Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms@11.3.2
Typecomposer
Namespacetypo3
Namecms
Version11.3.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version11.5.23
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-1yxw-saf5-wue7
vulnerability_id VCID-1yxw-saf5-wue7
summary 
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)

### Problem
Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of `typo3/html-sanitizer`.

### Solution
Update to `typo3/html-sanitizer` versions 1.0.7 or 2.0.16 that fix the problem described.

### Credits
Thanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36020
reference_id
reference_type
scores
0
value 0.00318
scoring_system epss
scoring_elements 0.54875
published_at 2026-04-08T12:55:00Z
1
value 0.00318
scoring_system epss
scoring_elements 0.54883
published_at 2026-04-18T12:55:00Z
2
value 0.00318
scoring_system epss
scoring_elements 0.54881
published_at 2026-04-16T12:55:00Z
3
value 0.00318
scoring_system epss
scoring_elements 0.54843
published_at 2026-04-13T12:55:00Z
4
value 0.00318
scoring_system epss
scoring_elements 0.54867
published_at 2026-04-12T12:55:00Z
5
value 0.00318
scoring_system epss
scoring_elements 0.54884
published_at 2026-04-11T12:55:00Z
6
value 0.00318
scoring_system epss
scoring_elements 0.54872
published_at 2026-04-09T12:55:00Z
7
value 0.00318
scoring_system epss
scoring_elements 0.54832
published_at 2026-04-02T12:55:00Z
8
value 0.00318
scoring_system epss
scoring_elements 0.54856
published_at 2026-04-04T12:55:00Z
9
value 0.00318
scoring_system epss
scoring_elements 0.54825
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36020
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml
4
reference_url https://github.com/TYPO3/html-sanitizer
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer
5
reference_url https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
6
reference_url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36020
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36020
8
reference_url https://packagist.org/packages/masterminds/html5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://packagist.org/packages/masterminds/html5
9
reference_url https://packagist.org/packages/typo3/html-sanitizer
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://packagist.org/packages/typo3/html-sanitizer
10
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-011
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-011
11
reference_url https://github.com/advisories/GHSA-47m6-46mj-p235
reference_id GHSA-47m6-46mj-p235
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47m6-46mj-p235
fixed_packages
0
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sdd-b1bn-cuhx
1
vulnerability VCID-t1n7-eswt-73gw
2
vulnerability VCID-ve7g-8st5-wffb
3
vulnerability VCID-vyvy-y3cw-hbgr
4
vulnerability VCID-w13x-3rp9-wyej
5
vulnerability VCID-yj9g-uz1a-jkf2
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36020, GHSA-47m6-46mj-p235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1yxw-saf5-wue7
1
url VCID-4jpa-6fqh-hbfg
vulnerability_id VCID-4jpa-6fqh-hbfg
summary 
Cross-Site Scripting in TYPO3's Form Framework
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability.

### Solution
Update to TYPO3 versions 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

### Credits
Thanks to Gabe Troyan who reported and fixed the issue.

### References
* [TYPO3-CORE-SA-2022-003](https://typo3.org/security/advisory/typo3-core-sa-2022-003)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31048
reference_id
reference_type
scores
0
value 0.0063
scoring_system epss
scoring_elements 0.70274
published_at 2026-04-08T12:55:00Z
1
value 0.0063
scoring_system epss
scoring_elements 0.70337
published_at 2026-04-18T12:55:00Z
2
value 0.0063
scoring_system epss
scoring_elements 0.70327
published_at 2026-04-16T12:55:00Z
3
value 0.0063
scoring_system epss
scoring_elements 0.70286
published_at 2026-04-13T12:55:00Z
4
value 0.0063
scoring_system epss
scoring_elements 0.70299
published_at 2026-04-12T12:55:00Z
5
value 0.0063
scoring_system epss
scoring_elements 0.70313
published_at 2026-04-11T12:55:00Z
6
value 0.0063
scoring_system epss
scoring_elements 0.70289
published_at 2026-04-09T12:55:00Z
7
value 0.0063
scoring_system epss
scoring_elements 0.70234
published_at 2026-04-02T12:55:00Z
8
value 0.0063
scoring_system epss
scoring_elements 0.70251
published_at 2026-04-04T12:55:00Z
9
value 0.0063
scoring_system epss
scoring_elements 0.70228
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31048
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31048.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31048.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31048.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31048.yaml
3
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
4
reference_url https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:16Z/
url https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:16Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31048
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31048
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-003
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:16Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-003
8
reference_url https://github.com/advisories/GHSA-3r95-23jp-mhvg
reference_id GHSA-3r95-23jp-mhvg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3r95-23jp-mhvg
fixed_packages
0
url pkg:composer/typo3/cms@11.5.11
purl pkg:composer/typo3/cms@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-8sdd-b1bn-cuhx
3
vulnerability VCID-av8u-rvzq-4fc7
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-t1n7-eswt-73gw
6
vulnerability VCID-tnxn-p13f-yuah
7
vulnerability VCID-ve7g-8st5-wffb
8
vulnerability VCID-vwb2-a84s-5qak
9
vulnerability VCID-vyvy-y3cw-hbgr
10
vulnerability VCID-w13x-3rp9-wyej
11
vulnerability VCID-yj9g-uz1a-jkf2
12
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.11
aliases CVE-2022-31048, GHSA-3r95-23jp-mhvg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4jpa-6fqh-hbfg
2
url VCID-5paq-5frf-43ed
vulnerability_id VCID-5paq-5frf-43ed
summary 
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)

### Problem
It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.71682
published_at 2026-04-02T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.7173
published_at 2026-04-12T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.71747
published_at 2026-04-11T12:55:00Z
3
value 0.00687
scoring_system epss
scoring_elements 0.71723
published_at 2026-04-09T12:55:00Z
4
value 0.00687
scoring_system epss
scoring_elements 0.71712
published_at 2026-04-08T12:55:00Z
5
value 0.00687
scoring_system epss
scoring_elements 0.71673
published_at 2026-04-07T12:55:00Z
6
value 0.00687
scoring_system epss
scoring_elements 0.717
published_at 2026-04-04T12:55:00Z
7
value 0.00687
scoring_system epss
scoring_elements 0.71762
published_at 2026-04-18T12:55:00Z
8
value 0.00687
scoring_system epss
scoring_elements 0.71756
published_at 2026-04-16T12:55:00Z
9
value 0.00687
scoring_system epss
scoring_elements 0.71713
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
5
reference_url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-009
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-009
9
reference_url https://github.com/advisories/GHSA-9c6w-55cp-5w25
reference_id GHSA-9c6w-55cp-5w25
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c6w-55cp-5w25
fixed_packages
0
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sdd-b1bn-cuhx
1
vulnerability VCID-t1n7-eswt-73gw
2
vulnerability VCID-ve7g-8st5-wffb
3
vulnerability VCID-vyvy-y3cw-hbgr
4
vulnerability VCID-w13x-3rp9-wyej
5
vulnerability VCID-yj9g-uz1a-jkf2
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36107, GHSA-9c6w-55cp-5w25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5paq-5frf-43ed
3
url VCID-8sdd-b1bn-cuhx
vulnerability_id VCID-8sdd-b1bn-cuhx
summary 
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
### Problem
When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions.

### Solution
Update to TYPO3 versions 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

### References
* [TYPO3-CORE-SA-2022-014](https://typo3.org/security/advisory/typo3-core-sa-2022-014)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23502
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35816
published_at 2026-04-08T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35906
published_at 2026-04-02T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.3581
published_at 2026-04-18T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35822
published_at 2026-04-16T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35783
published_at 2026-04-13T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35806
published_at 2026-04-12T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35846
published_at 2026-04-11T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35839
published_at 2026-04-09T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35936
published_at 2026-04-04T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35766
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23502
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23502.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23502.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23502.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23502.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/d9ffbf24fcc62068033ebb3912538347bd380a6c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d9ffbf24fcc62068033ebb3912538347bd380a6c
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T18:47:27Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23502
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23502
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-014
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-014
8
reference_url https://github.com/advisories/GHSA-mgj2-q8wp-29rr
reference_id GHSA-mgj2-q8wp-29rr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mgj2-q8wp-29rr
fixed_packages
0
url pkg:composer/typo3/cms@11.5.20
purl pkg:composer/typo3/cms@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.20
1
url pkg:composer/typo3/cms@12.1.1
purl pkg:composer/typo3/cms@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@12.1.1
aliases CVE-2022-23502, GHSA-mgj2-q8wp-29rr, GMS-2022-8135
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sdd-b1bn-cuhx
4
url VCID-av8u-rvzq-4fc7
vulnerability_id VCID-av8u-rvzq-4fc7
summary 
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.1)

### Problem
It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. 

### Solution
Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to TYPO3 contributor member Frank Nägler who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-010](https://typo3.org/security/advisory/typo3-core-sa-2022-010)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36108
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.71682
published_at 2026-04-02T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.7173
published_at 2026-04-12T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.71747
published_at 2026-04-11T12:55:00Z
3
value 0.00687
scoring_system epss
scoring_elements 0.71723
published_at 2026-04-09T12:55:00Z
4
value 0.00687
scoring_system epss
scoring_elements 0.71712
published_at 2026-04-08T12:55:00Z
5
value 0.00687
scoring_system epss
scoring_elements 0.71673
published_at 2026-04-07T12:55:00Z
6
value 0.00687
scoring_system epss
scoring_elements 0.717
published_at 2026-04-04T12:55:00Z
7
value 0.00687
scoring_system epss
scoring_elements 0.71762
published_at 2026-04-18T12:55:00Z
8
value 0.00687
scoring_system epss
scoring_elements 0.71756
published_at 2026-04-16T12:55:00Z
9
value 0.00687
scoring_system epss
scoring_elements 0.71713
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36108
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36108.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36108.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36108.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36108.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4
5
reference_url https://github.com/TYPO3/typo3/commit/c62e16fac031c270d9759c7261e504c7e25405df
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c62e16fac031c270d9759c7261e504c7e25405df
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36108
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36108
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-010
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-010
9
reference_url https://github.com/advisories/GHSA-fv2m-9249-qx85
reference_id GHSA-fv2m-9249-qx85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fv2m-9249-qx85
fixed_packages
0
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sdd-b1bn-cuhx
1
vulnerability VCID-t1n7-eswt-73gw
2
vulnerability VCID-ve7g-8st5-wffb
3
vulnerability VCID-vyvy-y3cw-hbgr
4
vulnerability VCID-w13x-3rp9-wyej
5
vulnerability VCID-yj9g-uz1a-jkf2
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36108, GHSA-fv2m-9249-qx85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-av8u-rvzq-4fc7
5
url VCID-bajy-qbwq-fufn
vulnerability_id VCID-bajy-qbwq-fufn
summary 
Insertion of Sensitive Information into Log File in typo3/cms-core
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace.

### Solution
Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

### Credits
Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
reference_id
reference_type
scores
0
value 0.00391
scoring_system epss
scoring_elements 0.60107
published_at 2026-04-02T12:55:00Z
1
value 0.00391
scoring_system epss
scoring_elements 0.60201
published_at 2026-04-18T12:55:00Z
2
value 0.00391
scoring_system epss
scoring_elements 0.60194
published_at 2026-04-16T12:55:00Z
3
value 0.00391
scoring_system epss
scoring_elements 0.60155
published_at 2026-04-13T12:55:00Z
4
value 0.00391
scoring_system epss
scoring_elements 0.60173
published_at 2026-04-12T12:55:00Z
5
value 0.00391
scoring_system epss
scoring_elements 0.60187
published_at 2026-04-11T12:55:00Z
6
value 0.00391
scoring_system epss
scoring_elements 0.60165
published_at 2026-04-09T12:55:00Z
7
value 0.00391
scoring_system epss
scoring_elements 0.60151
published_at 2026-04-08T12:55:00Z
8
value 0.00391
scoring_system epss
scoring_elements 0.60101
published_at 2026-04-07T12:55:00Z
9
value 0.00391
scoring_system epss
scoring_elements 0.60132
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
2
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
3
reference_url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-002
7
reference_url https://github.com/advisories/GHSA-fh99-4pgr-8j99
reference_id GHSA-fh99-4pgr-8j99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh99-4pgr-8j99
fixed_packages
0
url pkg:composer/typo3/cms@11.5.11
purl pkg:composer/typo3/cms@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-8sdd-b1bn-cuhx
3
vulnerability VCID-av8u-rvzq-4fc7
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-t1n7-eswt-73gw
6
vulnerability VCID-tnxn-p13f-yuah
7
vulnerability VCID-ve7g-8st5-wffb
8
vulnerability VCID-vwb2-a84s-5qak
9
vulnerability VCID-vyvy-y3cw-hbgr
10
vulnerability VCID-w13x-3rp9-wyej
11
vulnerability VCID-yj9g-uz1a-jkf2
12
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.11
aliases CVE-2022-31047, GHSA-fh99-4pgr-8j99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bajy-qbwq-fufn
6
url VCID-e32h-8q61-hbgc
vulnerability_id VCID-e32h-8q61-hbgc
summary 
Cross-Site Scripting in TYPO3's Frontend Login Mailer
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
User submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages.

### Solution
Update to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

### Credits
Thanks to Christian Seifert who reported this issue and to TYPO3 framework merger Andreas Fernandez who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-004](https://typo3.org/security/advisory/typo3-core-sa-2022-004)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31049
reference_id
reference_type
scores
0
value 0.0063
scoring_system epss
scoring_elements 0.70274
published_at 2026-04-08T12:55:00Z
1
value 0.0063
scoring_system epss
scoring_elements 0.70234
published_at 2026-04-02T12:55:00Z
2
value 0.0063
scoring_system epss
scoring_elements 0.70337
published_at 2026-04-18T12:55:00Z
3
value 0.0063
scoring_system epss
scoring_elements 0.70327
published_at 2026-04-16T12:55:00Z
4
value 0.0063
scoring_system epss
scoring_elements 0.70286
published_at 2026-04-13T12:55:00Z
5
value 0.0063
scoring_system epss
scoring_elements 0.70299
published_at 2026-04-12T12:55:00Z
6
value 0.0063
scoring_system epss
scoring_elements 0.70313
published_at 2026-04-11T12:55:00Z
7
value 0.0063
scoring_system epss
scoring_elements 0.70289
published_at 2026-04-09T12:55:00Z
8
value 0.0063
scoring_system epss
scoring_elements 0.70251
published_at 2026-04-04T12:55:00Z
9
value 0.0063
scoring_system epss
scoring_elements 0.70228
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31049
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31049.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31049.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31049.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31049.yaml
3
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
4
reference_url https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:18Z/
url https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:18Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31049
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31049
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:18Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-004
8
reference_url https://github.com/advisories/GHSA-h4mx-xv96-2jgm
reference_id GHSA-h4mx-xv96-2jgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h4mx-xv96-2jgm
fixed_packages
0
url pkg:composer/typo3/cms@11.5.11
purl pkg:composer/typo3/cms@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-8sdd-b1bn-cuhx
3
vulnerability VCID-av8u-rvzq-4fc7
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-t1n7-eswt-73gw
6
vulnerability VCID-tnxn-p13f-yuah
7
vulnerability VCID-ve7g-8st5-wffb
8
vulnerability VCID-vwb2-a84s-5qak
9
vulnerability VCID-vyvy-y3cw-hbgr
10
vulnerability VCID-w13x-3rp9-wyej
11
vulnerability VCID-yj9g-uz1a-jkf2
12
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.11
aliases CVE-2022-31049, GHSA-h4mx-xv96-2jgm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e32h-8q61-hbgc
7
url VCID-jjbn-6efk-nud2
vulnerability_id VCID-jjbn-6efk-nud2
summary 
Cross-Site Request Forgery (CSRF)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41113
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.47627
published_at 2026-04-01T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47745
published_at 2026-04-18T12:55:00Z
2
value 0.00244
scoring_system epss
scoring_elements 0.47752
published_at 2026-04-16T12:55:00Z
3
value 0.00244
scoring_system epss
scoring_elements 0.47696
published_at 2026-04-13T12:55:00Z
4
value 0.00244
scoring_system epss
scoring_elements 0.47687
published_at 2026-04-12T12:55:00Z
5
value 0.00244
scoring_system epss
scoring_elements 0.4771
published_at 2026-04-11T12:55:00Z
6
value 0.00244
scoring_system epss
scoring_elements 0.4769
published_at 2026-04-08T12:55:00Z
7
value 0.00244
scoring_system epss
scoring_elements 0.47635
published_at 2026-04-07T12:55:00Z
8
value 0.00244
scoring_system epss
scoring_elements 0.47686
published_at 2026-04-09T12:55:00Z
9
value 0.00244
scoring_system epss
scoring_elements 0.47665
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41113
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-41113.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-41113.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-41113.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-41113.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fa51999203c5e5d913ecae5ea843ccb2b95fa33f
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-657m-v5vm-f6rw
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11069
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11069
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-006
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-006
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-014
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-014
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41113
reference_id CVE-2021-41113
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41113
10
reference_url https://github.com/advisories/GHSA-657m-v5vm-f6rw
reference_id GHSA-657m-v5vm-f6rw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-657m-v5vm-f6rw
fixed_packages
0
url pkg:composer/typo3/cms@11.5.0
purl pkg:composer/typo3/cms@11.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-8sdd-b1bn-cuhx
4
vulnerability VCID-av8u-rvzq-4fc7
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-e32h-8q61-hbgc
7
vulnerability VCID-mnz3-rj21-67ad
8
vulnerability VCID-remd-55jh-r3g5
9
vulnerability VCID-s55j-8hbt-akhn
10
vulnerability VCID-t1n7-eswt-73gw
11
vulnerability VCID-tnxn-p13f-yuah
12
vulnerability VCID-ve7g-8st5-wffb
13
vulnerability VCID-vwb2-a84s-5qak
14
vulnerability VCID-vyvy-y3cw-hbgr
15
vulnerability VCID-w13x-3rp9-wyej
16
vulnerability VCID-yj9g-uz1a-jkf2
17
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.0
aliases CVE-2021-41113, GHSA-657m-v5vm-f6rw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jjbn-6efk-nud2
8
url VCID-mnz3-rj21-67ad
vulnerability_id VCID-mnz3-rj21-67ad
summary 
TYPO3 CMS vulnerable to User Enumeration via Response Timing
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts.

Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.51649
published_at 2026-04-02T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.51712
published_at 2026-04-12T12:55:00Z
2
value 0.00283
scoring_system epss
scoring_elements 0.51734
published_at 2026-04-11T12:55:00Z
3
value 0.00283
scoring_system epss
scoring_elements 0.51685
published_at 2026-04-09T12:55:00Z
4
value 0.00283
scoring_system epss
scoring_elements 0.51689
published_at 2026-04-08T12:55:00Z
5
value 0.00283
scoring_system epss
scoring_elements 0.51634
published_at 2026-04-07T12:55:00Z
6
value 0.00283
scoring_system epss
scoring_elements 0.51674
published_at 2026-04-04T12:55:00Z
7
value 0.00283
scoring_system epss
scoring_elements 0.51744
published_at 2026-04-18T12:55:00Z
8
value 0.00283
scoring_system epss
scoring_elements 0.51737
published_at 2026-04-16T12:55:00Z
9
value 0.00283
scoring_system epss
scoring_elements 0.51696
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
5
reference_url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-007
9
reference_url https://github.com/advisories/GHSA-m392-235j-9r7r
reference_id GHSA-m392-235j-9r7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m392-235j-9r7r
fixed_packages
0
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sdd-b1bn-cuhx
1
vulnerability VCID-t1n7-eswt-73gw
2
vulnerability VCID-ve7g-8st5-wffb
3
vulnerability VCID-vyvy-y3cw-hbgr
4
vulnerability VCID-w13x-3rp9-wyej
5
vulnerability VCID-yj9g-uz1a-jkf2
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36105, GHSA-m392-235j-9r7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnz3-rj21-67ad
9
url VCID-remd-55jh-r3g5
vulnerability_id VCID-remd-55jh-r3g5
summary 
Insufficient Session Expiration in TYPO3's Admin Tool
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.6)

### Problem
Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit.

### Solution
Update to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

### Credits
Thanks to Kien Hoang who reported this issue and to TYPO3 framework merger Ralf Zimmermann and TYPO3 security member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-005](https://typo3.org/security/advisory/typo3-core-sa-2022-005)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31050
reference_id
reference_type
scores
0
value 0.00439
scoring_system epss
scoring_elements 0.63156
published_at 2026-04-08T12:55:00Z
1
value 0.00439
scoring_system epss
scoring_elements 0.63196
published_at 2026-04-18T12:55:00Z
2
value 0.00439
scoring_system epss
scoring_elements 0.63188
published_at 2026-04-16T12:55:00Z
3
value 0.00439
scoring_system epss
scoring_elements 0.63153
published_at 2026-04-13T12:55:00Z
4
value 0.00439
scoring_system epss
scoring_elements 0.63176
published_at 2026-04-12T12:55:00Z
5
value 0.00439
scoring_system epss
scoring_elements 0.63191
published_at 2026-04-11T12:55:00Z
6
value 0.00439
scoring_system epss
scoring_elements 0.63173
published_at 2026-04-09T12:55:00Z
7
value 0.00439
scoring_system epss
scoring_elements 0.6311
published_at 2026-04-02T12:55:00Z
8
value 0.00439
scoring_system epss
scoring_elements 0.6314
published_at 2026-04-04T12:55:00Z
9
value 0.00439
scoring_system epss
scoring_elements 0.63104
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31050
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31050.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31050.yaml
2
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
3
reference_url https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:13Z/
url https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:13Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31050
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31050
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-005
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:13Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-005
7
reference_url https://github.com/advisories/GHSA-wwjw-r3gj-39fq
reference_id GHSA-wwjw-r3gj-39fq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwjw-r3gj-39fq
fixed_packages
0
url pkg:composer/typo3/cms@11.5.11
purl pkg:composer/typo3/cms@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-8sdd-b1bn-cuhx
3
vulnerability VCID-av8u-rvzq-4fc7
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-t1n7-eswt-73gw
6
vulnerability VCID-tnxn-p13f-yuah
7
vulnerability VCID-ve7g-8st5-wffb
8
vulnerability VCID-vwb2-a84s-5qak
9
vulnerability VCID-vyvy-y3cw-hbgr
10
vulnerability VCID-w13x-3rp9-wyej
11
vulnerability VCID-yj9g-uz1a-jkf2
12
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.11
aliases CVE-2022-31050, GHSA-wwjw-r3gj-39fq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-remd-55jh-r3g5
10
url VCID-s55j-8hbt-akhn
vulnerability_id VCID-s55j-8hbt-akhn
summary 
Information Disclosure via Export Module
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.0)

### Problem
The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have access.

### Solution
Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.

ℹ️  **Strong security defaults - Manual actions required**
Following User TSconfig setting would allow using the export functionality for particular users:
```
options.impexp.enableExportForNonAdminUser = 1
```

### Credits
Thanks to TYPO3 core merger Lina Wolf who reported this issue and to TYPO3 security member Torben Hansen  who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-001](https://typo3.org/security/advisory/typo3-core-sa-2022-001)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31046
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.35391
published_at 2026-04-08T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35437
published_at 2026-04-02T12:55:00Z
2
value 0.00148
scoring_system epss
scoring_elements 0.35387
published_at 2026-04-18T12:55:00Z
3
value 0.00148
scoring_system epss
scoring_elements 0.35398
published_at 2026-04-16T12:55:00Z
4
value 0.00148
scoring_system epss
scoring_elements 0.35359
published_at 2026-04-13T12:55:00Z
5
value 0.00148
scoring_system epss
scoring_elements 0.35381
published_at 2026-04-12T12:55:00Z
6
value 0.00148
scoring_system epss
scoring_elements 0.35417
published_at 2026-04-11T12:55:00Z
7
value 0.00148
scoring_system epss
scoring_elements 0.35416
published_at 2026-04-09T12:55:00Z
8
value 0.00148
scoring_system epss
scoring_elements 0.35461
published_at 2026-04-04T12:55:00Z
9
value 0.00148
scoring_system epss
scoring_elements 0.35345
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31046
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31046.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31046.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31046.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31046.yaml
3
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
4
reference_url https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/
url https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31046
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31046
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-001
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-001
8
reference_url https://github.com/advisories/GHSA-8gmv-9hwg-w89g
reference_id GHSA-8gmv-9hwg-w89g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8gmv-9hwg-w89g
fixed_packages
0
url pkg:composer/typo3/cms@11.5.11
purl pkg:composer/typo3/cms@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-5paq-5frf-43ed
2
vulnerability VCID-8sdd-b1bn-cuhx
3
vulnerability VCID-av8u-rvzq-4fc7
4
vulnerability VCID-mnz3-rj21-67ad
5
vulnerability VCID-t1n7-eswt-73gw
6
vulnerability VCID-tnxn-p13f-yuah
7
vulnerability VCID-ve7g-8st5-wffb
8
vulnerability VCID-vwb2-a84s-5qak
9
vulnerability VCID-vyvy-y3cw-hbgr
10
vulnerability VCID-w13x-3rp9-wyej
11
vulnerability VCID-yj9g-uz1a-jkf2
12
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.11
aliases CVE-2022-31046, GHSA-8gmv-9hwg-w89g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s55j-8hbt-akhn
11
url VCID-t1n7-eswt-73gw
vulnerability_id VCID-t1n7-eswt-73gw
summary 
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
### Problem
Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it was possible to inject code instructions to be processed and executed via TypoScript as PHP code.

The existence of individual TypoScript instructions for a particular form item (known as [`formDefinitionOverrides`](https://docs.typo3.org/c/typo3/cms-form/main/en-us/I/Concepts/FrontendRendering/Index.html#form-element-properties)) and a valid backend user account with access to the form module are needed to exploit this vulnerability.

### Solution
Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

### References
* [TYPO3-CORE-SA-2022-015](https://typo3.org/security/advisory/typo3-core-sa-2022-015)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23503
reference_id
reference_type
scores
0
value 0.00517
scoring_system epss
scoring_elements 0.66719
published_at 2026-04-08T12:55:00Z
1
value 0.00517
scoring_system epss
scoring_elements 0.66759
published_at 2026-04-18T12:55:00Z
2
value 0.00517
scoring_system epss
scoring_elements 0.66745
published_at 2026-04-16T12:55:00Z
3
value 0.00517
scoring_system epss
scoring_elements 0.66711
published_at 2026-04-13T12:55:00Z
4
value 0.00517
scoring_system epss
scoring_elements 0.6674
published_at 2026-04-12T12:55:00Z
5
value 0.00517
scoring_system epss
scoring_elements 0.66754
published_at 2026-04-11T12:55:00Z
6
value 0.00517
scoring_system epss
scoring_elements 0.66734
published_at 2026-04-09T12:55:00Z
7
value 0.00517
scoring_system epss
scoring_elements 0.66671
published_at 2026-04-02T12:55:00Z
8
value 0.00517
scoring_system epss
scoring_elements 0.66697
published_at 2026-04-04T12:55:00Z
9
value 0.00517
scoring_system epss
scoring_elements 0.6667
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23503
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23503.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23503.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/1302e88565821f2159e08b5d818d28de17ecc830
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/1302e88565821f2159e08b5d818d28de17ecc830
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-18T18:23:57Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23503
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23503
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-015
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-015
8
reference_url https://github.com/advisories/GHSA-c5wx-6c2c-f7rm
reference_id GHSA-c5wx-6c2c-f7rm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5wx-6c2c-f7rm
fixed_packages
0
url pkg:composer/typo3/cms@11.5.20
purl pkg:composer/typo3/cms@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.20
1
url pkg:composer/typo3/cms@12.1.1
purl pkg:composer/typo3/cms@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@12.1.1
aliases CVE-2022-23503, GHSA-c5wx-6c2c-f7rm, GMS-2022-8132
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1n7-eswt-73gw
12
url VCID-uyeu-a3xr-fkh4
vulnerability_id VCID-uyeu-a3xr-fkh4
summary 
Improper Input Validation
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41114
reference_id
reference_type
scores
0
value 0.00289
scoring_system epss
scoring_elements 0.52246
published_at 2026-04-01T12:55:00Z
1
value 0.00289
scoring_system epss
scoring_elements 0.52391
published_at 2026-04-18T12:55:00Z
2
value 0.00289
scoring_system epss
scoring_elements 0.52386
published_at 2026-04-16T12:55:00Z
3
value 0.00289
scoring_system epss
scoring_elements 0.52348
published_at 2026-04-13T12:55:00Z
4
value 0.00289
scoring_system epss
scoring_elements 0.52362
published_at 2026-04-12T12:55:00Z
5
value 0.00289
scoring_system epss
scoring_elements 0.52377
published_at 2026-04-11T12:55:00Z
6
value 0.00289
scoring_system epss
scoring_elements 0.52328
published_at 2026-04-09T12:55:00Z
7
value 0.00289
scoring_system epss
scoring_elements 0.52333
published_at 2026-04-08T12:55:00Z
8
value 0.00289
scoring_system epss
scoring_elements 0.5228
published_at 2026-04-07T12:55:00Z
9
value 0.00289
scoring_system epss
scoring_elements 0.52317
published_at 2026-04-04T12:55:00Z
10
value 0.00289
scoring_system epss
scoring_elements 0.52289
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41114
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-41114.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-41114.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-41114.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-41114.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-015
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-015
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3941
reference_id CVE-2014-3941
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3941
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41114
reference_id CVE-2021-41114
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41114
9
reference_url https://github.com/advisories/GHSA-m2jh-fxw4-gphm
reference_id GHSA-m2jh-fxw4-gphm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2jh-fxw4-gphm
fixed_packages
0
url pkg:composer/typo3/cms@11.5.0
purl pkg:composer/typo3/cms@11.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-8sdd-b1bn-cuhx
4
vulnerability VCID-av8u-rvzq-4fc7
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-e32h-8q61-hbgc
7
vulnerability VCID-mnz3-rj21-67ad
8
vulnerability VCID-remd-55jh-r3g5
9
vulnerability VCID-s55j-8hbt-akhn
10
vulnerability VCID-t1n7-eswt-73gw
11
vulnerability VCID-tnxn-p13f-yuah
12
vulnerability VCID-ve7g-8st5-wffb
13
vulnerability VCID-vwb2-a84s-5qak
14
vulnerability VCID-vyvy-y3cw-hbgr
15
vulnerability VCID-w13x-3rp9-wyej
16
vulnerability VCID-yj9g-uz1a-jkf2
17
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.0
aliases CVE-2021-41114, GHSA-m2jh-fxw4-gphm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyeu-a3xr-fkh4
13
url VCID-ve7g-8st5-wffb
vulnerability_id VCID-ve7g-8st5-wffb
summary 
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
### Problem
Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded.

This vulnerability is very similar, but not identical, to the one described in [TYPO3-CORE-SA-2021-005](https://typo3.org/security/advisory/typo3-core-sa-2021-005) (CVE-2021-21359).

### Solution
Update to TYPO3 versions 9.5.38 ELTS, 10.4.33 or 11.5.20 that fix the problem described above.

### References
* [TYPO3-CORE-SA-2022-012](https://typo3.org/security/advisory/typo3-core-sa-2022-012)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23500
reference_id
reference_type
scores
0
value 0.00317
scoring_system epss
scoring_elements 0.54778
published_at 2026-04-02T12:55:00Z
1
value 0.00317
scoring_system epss
scoring_elements 0.54818
published_at 2026-04-09T12:55:00Z
2
value 0.00317
scoring_system epss
scoring_elements 0.54821
published_at 2026-04-08T12:55:00Z
3
value 0.00317
scoring_system epss
scoring_elements 0.5477
published_at 2026-04-07T12:55:00Z
4
value 0.00317
scoring_system epss
scoring_elements 0.54801
published_at 2026-04-04T12:55:00Z
5
value 0.00317
scoring_system epss
scoring_elements 0.54831
published_at 2026-04-18T12:55:00Z
6
value 0.00317
scoring_system epss
scoring_elements 0.54828
published_at 2026-04-16T12:55:00Z
7
value 0.00317
scoring_system epss
scoring_elements 0.54789
published_at 2026-04-13T12:55:00Z
8
value 0.00317
scoring_system epss
scoring_elements 0.54811
published_at 2026-04-12T12:55:00Z
9
value 0.00317
scoring_system epss
scoring_elements 0.54829
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23500
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23500.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23500.yaml
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://github.com/TYPO3/typo3/commit/1e5f44417f031c9c5a9f9d09a6a841cf89aa7b7a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/1e5f44417f031c9c5a9f9d09a6a841cf89aa7b7a
4
reference_url https://github.com/TYPO3/typo3/commit/73b46b6a627093112cfca4b895a198ca5e1970b7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/73b46b6a627093112cfca4b895a198ca5e1970b7
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:53:56Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23500
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23500
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-012
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-012
8
reference_url https://github.com/advisories/GHSA-8c28-5mp7-v24h
reference_id GHSA-8c28-5mp7-v24h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c28-5mp7-v24h
fixed_packages
0
url pkg:composer/typo3/cms@11.5.20
purl pkg:composer/typo3/cms@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.20
aliases CVE-2022-23500, GHSA-8c28-5mp7-v24h, GMS-2022-8130
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ve7g-8st5-wffb
14
url VCID-vwb2-a84s-5qak
vulnerability_id VCID-vwb2-a84s-5qak
summary 
TYPO3 CMS missing check for expiration time of password reset token for backend users
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)

### Problem
It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded.

### Solution
Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Ingo Fabbri who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-008](https://typo3.org/security/advisory/typo3-core-sa-2022-008)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36106
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41857
published_at 2026-04-02T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41863
published_at 2026-04-12T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41898
published_at 2026-04-11T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.41874
published_at 2026-04-18T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.41864
published_at 2026-04-08T12:55:00Z
5
value 0.00198
scoring_system epss
scoring_elements 0.41814
published_at 2026-04-07T12:55:00Z
6
value 0.00198
scoring_system epss
scoring_elements 0.41886
published_at 2026-04-04T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.419
published_at 2026-04-16T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.4185
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36106
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36106.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36106.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36106.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36106.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/00b52a443b21baaaab35f8606dbb0ce427261bb5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/00b52a443b21baaaab35f8606dbb0ce427261bb5
5
reference_url https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:44Z/
url https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:44Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36106
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36106
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:44Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-008
9
reference_url https://github.com/advisories/GHSA-5959-4x58-r8c2
reference_id GHSA-5959-4x58-r8c2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5959-4x58-r8c2
fixed_packages
0
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sdd-b1bn-cuhx
1
vulnerability VCID-t1n7-eswt-73gw
2
vulnerability VCID-ve7g-8st5-wffb
3
vulnerability VCID-vyvy-y3cw-hbgr
4
vulnerability VCID-w13x-3rp9-wyej
5
vulnerability VCID-yj9g-uz1a-jkf2
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36106, GHSA-5959-4x58-r8c2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwb2-a84s-5qak
15
url VCID-vyvy-y3cw-hbgr
vulnerability_id VCID-vyvy-y3cw-hbgr
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) is vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php is vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24814
reference_id
reference_type
scores
0
value 0.00867
scoring_system epss
scoring_elements 0.75119
published_at 2026-04-07T12:55:00Z
1
value 0.00867
scoring_system epss
scoring_elements 0.75197
published_at 2026-04-18T12:55:00Z
2
value 0.00867
scoring_system epss
scoring_elements 0.7519
published_at 2026-04-16T12:55:00Z
3
value 0.00867
scoring_system epss
scoring_elements 0.75187
published_at 2026-04-11T12:55:00Z
4
value 0.00867
scoring_system epss
scoring_elements 0.75165
published_at 2026-04-12T12:55:00Z
5
value 0.00867
scoring_system epss
scoring_elements 0.75153
published_at 2026-04-13T12:55:00Z
6
value 0.01074
scoring_system epss
scoring_elements 0.77713
published_at 2026-04-02T12:55:00Z
7
value 0.01074
scoring_system epss
scoring_elements 0.7774
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24814
1
reference_url https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484
4
reference_url https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549
5
reference_url https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2023-001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://typo3.org/security/advisory/typo3-core-sa-2023-001
7
reference_url https://typo3.org/security/advisory/typo3-psa-2023-001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://typo3.org/security/advisory/typo3-psa-2023-001
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24814
reference_id CVE-2023-24814
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24814
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2023-24814.yaml
reference_id CVE-2023-24814.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2023-24814.yaml
10
reference_url https://github.com/advisories/GHSA-r4f8-f93x-5qh3
reference_id GHSA-r4f8-f93x-5qh3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r4f8-f93x-5qh3
11
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3
reference_id GHSA-r4f8-f93x-5qh3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3
fixed_packages
0
url pkg:composer/typo3/cms@11.5.23
purl pkg:composer/typo3/cms@11.5.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.23
1
url pkg:composer/typo3/cms@12.2.0
purl pkg:composer/typo3/cms@12.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@12.2.0
aliases CVE-2023-24814, GHSA-r4f8-f93x-5qh3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyvy-y3cw-hbgr
16
url VCID-w13x-3rp9-wyej
vulnerability_id VCID-w13x-3rp9-wyej
summary 
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
> ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3)

### Problem
Due to the lack of handling user-submitted [YAML placeholder expressions](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Configuration/Yaml/YamlApi.html#custom-placeholder-processing) in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors.

A valid backend user account having administrator privileges is needed to exploit this vulnerability.

### Solution
Update to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

### Credits
Thanks to TYPO3 core & security team member Oliver Hader who reported and fixed the issue.

### References
* [TYPO3-CORE-SA-2022-016](https://typo3.org/security/advisory/typo3-core-sa-2022-016)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23504
reference_id
reference_type
scores
0
value 0.00313
scoring_system epss
scoring_elements 0.54501
published_at 2026-04-08T12:55:00Z
1
value 0.00313
scoring_system epss
scoring_elements 0.5451
published_at 2026-04-18T12:55:00Z
2
value 0.00313
scoring_system epss
scoring_elements 0.54507
published_at 2026-04-16T12:55:00Z
3
value 0.00313
scoring_system epss
scoring_elements 0.54468
published_at 2026-04-13T12:55:00Z
4
value 0.00313
scoring_system epss
scoring_elements 0.54489
published_at 2026-04-12T12:55:00Z
5
value 0.00313
scoring_system epss
scoring_elements 0.54506
published_at 2026-04-11T12:55:00Z
6
value 0.00313
scoring_system epss
scoring_elements 0.54495
published_at 2026-04-09T12:55:00Z
7
value 0.00313
scoring_system epss
scoring_elements 0.54457
published_at 2026-04-02T12:55:00Z
8
value 0.00313
scoring_system epss
scoring_elements 0.5448
published_at 2026-04-04T12:55:00Z
9
value 0.00313
scoring_system epss
scoring_elements 0.54448
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23504
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T19:21:01Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23504
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23504
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-016
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-016
8
reference_url https://github.com/advisories/GHSA-8w3p-qh3x-6gjr
reference_id GHSA-8w3p-qh3x-6gjr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w3p-qh3x-6gjr
fixed_packages
0
url pkg:composer/typo3/cms@11.5.20
purl pkg:composer/typo3/cms@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.20
1
url pkg:composer/typo3/cms@12.1.1
purl pkg:composer/typo3/cms@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@12.1.1
aliases CVE-2022-23504, GHSA-8w3p-qh3x-6gjr, GMS-2022-8131
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w13x-3rp9-wyej
17
url VCID-yj9g-uz1a-jkf2
vulnerability_id VCID-yj9g-uz1a-jkf2
summary 
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
### Problem
Due to a parsing issue in the upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3/html-sanitizer).

Besides that, the upstream package `masterminds/html5` provides HTML raw text elements (`script`, `style`, `noframes`, `noembed` and `iframe`) as DOMText nodes, which were not processed and sanitized further. None of the mentioned elements were defined in the default builder configuration, that's why only custom behaviors, using one of those tag names, were vulnerable to cross-site scripting.

### Solution
Update to `typo3/html-sanitizer` versions 1.5.0 or 2.1.1 that fix the problem described.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23499
reference_id
reference_type
scores
0
value 0.00234
scoring_system epss
scoring_elements 0.46301
published_at 2026-04-02T12:55:00Z
1
value 0.00234
scoring_system epss
scoring_elements 0.46345
published_at 2026-04-11T12:55:00Z
2
value 0.00234
scoring_system epss
scoring_elements 0.46322
published_at 2026-04-09T12:55:00Z
3
value 0.00234
scoring_system epss
scoring_elements 0.46266
published_at 2026-04-07T12:55:00Z
4
value 0.00234
scoring_system epss
scoring_elements 0.46321
published_at 2026-04-04T12:55:00Z
5
value 0.00234
scoring_system epss
scoring_elements 0.4638
published_at 2026-04-18T12:55:00Z
6
value 0.00234
scoring_system epss
scoring_elements 0.46383
published_at 2026-04-16T12:55:00Z
7
value 0.00234
scoring_system epss
scoring_elements 0.46326
published_at 2026-04-13T12:55:00Z
8
value 0.00234
scoring_system epss
scoring_elements 0.46317
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23499
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23499.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23499.yaml
2
reference_url https://github.com/TYPO3/html-sanitizer
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer
3
reference_url https://github.com/TYPO3/html-sanitizer/pull/105
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/pull/105
4
reference_url https://github.com/TYPO3/html-sanitizer/pull/106
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/pull/106
5
reference_url https://github.com/TYPO3/html-sanitizer/releases/tag/v1.5.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/releases/tag/v1.5.0
6
reference_url https://github.com/TYPO3/html-sanitizer/releases/tag/v2.1.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/releases/tag/v2.1.1
7
reference_url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-hvwx-qh2h-xcfj
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-hvwx-qh2h-xcfj
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23499
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23499
9
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-017
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-017
10
reference_url https://github.com/advisories/GHSA-hvwx-qh2h-xcfj
reference_id GHSA-hvwx-qh2h-xcfj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hvwx-qh2h-xcfj
fixed_packages
0
url pkg:composer/typo3/cms@11.5.20
purl pkg:composer/typo3/cms@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.20
1
url pkg:composer/typo3/cms@12.1.1
purl pkg:composer/typo3/cms@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@12.1.1
aliases CVE-2022-23499, GHSA-hvwx-qh2h-xcfj, GMS-2022-8136
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yj9g-uz1a-jkf2
18
url VCID-zdq2-dhb2-6kaq
vulnerability_id VCID-zdq2-dhb2-6kaq
summary 
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
### Problem
Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary.

### Solution
Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

### References
* [TYPO3-CORE-SA-2022-013](https://typo3.org/security/advisory/typo3-core-sa-2022-013)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
reference_id
reference_type
scores
0
value 0.00229
scoring_system epss
scoring_elements 0.45749
published_at 2026-04-08T12:55:00Z
1
value 0.00229
scoring_system epss
scoring_elements 0.4579
published_at 2026-04-18T12:55:00Z
2
value 0.00229
scoring_system epss
scoring_elements 0.45795
published_at 2026-04-16T12:55:00Z
3
value 0.00229
scoring_system epss
scoring_elements 0.45746
published_at 2026-04-13T12:55:00Z
4
value 0.00229
scoring_system epss
scoring_elements 0.45738
published_at 2026-04-12T12:55:00Z
5
value 0.00229
scoring_system epss
scoring_elements 0.45768
published_at 2026-04-11T12:55:00Z
6
value 0.00229
scoring_system epss
scoring_elements 0.45745
published_at 2026-04-09T12:55:00Z
7
value 0.00229
scoring_system epss
scoring_elements 0.45724
published_at 2026-04-02T12:55:00Z
8
value 0.00229
scoring_system epss
scoring_elements 0.45744
published_at 2026-04-04T12:55:00Z
9
value 0.00229
scoring_system epss
scoring_elements 0.45693
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T18:48:00Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-013
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-013
8
reference_url https://github.com/advisories/GHSA-jfp7-79g7-89rf
reference_id GHSA-jfp7-79g7-89rf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfp7-79g7-89rf
fixed_packages
0
url pkg:composer/typo3/cms@11.5.20
purl pkg:composer/typo3/cms@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.20
1
url pkg:composer/typo3/cms@12.1.1
purl pkg:composer/typo3/cms@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyvy-y3cw-hbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@12.1.1
aliases CVE-2022-23501, GHSA-jfp7-79g7-89rf, GMS-2022-8134
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zdq2-dhb2-6kaq
Fixing_vulnerabilities
0
url VCID-y32z-2d3f-gkgw
vulnerability_id VCID-y32z-2d3f-gkgw
summary 
Cross-site Scripting
TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.51812
published_at 2026-04-08T12:55:00Z
1
value 0.00284
scoring_system epss
scoring_elements 0.51874
published_at 2026-04-18T12:55:00Z
2
value 0.00284
scoring_system epss
scoring_elements 0.51867
published_at 2026-04-16T12:55:00Z
3
value 0.00284
scoring_system epss
scoring_elements 0.51825
published_at 2026-04-13T12:55:00Z
4
value 0.00284
scoring_system epss
scoring_elements 0.5184
published_at 2026-04-12T12:55:00Z
5
value 0.00284
scoring_system epss
scoring_elements 0.5186
published_at 2026-04-11T12:55:00Z
6
value 0.00284
scoring_system epss
scoring_elements 0.51771
published_at 2026-04-02T12:55:00Z
7
value 0.00284
scoring_system epss
scoring_elements 0.51797
published_at 2026-04-04T12:55:00Z
8
value 0.00284
scoring_system epss
scoring_elements 0.51757
published_at 2026-04-07T12:55:00Z
9
value 0.00284
scoring_system epss
scoring_elements 0.51722
published_at 2026-04-01T12:55:00Z
10
value 0.00284
scoring_system epss
scoring_elements 0.51809
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
reference_id CVE-2021-32768
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
7
reference_url https://github.com/advisories/GHSA-c5c9-8c6m-727v
reference_id GHSA-c5c9-8c6m-727v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5c9-8c6m-727v
fixed_packages
0
url pkg:composer/typo3/cms@7.6.53
purl pkg:composer/typo3/cms@7.6.53
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.53
1
url pkg:composer/typo3/cms@8.7.42
purl pkg:composer/typo3/cms@8.7.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.42
2
url pkg:composer/typo3/cms@9.5.29
purl pkg:composer/typo3/cms@9.5.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5paq-5frf-43ed
1
vulnerability VCID-bajy-qbwq-fufn
2
vulnerability VCID-mnz3-rj21-67ad
3
vulnerability VCID-t1n7-eswt-73gw
4
vulnerability VCID-ve7g-8st5-wffb
5
vulnerability VCID-vyvy-y3cw-hbgr
6
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.29
3
url pkg:composer/typo3/cms@10.4.19
purl pkg:composer/typo3/cms@10.4.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-8sdd-b1bn-cuhx
4
vulnerability VCID-av8u-rvzq-4fc7
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-e32h-8q61-hbgc
7
vulnerability VCID-mnz3-rj21-67ad
8
vulnerability VCID-remd-55jh-r3g5
9
vulnerability VCID-s55j-8hbt-akhn
10
vulnerability VCID-t1n7-eswt-73gw
11
vulnerability VCID-ve7g-8st5-wffb
12
vulnerability VCID-vwb2-a84s-5qak
13
vulnerability VCID-vyvy-y3cw-hbgr
14
vulnerability VCID-w13x-3rp9-wyej
15
vulnerability VCID-yj9g-uz1a-jkf2
16
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.19
4
url pkg:composer/typo3/cms@11.3.2
purl pkg:composer/typo3/cms@11.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-4jpa-6fqh-hbfg
2
vulnerability VCID-5paq-5frf-43ed
3
vulnerability VCID-8sdd-b1bn-cuhx
4
vulnerability VCID-av8u-rvzq-4fc7
5
vulnerability VCID-bajy-qbwq-fufn
6
vulnerability VCID-e32h-8q61-hbgc
7
vulnerability VCID-jjbn-6efk-nud2
8
vulnerability VCID-mnz3-rj21-67ad
9
vulnerability VCID-remd-55jh-r3g5
10
vulnerability VCID-s55j-8hbt-akhn
11
vulnerability VCID-t1n7-eswt-73gw
12
vulnerability VCID-uyeu-a3xr-fkh4
13
vulnerability VCID-ve7g-8st5-wffb
14
vulnerability VCID-vwb2-a84s-5qak
15
vulnerability VCID-vyvy-y3cw-hbgr
16
vulnerability VCID-w13x-3rp9-wyej
17
vulnerability VCID-yj9g-uz1a-jkf2
18
vulnerability VCID-zdq2-dhb2-6kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.2
aliases CVE-2021-32768, GHSA-c5c9-8c6m-727v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y32z-2d3f-gkgw
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.2