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-2.yaml
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://github.com/TYPO3-CMS/core/commit/3c1deac4db61ac1ac4231799beb1f49c28eb2b4d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/3c1deac4db61ac1ac4231799beb1f49c28eb2b4d
3
reference_url https://github.com/TYPO3-CMS/core/commit/983ecc4ea3a841aca7ff2bb1d2f0e0318c3646b3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/983ecc4ea3a841aca7ff2bb1d2f0e0318c3646b3
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-007
5
reference_url https://github.com/advisories/GHSA-g4c9-qfvw-fmr4
reference_id GHSA-g4c9-qfvw-fmr4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4c9-qfvw-fmr4
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases GHSA-g4c9-qfvw-fmr4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5z59-dn7p-xbc5
1
url VCID-ampc-h88c-afh2
vulnerability_id VCID-ampc-h88c-afh2
summary 
Information Exposure
Extbase in TYPO3 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5091
reference_id
reference_type
scores
0
value 0.02369
scoring_system epss
scoring_elements 0.84913
published_at 2026-04-07T12:55:00Z
1
value 0.02369
scoring_system epss
scoring_elements 0.84972
published_at 2026-04-21T12:55:00Z
2
value 0.02369
scoring_system epss
scoring_elements 0.84975
published_at 2026-04-18T12:55:00Z
3
value 0.02369
scoring_system epss
scoring_elements 0.84974
published_at 2026-04-16T12:55:00Z
4
value 0.02369
scoring_system epss
scoring_elements 0.84952
published_at 2026-04-13T12:55:00Z
5
value 0.02369
scoring_system epss
scoring_elements 0.84957
published_at 2026-04-12T12:55:00Z
6
value 0.02369
scoring_system epss
scoring_elements 0.84959
published_at 2026-04-11T12:55:00Z
7
value 0.02369
scoring_system epss
scoring_elements 0.84943
published_at 2026-04-09T12:55:00Z
8
value 0.02369
scoring_system epss
scoring_elements 0.84876
published_at 2026-04-01T12:55:00Z
9
value 0.02369
scoring_system epss
scoring_elements 0.84891
published_at 2026-04-02T12:55:00Z
10
value 0.02369
scoring_system epss
scoring_elements 0.84936
published_at 2026-04-08T12:55:00Z
11
value 0.02369
scoring_system epss
scoring_elements 0.84909
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5091
1
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013
2
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
3
reference_url http://www.openwall.com/lists/oss-security/2016/05/25/4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/25/4
4
reference_url http://www.openwall.com/lists/oss-security/2016/05/26/2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/26/2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5091
reference_id CVE-2016-5091
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-5091
6
reference_url https://github.com/advisories/GHSA-jxg5-35fj-ccwf
reference_id GHSA-jxg5-35fj-ccwf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jxg5-35fj-ccwf
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.9
purl pkg:composer/typo3/cms-core@7.6.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.9
1
url pkg:composer/typo3/cms-core@8.1.2
purl pkg:composer/typo3/cms-core@8.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.1.2
aliases CVE-2016-5091, GHSA-jxg5-35fj-ccwf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ampc-h88c-afh2
2
url VCID-re9h-ze98-rbhu
vulnerability_id VCID-re9h-ze98-rbhu
summary 
Typo3 Cross-Site Scripting in Flash component (ELTS)
TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8091
reference_id
reference_type
scores
0
value 0.20517
scoring_system epss
scoring_elements 0.95573
published_at 2026-04-21T12:55:00Z
1
value 0.20517
scoring_system epss
scoring_elements 0.95524
published_at 2026-04-01T12:55:00Z
2
value 0.20517
scoring_system epss
scoring_elements 0.95532
published_at 2026-04-02T12:55:00Z
3
value 0.20517
scoring_system epss
scoring_elements 0.95538
published_at 2026-04-04T12:55:00Z
4
value 0.20517
scoring_system epss
scoring_elements 0.95542
published_at 2026-04-07T12:55:00Z
5
value 0.20517
scoring_system epss
scoring_elements 0.95549
published_at 2026-04-08T12:55:00Z
6
value 0.20517
scoring_system epss
scoring_elements 0.95552
published_at 2026-04-09T12:55:00Z
7
value 0.20517
scoring_system epss
scoring_elements 0.95556
published_at 2026-04-11T12:55:00Z
8
value 0.20517
scoring_system epss
scoring_elements 0.95557
published_at 2026-04-12T12:55:00Z
9
value 0.20517
scoring_system epss
scoring_elements 0.95559
published_at 2026-04-13T12:55:00Z
10
value 0.20517
scoring_system epss
scoring_elements 0.95567
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8091
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst
3
reference_url https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8091
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8091
5
reference_url https://typo3.org/security/advisory/typo3-psa-2019-003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-psa-2019-003
6
reference_url https://typo3.org/security/advisory/typo3-psa-2019-003/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-psa-2019-003/
7
reference_url https://www.purplemet.com/blog/typo3-xss-vulnerability
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.purplemet.com/blog/typo3-xss-vulnerability
8
reference_url https://github.com/advisories/GHSA-qvhv-pwww-53jj
reference_id GHSA-qvhv-pwww-53jj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvhv-pwww-53jj
fixed_packages
0
url pkg:composer/typo3/cms-core@8.7.7
purl pkg:composer/typo3/cms-core@8.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12y5-7b81-wkfu
1
vulnerability VCID-21e8-x7mp-hugk
2
vulnerability VCID-28bf-jvah-zkhw
3
vulnerability VCID-2meq-x4kd-bbdn
4
vulnerability VCID-3gg5-1921-rbfs
5
vulnerability VCID-3n2r-awja-dug9
6
vulnerability VCID-3v4n-fzxa-bfaw
7
vulnerability VCID-4btk-jt5n-2ugf
8
vulnerability VCID-4jpa-6fqh-hbfg
9
vulnerability VCID-551q-gpyd-ffe8
10
vulnerability VCID-5jgb-dsyx-hyb4
11
vulnerability VCID-5mxm-88r9-hfey
12
vulnerability VCID-5paq-5frf-43ed
13
vulnerability VCID-5u4q-m66t-wqcj
14
vulnerability VCID-5z59-dn7p-xbc5
15
vulnerability VCID-6xmj-wbea-r7ex
16
vulnerability VCID-9g62-zd1x-3bdg
17
vulnerability VCID-9gpp-ez8w-rqav
18
vulnerability VCID-9jj4-ec9n-qbhs
19
vulnerability VCID-9x6r-56xm-n7h7
20
vulnerability VCID-9zqs-hjay-fkev
21
vulnerability VCID-a563-vtwa-hkbr
22
vulnerability VCID-axaf-45kr-kbfe
23
vulnerability VCID-axvk-13qf-tka7
24
vulnerability VCID-ayw6-8pn4-17eb
25
vulnerability VCID-b6er-h7dm-3bev
26
vulnerability VCID-b81w-n2ne-z3ee
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-bnne-7p2q-eqd2
29
vulnerability VCID-cm14-t8uv-k3es
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dm97-51uu-r7gw
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e268-wagv-sbex
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ebpa-58em-wqam
37
vulnerability VCID-ehzg-bzrd-kbcc
38
vulnerability VCID-ekfd-wp8z-d7e1
39
vulnerability VCID-f4bv-pzdy-dfcb
40
vulnerability VCID-f963-qur3-2qb7
41
vulnerability VCID-g4uc-qeb6-myed
42
vulnerability VCID-gcnj-6qb6-pbgz
43
vulnerability VCID-gv1b-xtv4-4yg3
44
vulnerability VCID-h6y3-7gsq-skh2
45
vulnerability VCID-he5m-6wj4-rbhc
46
vulnerability VCID-hhmn-yz5p-xkap
47
vulnerability VCID-j77k-hjgx-5kc5
48
vulnerability VCID-k8af-cg9k-87a9
49
vulnerability VCID-mh4f-vtfj-hbb1
50
vulnerability VCID-mnz3-rj21-67ad
51
vulnerability VCID-n15v-ta9h-6ffb
52
vulnerability VCID-n1cb-8py6-bbhu
53
vulnerability VCID-n78p-x7hh-gqcf
54
vulnerability VCID-n7ng-zkkb-2qaz
55
vulnerability VCID-pmzz-9rws-4ud5
56
vulnerability VCID-pss5-as4b-cyf2
57
vulnerability VCID-px44-19tj-h7aa
58
vulnerability VCID-q8hy-wjd9-nbgp
59
vulnerability VCID-qb4j-9tz7-m7a2
60
vulnerability VCID-rdrs-mhaw-b3ge
61
vulnerability VCID-rwqs-3ktq-qqbd
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-sr3p-pdxy-4yhu
66
vulnerability VCID-stzu-sxe6-5yf5
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-tw1y-t4qj-j3d1
73
vulnerability VCID-vxry-uvph-kbfd
74
vulnerability VCID-vyvy-y3cw-hbgr
75
vulnerability VCID-wea9-egep-h7g5
76
vulnerability VCID-wkm6-cgc8-bfa8
77
vulnerability VCID-xa4m-xpa9-v7h8
78
vulnerability VCID-xh7y-56vy-5ud8
79
vulnerability VCID-y32z-2d3f-gkgw
80
vulnerability VCID-zdq2-dhb2-6kaq
81
vulnerability VCID-zkea-ge1t-z7gn
82
vulnerability VCID-zspb-bd6j-wyd2
83
vulnerability VCID-zw9b-6vkf-3fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.7
aliases CVE-2020-8091, GHSA-qvhv-pwww-53jj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-re9h-ze98-rbhu
3
url VCID-rwqs-3ktq-qqbd
vulnerability_id VCID-rwqs-3ktq-qqbd
summary 
TYPO3 Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile.

Template patterns that are affected are

- ###FEUSER_[fieldName]### using system extension felogin
- <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-3.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-3.yaml
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-008
3
reference_url https://github.com/advisories/GHSA-8c25-vj2w-p72j
reference_id GHSA-8c25-vj2w-p72j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c25-vj2w-p72j
fixed_packages
0
url pkg:composer/typo3/cms-core@7.6.32
purl pkg:composer/typo3/cms-core@7.6.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32
1
url pkg:composer/typo3/cms-core@8.7.21
purl pkg:composer/typo3/cms-core@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-3n2r-awja-dug9
3
vulnerability VCID-3v4n-fzxa-bfaw
4
vulnerability VCID-4jpa-6fqh-hbfg
5
vulnerability VCID-551q-gpyd-ffe8
6
vulnerability VCID-5jgb-dsyx-hyb4
7
vulnerability VCID-5mxm-88r9-hfey
8
vulnerability VCID-5paq-5frf-43ed
9
vulnerability VCID-5u4q-m66t-wqcj
10
vulnerability VCID-9g62-zd1x-3bdg
11
vulnerability VCID-9gpp-ez8w-rqav
12
vulnerability VCID-9x6r-56xm-n7h7
13
vulnerability VCID-9zqs-hjay-fkev
14
vulnerability VCID-axaf-45kr-kbfe
15
vulnerability VCID-axvk-13qf-tka7
16
vulnerability VCID-b6er-h7dm-3bev
17
vulnerability VCID-bajy-qbwq-fufn
18
vulnerability VCID-cm14-t8uv-k3es
19
vulnerability VCID-d99v-v9cj-zfh2
20
vulnerability VCID-dj88-f3p8-cfbn
21
vulnerability VCID-dsu7-jjjq-f3e1
22
vulnerability VCID-eajg-ctpd-2bby
23
vulnerability VCID-ekfd-wp8z-d7e1
24
vulnerability VCID-f4bv-pzdy-dfcb
25
vulnerability VCID-f963-qur3-2qb7
26
vulnerability VCID-g4uc-qeb6-myed
27
vulnerability VCID-gcnj-6qb6-pbgz
28
vulnerability VCID-gv1b-xtv4-4yg3
29
vulnerability VCID-h6y3-7gsq-skh2
30
vulnerability VCID-he5m-6wj4-rbhc
31
vulnerability VCID-hhmn-yz5p-xkap
32
vulnerability VCID-j77k-hjgx-5kc5
33
vulnerability VCID-k8af-cg9k-87a9
34
vulnerability VCID-mh4f-vtfj-hbb1
35
vulnerability VCID-mnz3-rj21-67ad
36
vulnerability VCID-n15v-ta9h-6ffb
37
vulnerability VCID-n7ng-zkkb-2qaz
38
vulnerability VCID-pmzz-9rws-4ud5
39
vulnerability VCID-pss5-as4b-cyf2
40
vulnerability VCID-px44-19tj-h7aa
41
vulnerability VCID-q8hy-wjd9-nbgp
42
vulnerability VCID-s53a-f91p-huf4
43
vulnerability VCID-s55j-8hbt-akhn
44
vulnerability VCID-s64f-x81f-b7ce
45
vulnerability VCID-stzu-sxe6-5yf5
46
vulnerability VCID-swnc-ke6h-ekew
47
vulnerability VCID-t1n7-eswt-73gw
48
vulnerability VCID-t3jn-vwbx-u7cr
49
vulnerability VCID-taj6-zj2n-5kg8
50
vulnerability VCID-tnjd-pyys-akav
51
vulnerability VCID-vxry-uvph-kbfd
52
vulnerability VCID-vyvy-y3cw-hbgr
53
vulnerability VCID-wea9-egep-h7g5
54
vulnerability VCID-xa4m-xpa9-v7h8
55
vulnerability VCID-xh7y-56vy-5ud8
56
vulnerability VCID-y32z-2d3f-gkgw
57
vulnerability VCID-zdq2-dhb2-6kaq
58
vulnerability VCID-zkea-ge1t-z7gn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21
2
url pkg:composer/typo3/cms-core@9.5.2
purl pkg:composer/typo3/cms-core@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21e8-x7mp-hugk
1
vulnerability VCID-2meq-x4kd-bbdn
2
vulnerability VCID-2mn6-mdmz-4yd9
3
vulnerability VCID-3n2r-awja-dug9
4
vulnerability VCID-3v4n-fzxa-bfaw
5
vulnerability VCID-461j-9hrc-gfbc
6
vulnerability VCID-4jpa-6fqh-hbfg
7
vulnerability VCID-4mkw-tv16-jyca
8
vulnerability VCID-4t9s-p25a-cfas
9
vulnerability VCID-543x-cnbz-1kb9
10
vulnerability VCID-551q-gpyd-ffe8
11
vulnerability VCID-58js-jzm4-4fc7
12
vulnerability VCID-5jgb-dsyx-hyb4
13
vulnerability VCID-5kzs-ex81-bbaj
14
vulnerability VCID-5paq-5frf-43ed
15
vulnerability VCID-5u4q-m66t-wqcj
16
vulnerability VCID-65ue-7jd9-23gf
17
vulnerability VCID-6a9t-8dmn-s3bv
18
vulnerability VCID-8d2m-1ffv-jqe1
19
vulnerability VCID-9g62-zd1x-3bdg
20
vulnerability VCID-9gpp-ez8w-rqav
21
vulnerability VCID-9x6r-56xm-n7h7
22
vulnerability VCID-9zqs-hjay-fkev
23
vulnerability VCID-a49c-fqrj-nbb3
24
vulnerability VCID-axaf-45kr-kbfe
25
vulnerability VCID-axvk-13qf-tka7
26
vulnerability VCID-b6er-h7dm-3bev
27
vulnerability VCID-bajy-qbwq-fufn
28
vulnerability VCID-cm14-t8uv-k3es
29
vulnerability VCID-d8d1-sat6-muhe
30
vulnerability VCID-d99v-v9cj-zfh2
31
vulnerability VCID-dj88-f3p8-cfbn
32
vulnerability VCID-dmzb-gkdn-6bcm
33
vulnerability VCID-dsu7-jjjq-f3e1
34
vulnerability VCID-e32h-8q61-hbgc
35
vulnerability VCID-eajg-ctpd-2bby
36
vulnerability VCID-ekfd-wp8z-d7e1
37
vulnerability VCID-f4bv-pzdy-dfcb
38
vulnerability VCID-f963-qur3-2qb7
39
vulnerability VCID-g4uc-qeb6-myed
40
vulnerability VCID-gcnj-6qb6-pbgz
41
vulnerability VCID-gv1b-xtv4-4yg3
42
vulnerability VCID-h6y3-7gsq-skh2
43
vulnerability VCID-he5m-6wj4-rbhc
44
vulnerability VCID-hhmn-yz5p-xkap
45
vulnerability VCID-k8af-cg9k-87a9
46
vulnerability VCID-kj9x-psfz-2ug1
47
vulnerability VCID-mh4f-vtfj-hbb1
48
vulnerability VCID-mnz3-rj21-67ad
49
vulnerability VCID-mud2-s4rc-fuf6
50
vulnerability VCID-n15v-ta9h-6ffb
51
vulnerability VCID-n7ng-zkkb-2qaz
52
vulnerability VCID-nubu-f1sc-gbes
53
vulnerability VCID-nxq4-m52q-yuh4
54
vulnerability VCID-p715-yexd-jfgc
55
vulnerability VCID-phgh-sd4m-zbdx
56
vulnerability VCID-pmzz-9rws-4ud5
57
vulnerability VCID-pss5-as4b-cyf2
58
vulnerability VCID-px44-19tj-h7aa
59
vulnerability VCID-q8hy-wjd9-nbgp
60
vulnerability VCID-raxk-rm9v-hubn
61
vulnerability VCID-remd-55jh-r3g5
62
vulnerability VCID-s53a-f91p-huf4
63
vulnerability VCID-s55j-8hbt-akhn
64
vulnerability VCID-s64f-x81f-b7ce
65
vulnerability VCID-stzu-sxe6-5yf5
66
vulnerability VCID-sw7v-fbjk-13hy
67
vulnerability VCID-swnc-ke6h-ekew
68
vulnerability VCID-t1n7-eswt-73gw
69
vulnerability VCID-t3jn-vwbx-u7cr
70
vulnerability VCID-taj6-zj2n-5kg8
71
vulnerability VCID-tnjd-pyys-akav
72
vulnerability VCID-u9bx-8e86-wbew
73
vulnerability VCID-ve7g-8st5-wffb
74
vulnerability VCID-vxry-uvph-kbfd
75
vulnerability VCID-vyvy-y3cw-hbgr
76
vulnerability VCID-w13x-3rp9-wyej
77
vulnerability VCID-wea9-egep-h7g5
78
vulnerability VCID-xa4m-xpa9-v7h8
79
vulnerability VCID-xh7y-56vy-5ud8
80
vulnerability VCID-xtdg-uj46-rkcm
81
vulnerability VCID-xy6y-312d-rygj
82
vulnerability VCID-y32z-2d3f-gkgw
83
vulnerability VCID-yzx1-4psv-7bhr
84
vulnerability VCID-zdq2-dhb2-6kaq
85
vulnerability VCID-zkea-ge1t-z7gn
86
vulnerability VCID-zn99-ywte-33g6
87
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2
aliases GHSA-8c25-vj2w-p72j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwqs-3ktq-qqbd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.1.0